Xpki 1337 remove legacy hardcoding

include/certifier/xpki_client.h

@@ -28,9 +28,6 @@
 extern "C" {
 #endif
 
-#define CERTIFIER_STATIC_URL "https://certifier-p01.xpki.io/v1/certifier"
-#define DEFAULT_CERTIFIER_URL "https://certifier.xpki.io/v1/certifier"
-
 typedef enum
 {
     XPKI_CLIENT_SUCCESS = 0,

libcertifier.cfg.sample

@@ -1,5 +1,5 @@
 {
-  "libcertifier.certifier.url": "https://certifier.xpki.io/v1/certifier",
+  "libcertifier.certifier.url": "https://certifier-p01.xpki.io/v1/certifier",
   "libcertifier.profile.name": "XFN_Matter_OP_Class_3_ICA",
   "libcertifier.validity.days": 365,
   "libcertifier.auth.type": "X509",

src/certifier.c

@@ -951,6 +951,19 @@ Certifier * certifier_new(void)
     {
         /* This will reconfigure() automatically. */
         error_code = certifier_load_cfg_file(certifier);
+        if (error_code != 0)
+        {
+            goto exit;
+        }
+
+        /* certifier_url must be specified */
+        const char * url = certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
+        if (url == NULL || XSTRLEN(url) == 0)
+        {
+            log_error("certifier_url must be set in config (libcertifier.certifier.url)");
+            error_code = CERTIFIER_ERR_INIT_CERTIFIER;
+            goto exit;
+        }
     }
     else
     {

src/mbedtls.c

@@ -889,6 +889,12 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf * params, mbedtls_as
     return (0);
 }
 
+/*
+ * This function is a derivative of mbedtls_pkcs5_pbes2() from the 
+ * official Mbed TLS library. 
+ * Source: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/library/pkcs5.c
+ * License: Apache 2.0 (re-licensed by ARM from the original PolarSSL GPLv2)
+ */
 static int test_pkcs5_pbes2(const mbedtls_asn1_buf * pbe_params, int mode, const unsigned char * pwd, size_t pwdlen,
                             const unsigned char * data, size_t datalen, unsigned char * output)
 {
@@ -1699,38 +1705,15 @@ typedef struct IndefiniteItems
     int depth;
 } IndefiniteItems;
 
-/* ASN Tags   */
-enum ASN_Tags
-{
-    ASN_EOC              = 0x00,
-    ASN_BOOLEAN          = 0x01,
-    ASN_INTEGER          = 0x02,
-    ASN_BIT_STRING       = 0x03,
-    ASN_OCTET_STRING     = 0x04,
-    ASN_TAG_NULL         = 0x05,
-    ASN_OBJECT_ID        = 0x06,
-    ASN_ENUMERATED       = 0x0a,
-    ASN_UTF8STRING       = 0x0c,
-    ASN_SEQUENCE         = 0x10,
-    ASN_SET              = 0x11,
-    ASN_PRINTABLE_STRING = 0x13,
-    ASN_UTC_TIME         = 0x17,
-    ASN_OTHER_TYPE       = 0x00,
-    ASN_RFC822_TYPE      = 0x01,
-    ASN_DNS_TYPE         = 0x02,
-    ASN_DIR_TYPE         = 0x04,
-    ASN_URI_TYPE         = 0x06, /* the value 6 is from GeneralName OID */
-    ASN_GENERALIZED_TIME = 0x18,
-    CRL_EXTENSIONS       = 0xa0,
-    ASN_EXTENSIONS       = 0xa3,
-    ASN_LONG_LENGTH      = 0x80,
-    ASN_INDEF_LENGTH     = 0x80,
-
-    /* ASN_Flags - Bitmask */
-    ASN_CONSTRUCTED      = 0x20,
-    ASN_APPLICATION      = 0x40,
-    ASN_CONTEXT_SPECIFIC = 0x80,
-};
+/* ASN Tags   
+ * Derived from ITU-T X.690 and https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/include/mbedtls/asn1.h
+ * License: Apache 2.0 (re-licensed by ARM from the original PolarSSL GPLv2) 
+ */
+#define ASN_EOC 0x00
+#define ASN_SEQUENCE 0x10
+#define ASN_SET 0x11
+#define ASN_CONSTRUCTED 0x20
+#define ASN_LONG_LENGTH 0x80
 
 enum
 {

src/property.c

@@ -45,7 +45,6 @@
 #define DEFAULT_USER_CA_PATH "/usr/local/etc/certfier"
 #define DEFAULT_GLOBAL_CA_PATH "/etc/certifier"
 #define DEFAULT_CURDIR_CA_PATH "."
-#define DEFAULT_CERTIFIER_URL "https://certifier.xpki.io/v1/certifier"
 #define DEFAULT_PROFILE_NAME "XFN_Matter_OP_Class_3_ICA"
 #define DEFAULT_CERT_MIN_TIME_LEFT_S 90 * 24 * 60 * 60;
 #define DEFAULT_OPT_SOURCE "unset-libcertifier-c-native"
@@ -818,16 +817,6 @@ int property_set_defaults(CertifierPropMap * prop_map)
         }
     }
 
-    if (prop_map->certifier_url == NULL)
-    {
-        return_code = property_set(prop_map, CERTIFIER_OPT_CERTIFIER_URL, DEFAULT_CERTIFIER_URL);
-        if (return_code != 0)
-        {
-            log_error("Failed to set default property name: CERTIFIER_OPT_CERTIFIER_URL with error code: %i", return_code);
-            return return_code;
-        }
-    }
-
     if (prop_map->profile_name == NULL)
     {
         return_code = property_set(prop_map, CERTIFIER_OPT_PROFILE_NAME, DEFAULT_PROFILE_NAME);

src/xpki_client.c

@@ -403,20 +403,10 @@ XPKI_CLIENT_ERROR_CODE xc_get_cert(get_cert_param_t * params)
     } else {
         ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CRT, params->crt));
     } 
-    if (params->static_certifier == true)
-    {
-        ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, CERTIFIER_STATIC_URL));
-    }
-    else
-    {
-        /* Use DEFAULT_CERTIFIER_URL if the certifier.url is not present in the config file. */
-        const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
 
-        if ((NULL == certifier_url) || (0 == XSTRLEN(certifier_url)))
-        {
-            ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, DEFAULT_CERTIFIER_URL));
-        }
-    }
+    /* certifier.url must be present in the config file. */
+    const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
+    VerifyOrReturnError(certifier_url != NULL, XPKI_CLIENT_INVALID_ARGUMENT);
 
     if (certifier_get_property(certifier, CERTIFIER_OPT_OUTPUT_P12_PATH) != NULL)
     {
@@ -472,22 +462,12 @@ XPKI_CLIENT_ERROR_CODE xc_renew_cert(renew_cert_param_t * params)
     }
     ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_INPUT_P12_PATH, params->p12_path));
     ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_INPUT_P12_PASSWORD, params->p12_password));
-    if (params->static_certifier == true)
-    {
-        ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, CERTIFIER_STATIC_URL));
-    }
-    else
-    {
-        /**
-         * Use DEFAULT_CERTIFIER_URL if the certifier.url is not present in the config file.
-         */
-        const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
+    /**
+        * certifier.url must be present in the config file.
+        */
+    const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
+    VerifyOrReturnError(certifier_url != NULL, XPKI_CLIENT_INVALID_ARGUMENT);
 
-        if ((NULL == certifier_url) || (0 == XSTRLEN(certifier_url)))
-        {
-            ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, DEFAULT_CERTIFIER_URL));
-        }
-    }
     ReturnErrorOnFailure(xc_set_source_id(params->source_id));
     ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_AUTH_TYPE, xpki_auth_type_to_string(params->auth_type)));
 
@@ -624,20 +604,9 @@ XPKI_CLIENT_ERROR_CODE xc_get_cert_status(get_cert_status_param_t * params, XPKI
     ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_INPUT_P12_PASSWORD, params->p12_password));
     ReturnErrorOnFailure(xc_set_source_id(params->source_id));
 
-    if (params->static_certifier == true)
-    {
-        ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, CERTIFIER_STATIC_URL));
-    }
-    else
-    {
-        /* Use DEFAULT_CERTIFIER_URL if the certifier.url is not present in the config file. */
-        const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
-
-        if ((NULL == certifier_url) || (0 == XSTRLEN(certifier_url)))
-        {
-            ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_CERTIFIER_URL, DEFAULT_CERTIFIER_URL));
-        }
-    }
+    /* certifier.url must be present in the config file */
+    const char * certifier_url = (char *) certifier_get_property(certifier, CERTIFIER_OPT_CERTIFIER_URL);
+    VerifyOrReturnError(certifier_url != NULL, XPKI_CLIENT_INVALID_ARGUMENT);
 
     return _xc_get_cert_status(status);
 }