Other Parts Discussed in Thread: CC3220SF
Has anyone managed to connect CC3220 to Azure using X509 self-signed certificates for device authentication method?
I have tried to use both MQTT and HTTP, with both X509 self signed and symmetric key, using tirtos. I could not find a ready to use Azure example using freertos.
SDK versions:
TI Azure version: azure_cc3220_1_00_00_10
Which includes Azure IoT Hub SDK version: 1.1.18
TI SDK version: simplelink_cc32xx_sdk_1_50_00_06
Successful log when using a symmetric Azure connection string:
Protocol used: MQTT
IoTHubClient_LL_SetMessageCallback...successful.
IoTHubClient_LL_SendEventAsync accepted message [0] for transmission to IoT Hub.
IoTHubClient_LL_SendEventAsync accepted message [1] for transmission to IoT Hub.
Connection status raw: (0,6)
Connection status: result:IOTHUB_CLIENT_CONNECTION_AUTHENTICATED reason:IOTHUB_CLIENT_CONNECTION_OK
Confirmation[0] received for message tracking id = 0 with result = IOTHUB_CLIENT_CONFIRMATION_OK
Confirmation[1] received for message tracking id = 1 with result = IOTHUB_CLIENT_CONFIRMATION_OK
Protocol used: HTTP
IoTHubClient_LL_SetMessageCallback...successful.
IoTHubClient_LL_SendEventAsync accepted message [0] for transmission to IoT Hub.
Confirmation[0] received for message tracking id = 0 with result = IOTHUB_CLIENT_CONFIRMATION_OK
IoTHubClient_LL_SendEventAsync accepted message [1] for transmission to IoT Hub.
Confirmation[1] received for message tracking id = 1 with result = IOTHUB_CLIENT_CONFIRMATION_OK
When using X509 self signed:
Protocol used: MQTT
x509 certificates set
IoTHubClient_LL_SetMessageCallback...successful.
IoTHubClient_LL_SendEventAsync accepted message [0] for transmission to IoT Hub.
IoTHubClient_LL_SendEventAsync accepted message [1] for transmission to IoT Hub.
Connection status raw: (1,1)
Connection status: result:IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED reason:IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
When I debug through the internal code while handling MQTT_CLIENT_ON_CONNACK state, it is related to CONN_REFUSED_NOT_AUTHORIZED:
azure_cc3220_1_00_00_10/source/third_party/azure-iot-sdk-c/iothub_client/src/iothubtransport_mqtt_common.c +1423
else if (connack->returnCode == CONN_REFUSED_NOT_AUTHORIZED)
{
IoTHubClient_LL_ConnectionStatusCallBack(transport_data->llClientHandle, IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED);
}
When using HTTP protocol I get no message response.
Protocol used: HTTP
x509 certificates set
IoTHubClient_LL_SetMessageCallback...successful.
IoTHubClient_LL_SendEventAsync accepted message [0] for transmission to IoT Hub.
IoTHubClient_LL_SendEventAsync accepted message [1] for transmission to IoT Hub.
<stall>
From source/ti/net/tls.h, it seems that the X509 certificate may be required to be saved into a file:
* @file ti/net/tls.h
*
* @addtogroup ti_net_TLS TLS
*
* @brief TLS Abstraction Layer
*
* This module provides a simple portable interface to create and delete TLS
* contexts for various TLS layers like SimpleLink WiFi TLS and WolfSSL. These
* contexts can be shared with supported networking protocols like HTTP, MQTT
* and other protocols which require TLS and are connecting to the same host
* server.
*
* The certificates can be provided either as a buffer input or as a string
* containing the certificate paths on the file system.
*
* The file system based approach is supported only for TI-RTOS/SimpleLink WiFi
* and Linux/Sitara devices. The certificates can be set by providing the
* certificate file path using @ref TLS_setCertFile().
*
* The buffer based approach is supported only for TI-RTOS/NDK and
* Linux/Sitara devices. The certificates can be set by providing the
* certificate buffers using @ref TLS_setCertBuf().
*
* Additionally, for TI-RTOS/SimpleLink WiFi and Linux/Sitara devices
* certificate buffers can be written to file system using
* @ref TLS_writeDerFile() and set using @ref TLS_setCertFile().
Any successful experience with CC3220 + Azure iothub + X509 device authentication / hints / tips are welcomed
I have managed to use this certificates by preparing a pfx file to be used at a C# simulated device:
openssl pkcs12 -in cert.pem -inkey key.pem -password pass:123 -export -out cert2.pfx
C# API:
private const TransportType TRANSPORT_PROTOCOL = TransportType.Mqtt_Tcp_Only;
cert = new X509Certificate2(@"...\\cert2.pfx", "123")
var auth = new DeviceAuthenticationWithX509Certificate(deviceId, cert);
var deviceClient = DeviceClient.Create(IOTHUB_NAME + ".azure-devices.net", auth,
TRANSPORT_PROTOCOL);
C# console application log:
Protocol used:Mqtt_Tcp_Only
X509 mode used:SELF_SIGNED
Successfully created DeviceClient!
Device sending 5 messages to IoTHub...
11/16/2017 11:22:22 AM> Sending message: 0, Data: [{"deviceId":"***","messageId":0,"temperature":30,"humidity":79}]
11/16/2017 11:22:24 AM> Sending message: 1, Data: [{"deviceId":"***","messageId":1,"temperature":22,"humidity":67}]
11/16/2017 11:22:24 AM> Sending message: 2, Data: [{"deviceId":"***","messageId":2,"temperature":28,"humidity":61}]
11/16/2017 11:22:24 AM> Sending message: 3, Data: [{"deviceId":"***","messageId":3,"temperature":33,"humidity":75}]
11/16/2017 11:22:24 AM> Sending message: 4, Data: [{"deviceId":"***","messageId":4,"temperature":27,"humidity":78}]
Exiting...
Press <enter> to exit
Verified at Azure's iothub telemetry.
If I managed to follow Azure's diagnostics correctly, this log may relate to my attempts:
SourceSystem: Azure
Type: AzureDiagnostics
ResourceId: ***
OperationName: deviceDisconnect
Category: Connections
Level: Error
ResultType: 401003
ResultDescription: IotHubUnauthorized
properties_s: {"deviceId":"***","protocol":"Mqtt","authType":null,"maskedIpAddress":"***","statusCode":"401"}
...
ResourceType: IOTHUBS
