Merge pull request #523 from pennam/remove-ca

pennam · web-flow · commit d282276b8f9b · 2025-02-26T13:06:38.000+01:00
Remove deprecated Arduino trust anchor
diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp
@@ -133,7 +133,7 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
     _otaClient.setEccSlot(static_cast<int>(SElementArduinoCloudSlot::Key), _cert.bytes(), _cert.length());
     #endif
   #endif
-    _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? mqttPort() : brokerPort;
+    _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? DEFAULT_BROKER_PORT_SECURE_AUTH : brokerPort;
 #endif
   }
   else
@@ -586,15 +586,6 @@ int ArduinoIoTCloudTCP::write(String const topic, byte const data[], int const l
 }
 
 #if defined(BOARD_HAS_SECURE_ELEMENT)
-int ArduinoIoTCloudTCP::mqttPort()
-{
-  if (memcmp(DEPRECATED_BROKER_AUTHORITY_KEY_IDENTIFIER, _cert.authorityKeyIdentifierBytes() , ECP256_CERT_AUTHORITY_KEY_ID_LENGTH) == 0) {
-    return DEPRECATED_BROKER_PORT_SECURE_AUTH;
-  } else {
-    return DEFAULT_BROKER_PORT_SECURE_AUTH;
-  }
-}
-
 int ArduinoIoTCloudTCP::updateCertificate(String authorityKeyIdentifier, String serialNumber, String notBefore, String notAfter, String signature)
 {
   if (!_selement.begin())
diff --git a/src/ArduinoIoTCloudTCP.h b/src/ArduinoIoTCloudTCP.h
@@ -49,10 +49,6 @@
  ******************************************************************************/
 static constexpr char DEFAULT_BROKER_ADDRESS[] = "iot.arduino.cc";
 static constexpr uint16_t DEFAULT_BROKER_PORT_SECURE_AUTH = 8885;
-static constexpr uint16_t DEPRECATED_BROKER_PORT_SECURE_AUTH = 8883;
-static constexpr uint8_t DEPRECATED_BROKER_AUTHORITY_KEY_IDENTIFIER[] = {
-                  0x5b, 0x3e, 0x2a, 0x6b, 0x8e, 0xc9, 0xb0, 0x1a, 0xa8, 0x54,
-                  0xe6, 0x36, 0x9b, 0x8c, 0x09, 0xf9, 0xfc, 0xe1, 0xb9, 0x80 };
 static constexpr uint16_t DEFAULT_BROKER_PORT_USER_PASS_AUTH = 8884;
 static constexpr uint16_t DEFAULT_BROKER_PORT_AUTO = 0;
 
@@ -189,10 +185,6 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     void detachThing();
     int write(String const topic, byte const data[], int const length);
 
-#if defined(BOARD_HAS_SECURE_ELEMENT)
-    int mqttPort();
-#endif
-
 };
 
 /******************************************************************************
diff --git a/src/tls/AIoTCSSCert.h b/src/tls/AIoTCSSCert.h
@@ -30,19 +30,6 @@
  * CONSTANTS
  ******************************************************************************/
 static const char AIoTSSCert[] =
-/* https://iot.arduino.cc:8883 */
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBzzCCAXSgAwIBAgIUHxAd66fhJecnwaOR4+wNF03tSlkwCgYIKoZIzj0EAwIw\n"
-"RTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkFyZHVpbm8gTExDIFVTMQswCQYDVQQL\n"
-"EwJJVDEQMA4GA1UEAxMHQXJkdWlubzAeFw0xODA3MjQwOTQ3MDBaFw00ODA3MTYw\n"
-"OTQ3MDBaMEUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5BcmR1aW5vIExMQyBVUzEL\n"
-"MAkGA1UECxMCSVQxEDAOBgNVBAMTB0FyZHVpbm8wWTATBgcqhkjOPQIBBggqhkjO\n"
-"PQMBBwNCAARtd2xaz2EcfUSYUfJe4QJAd7ecvUmio4xOq16YrIL8aVtEIne0TS6O\n"
-"3ypxwTls1jkUvdlrGEtL7LPV7kKJiVUio0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\n"
-"VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWz4qa47JsBqoVOY2m4wJ+fzhuYAwCgYI\n"
-"KoZIzj0EAwIDSQAwRgIhAL/T3CNmaLUK3D8NDsNz4grH92CqEA3TIL/hApabawXY\n"
-"AiEA6tnZ2lrNElKXCajtZg/hjWRE/+giFzBP8riar8qOz2w=\n"
-"-----END CERTIFICATE-----\n"
 /* https://iot.arduino.cc:8885 */
 "-----BEGIN CERTIFICATE-----\n"
 "MIIB0DCCAXagAwIBAgIUb62eK/Vv1baaPAaY5DADBUbxB1owCgYIKoZIzj0EAwIw\n"
diff --git a/src/tls/AIoTCUPCert.h b/src/tls/AIoTCUPCert.h
@@ -135,19 +135,6 @@ static const char AIoTUPCert[] =
 "0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN\n"
 "sSi6\n"
 "-----END CERTIFICATE-----\n"
-/* iot.arduino.cc:8883 / iot.oniudra.cc:8883 */
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBzzCCAXSgAwIBAgIUHxAd66fhJecnwaOR4+wNF03tSlkwCgYIKoZIzj0EAwIw\n"
-"RTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkFyZHVpbm8gTExDIFVTMQswCQYDVQQL\n"
-"EwJJVDEQMA4GA1UEAxMHQXJkdWlubzAeFw0xODA3MjQwOTQ3MDBaFw00ODA3MTYw\n"
-"OTQ3MDBaMEUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5BcmR1aW5vIExMQyBVUzEL\n"
-"MAkGA1UECxMCSVQxEDAOBgNVBAMTB0FyZHVpbm8wWTATBgcqhkjOPQIBBggqhkjO\n"
-"PQMBBwNCAARtd2xaz2EcfUSYUfJe4QJAd7ecvUmio4xOq16YrIL8aVtEIne0TS6O\n"
-"3ypxwTls1jkUvdlrGEtL7LPV7kKJiVUio0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\n"
-"VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWz4qa47JsBqoVOY2m4wJ+fzhuYAwCgYI\n"
-"KoZIzj0EAwIDSQAwRgIhAL/T3CNmaLUK3D8NDsNz4grH92CqEA3TIL/hApabawXY\n"
-"AiEA6tnZ2lrNElKXCajtZg/hjWRE/+giFzBP8riar8qOz2w=\n"
-"-----END CERTIFICATE--------\n"
 /* iot.arduino.cc:8885 */
 "-----BEGIN CERTIFICATE-----\n"
 "MIIB0DCCAXagAwIBAgIUb62eK/Vv1baaPAaY5DADBUbxB1owCgYIKoZIzj0EAwIw\n"
diff --git a/src/tls/BearSSLTrustAnchors.h b/src/tls/BearSSLTrustAnchors.h
@@ -37,8 +37,7 @@
 //
 //   brssl ta *.cer
 
-//iot.arduino.cc:8883
-//iot.oniudra.cc:8883
+//iot.arduino.cc:8885
 static const unsigned char TA0_DN[] = {
   0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
   0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A,
@@ -49,25 +48,6 @@ static const unsigned char TA0_DN[] = {
 };
 
 static const unsigned char TA0_EC_Q[] = {
-  0x04, 0x6D, 0x77, 0x6C, 0x5A, 0xCF, 0x61, 0x1C, 0x7D, 0x44, 0x98, 0x51,
-  0xF2, 0x5E, 0xE1, 0x02, 0x40, 0x77, 0xB7, 0x9C, 0xBD, 0x49, 0xA2, 0xA3,
-  0x8C, 0x4E, 0xAB, 0x5E, 0x98, 0xAC, 0x82, 0xFC, 0x69, 0x5B, 0x44, 0x22,
-  0x77, 0xB4, 0x4D, 0x2E, 0x8E, 0xDF, 0x2A, 0x71, 0xC1, 0x39, 0x6C, 0xD6,
-  0x39, 0x14, 0xBD, 0xD9, 0x6B, 0x18, 0x4B, 0x4B, 0xEC, 0xB3, 0xD5, 0xEE,
-  0x42, 0x89, 0x89, 0x55, 0x22
-};
-
-//iot.arduino.cc:8885
-static const unsigned char TA1_DN[] = {
-  0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-  0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A,
-  0x13, 0x0E, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x20, 0x4C, 0x4C,
-  0x43, 0x20, 0x55, 0x53, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
-  0x0B, 0x13, 0x02, 0x49, 0x54, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
-  0x04, 0x03, 0x13, 0x07, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F
-};
-
-static const unsigned char TA1_EC_Q[] = {
   0x04, 0xA1, 0xE1, 0x53, 0x6C, 0x35, 0x52, 0x1A, 0x33, 0x0D, 0xE8, 0x2B,
   0xAC, 0x5B, 0x12, 0xC1, 0x8F, 0x50, 0x37, 0xB3, 0x3E, 0x64, 0x9B, 0xA0,
   0xEE, 0x27, 0x02, 0x35, 0xC7, 0x8D, 0x5A, 0x10, 0x45, 0xD0, 0xCA, 0xF5,
@@ -77,7 +57,7 @@ static const unsigned char TA1_EC_Q[] = {
 };
 
 //iot.oniudra.cc:8885
-static const unsigned char TA2_DN[] = {
+static const unsigned char TA1_DN[] = {
   0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
   0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A,
   0x13, 0x0E, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x20, 0x4C, 0x4C,
@@ -86,7 +66,7 @@ static const unsigned char TA2_DN[] = {
   0x04, 0x03, 0x13, 0x07, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F
 };
 
-static const unsigned char TA2_EC_Q[] = {
+static const unsigned char TA1_EC_Q[] = {
   0x04, 0x11, 0x70, 0x34, 0xE0, 0xC3, 0x3E, 0x00, 0xBD, 0x0B, 0x59, 0x03,
   0x98, 0xA0, 0x5B, 0x6B, 0x0B, 0x50, 0xDF, 0x51, 0x66, 0x4E, 0xE7, 0x40,
   0x5D, 0x5A, 0x46, 0x48, 0xE5, 0x30, 0x70, 0x35, 0xF9, 0xF3, 0x6C, 0xFC,
@@ -95,7 +75,7 @@ static const unsigned char TA2_EC_Q[] = {
   0xAE, 0xA6, 0x4C, 0x06, 0x48
 };
 
-static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[3] = {
+static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[2] = {
   {
     { (unsigned char *)TA0_DN, sizeof TA0_DN },
     BR_X509_TA_CA,
@@ -121,23 +101,10 @@ static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[3] = {
         }
       }
     }
-  },
-  {
-    { (unsigned char *)TA2_DN, sizeof TA2_DN },
-    BR_X509_TA_CA,
-    {
-      BR_KEYTYPE_EC,
-      {
-        .ec = {
-          BR_EC_secp256r1,
-          (unsigned char *)TA2_EC_Q, sizeof TA2_EC_Q,
-        }
-      }
-    }
   }
 };
 
-#define ArduinoIoTCloudTrustAnchor_NUM (3)
+#define ArduinoIoTCloudTrustAnchor_NUM (2)
 
 #endif /* #ifdef BOARD_HAS_ECCX08 */
 
