Merge branch 'feature/read_node_id_from_cert' into 'master'

feature: add a configurable option to read node id from device certificate.

See merge request app-frameworks/esp-rainmaker!377

components/esp_rainmaker/Kconfig.projbuild

@@ -76,6 +76,13 @@ menu "ESP RainMaker Config"
             ESP_RMAKER_MQTT_HOST, independent of this config option. However, if this is set, even if
             an MQTT host value is found in NVS, it will be overriden with ESP_RMAKER_MQTT_HOST.
 
+    config ESP_RMAKER_READ_NODE_ID_FROM_CERT_CN
+        bool "Read Node ID from Device Certificate"
+        default n
+        help
+            If enabled, the device will get its node id from the device certificate's CN field. If not enabled, 
+            it will read the node id either from nvs factory partition or mac address, depending on the configuration.
+
     config ESP_RMAKER_MQTT_HOST
         string "ESP RainMaker MQTT Host"
         depends on ESP_RMAKER_SELF_CLAIM || ESP_RMAKER_ASSISTED_CLAIM || ESP_RMAKER_READ_MQTT_HOST_FROM_CONFIG

components/esp_rainmaker/src/core/esp_rmaker_client_data.h

@@ -22,6 +22,7 @@
 #define ESP_RMAKER_CLIENT_RANDOM_NVS_KEY "random"
 
 char *esp_rmaker_get_client_cert();
+size_t esp_rmaker_get_client_cert_len();
 char *esp_rmaker_get_client_key();
 size_t esp_rmaker_get_client_key_len();
 char *esp_rmaker_get_client_csr();

components/esp_rainmaker/src/core/esp_rmaker_core.c

@@ -118,9 +118,50 @@ static void esp_rmaker_mqtt_event_handler(void* arg, esp_event_base_t event_base
     }
 }
 
+#ifdef CONFIG_ESP_RMAKER_READ_NODE_ID_FROM_CERT_CN
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/oid.h"
+
+static char* esp_rmaker_populate_node_id_from_cert()
+{ 
+    void *addr = NULL;
+    size_t len = 0;
+    addr = esp_rmaker_get_client_cert();
+    if (addr) {
+        len = esp_rmaker_get_client_cert_len();
+    } else { 
+        ESP_LOGE(TAG, "Failed to get device certificate."); 
+        return NULL; 
+    }
+    mbedtls_x509_crt crt;
+    mbedtls_x509_crt_init(&crt);
+    char *node_id = NULL;
+    int ret = mbedtls_x509_crt_parse(&crt, addr, len); 
+    if (ret != 0) {
+        ESP_LOGE(TAG, "Parsing of device certificate failed, returned %02X", ret); 
+    } else {
+        mbedtls_asn1_named_data *cn_data;
+        cn_data = mbedtls_asn1_find_named_data(&crt.subject, MBEDTLS_OID_AT_CN, 
+                                                MBEDTLS_OID_SIZE(MBEDTLS_OID_AT_CN));
+        if (cn_data) {
+            node_id = MEM_CALLOC_EXTRAM(1, cn_data->val.len + 1);
+            memcpy(node_id, (const char *)cn_data->val.p, cn_data->val.len);
+        }
+    }
+    mbedtls_x509_crt_free(&crt); 
+    return node_id; 
+}
+#endif
+
 static char *esp_rmaker_populate_node_id(bool use_claiming)
 {
+#ifdef CONFIG_ESP_RMAKER_READ_NODE_ID_FROM_CERT_CN
+    char *node_id = esp_rmaker_populate_node_id_from_cert();
+#else /* !CONFIG_ESP_RMAKER_READ_NODE_ID_FROM_CERT_CN */
     char *node_id = esp_rmaker_factory_get("node_id");
+#endif /* CONFIG_ESP_RMAKER_READ_NODE_ID_FROM_CERT_CN */
+
 #ifdef ESP_RMAKER_CLAIM_ENABLED
     if (!node_id && use_claiming) {
         uint8_t eth_mac[6];