net: lib: nrf_provisioning: Remove duplicate Kconfigs

Remove duplicate Kconfigs from HTTP and CoAP configuration
Add overlay to authenticate with JWT

Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>

samples/cellular/nrf_provisioning/overlay-coap.conf

@@ -2,7 +2,6 @@
 CONFIG_NRF_PROVISIONING_HTTP=n
 CONFIG_NRF_PROVISIONING_COAP=y
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=42
-CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y
 
 # CoAP client
 CONFIG_COAP=y

samples/cellular/nrf_provisioning/overlay-jwt.conf

@@ -0,0 +1,5 @@
+# Client authentication with JWT token
+CONFIG_NRF_PROVISIONING_JWT=y
+CONFIG_MODEM_JWT=y
+
+CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n

samples/cellular/nrf_provisioning/prj.conf

@@ -15,15 +15,11 @@ CONFIG_SETTINGS_SHELL=y
 CONFIG_NRF_PROVISIONING_SHELL=y
 CONFIG_SHELL=y
 
-CONFIG_NRF_PROVISIONING_AT=y
-
 # Client authentication with JWT token
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 CONFIG_MODEM_JWT=n
 
 # Client authentication with attestation token
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 CONFIG_MODEM_ATTEST_TOKEN=y
 

subsys/net/lib/nrf_provisioning/Kconfig

@@ -38,6 +38,9 @@ config NRF_PROVISIONING_WITH_CERT
  help
  Includes the root certificate used by the server side and provisions it if needed.
 
+config NRF_PROVISIONING_ROOT_CA_SEC_TAG
+ int "Root CA for nRF Cloud Identity Service - security tag"
+
 config NRF_PROVISIONING_SAVE_CMD_ID
  bool "Save the latest command id to storage"
  help
@@ -53,6 +56,39 @@ config NRF_PROVISIONING_SETTINGS_STORAGE_PATH
  string "Settings storage path for provisioning"
  default "provisioning"
 
+config NRF_PROVISIONING_RX_BUF_SZ
+ int "RX buffer size"
+ default 1024
+
+config NRF_PROVISIONING_TX_BUF_SZ
+ int "TX buffer size"
+ default 2048
+
+choice
+ prompt "Authentication token"
+
+config NRF_PROVISIONING_JWT
+ depends on MODEM_JWT
+ bool "Authenticate with JWT"
+
+config NRF_PROVISIONING_ATTESTTOKEN
+ bool "Authenticate with Attestation token"
+
+endchoice
+
+if NRF_PROVISIONING_JWT
+
+config NRF_PROVISIONING_JWT_SEC_TAG
+ int "Provision Service's security tag, private Device Identity key used by default"
+ default 0
+
+config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S
+ int "Maximum JWT valid lifetime (seconds)"
+ range 0 604800
+ default 300
+
+endif
+
 rsource "Kconfig.nrf_provisioning_http"
 
 rsource "Kconfig.nrf_provisioning_at"

subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap

@@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_COAP
 
 if NRF_PROVISIONING_COAP
 
-config NRF_PROVISIONING_ROOT_CA_SEC_TAG
- int "Root CA for Nordic identity server - security tag"
-
 config NRF_PROVISIONING_COAP_HOSTNAME
  string "nRF Provisioning COAP API hostname"
  default "coap.nrfcloud.com"
@@ -23,41 +20,10 @@ config NRF_PROVISIONING_COAP_PORT
  string "Provision Service's port"
  default "5684"
 
-config NRF_PROVISIONING_COAP_TIMEOUT_MS
- int "Provision Service's timeout for COAP connection"
- default 30000
-
-config NRF_PROVISIONING_COAP_RX_BUF_SZ
- int "RX buffer size"
- default 1024
-
-config NRF_PROVISIONING_COAP_TX_BUF_SZ
- int "Request body size"
- default 2048
-
-config NRF_PROVISIONING_COAP_TLS_SESSION_CACHE
- bool "TLS session cache usage"
+config NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE
+ bool "DTLS session cache usage"
  default y
 
 rsource "Kconfig.nrf_provisioning_codec"
 
-choice
- prompt "Authentication token"
-
-config NRF_PROVISIONING_COAP_JWT
- bool "Authenticate with JWT"
-
-config NRF_PROVISIONING_COAP_ATTESTTOKEN
- bool "Authenticate with Attestation token"
-
-endchoice
-
-if NRF_PROVISIONING_COAP_JWT
-rsource "Kconfig.nrf_provisioning_jwt"
-endif
-
-if NRF_PROVISIONING_COAP_ATTESTTOKEN
-rsource "Kconfig.nrf_provisioning_attesttoken"
-endif
-
 endif

subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http

@@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_HTTP
 
 if NRF_PROVISIONING_HTTP
 
-config NRF_PROVISIONING_ROOT_CA_SEC_TAG
- int "Root CA for Nordic identity server - security tag"
-
 config NRF_PROVISIONING_HTTP_HOSTNAME
  string "nRF Provisioning HTTP API hostname"
  default "provisioning-http.nrfcloud.com"
@@ -27,33 +24,6 @@ config NRF_PROVISIONING_HTTP_TIMEOUT_MS
  int "Provision Service's timeout for HTTP connection"
  default 30000
 
-config NRF_PROVISIONING_HTTP_RX_BUF_SZ
- int "RX buffer size"
- default 1536
-
-config NRF_PROVISIONING_HTTP_TX_BUF_SZ
- int "Request body size"
- default 2048
-
 rsource "Kconfig.nrf_provisioning_codec"
 
-choice
- prompt "Authentication token"
-
-config NRF_PROVISIONING_HTTP_JWT
- bool "Authenticate with JWT"
-
-config NRF_PROVISIONING_HTTP_ATTESTTOKEN
- bool "Authenticate with Attestation token"
-
-endchoice
-
-if NRF_PROVISIONING_HTTP_JWT
-rsource "Kconfig.nrf_provisioning_jwt"
-endif
-
-if NRF_PROVISIONING_HTTP_ATTESTTOKEN
-rsource "Kconfig.nrf_provisioning_attesttoken"
-endif
-
 endif

subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c

@@ -112,7 +112,7 @@ static int dtls_setup(int fd)
  return err;
  }
 
- if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_TLS_SESSION_CACHE)) {
+ if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE)) {
  session_cache = TLS_SESSION_CACHE_ENABLED;
  } else {
  session_cache = TLS_SESSION_CACHE_DISABLED;
@@ -468,8 +468,8 @@ static int request_commands(struct coap_client *client,
 {
  int ret;
  char after[NRF_PROVISIONING_CORRELATION_ID_SIZE];
- char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ);
- char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ);
+ char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ);
+ char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
  char cmd[sizeof(CMDS_API_TEMPLATE) + NRF_PROVISIONING_CORRELATION_ID_SIZE +
  strlen(rx_buf_sz) + strlen(tx_buf_sz)];
 
@@ -532,10 +532,10 @@ int nrf_provisioning_coap_req(struct nrf_provisioning_coap_context *const coap_c
 
  /* Only one provisioning ongoing at a time*/
  static union {
- char coap[CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ];
+ char coap[CONFIG_NRF_PROVISIONING_TX_BUF_SZ];
  char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
  } tx_buf;
- static char rx_buf[CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ];
+ static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 
  int ret;
  char *auth_token = NULL;

subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c

@@ -312,8 +312,8 @@ static int gen_provisioning_url(struct rest_client_req_context *const req)
 {
  char *url;
  size_t buff_sz;
- char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ);
- char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ);
+ char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ);
+ char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
  char mver[128];
  char *cver = STRINGIFY(1);
  int ret;
@@ -454,10 +454,10 @@ int nrf_provisioning_http_req(struct nrf_provisioning_http_context *const rest_c
 
  /* Only one provisioning ongoing at a time*/
  static union {
- char http[CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ];
+ char http[CONFIG_NRF_PROVISIONING_TX_BUF_SZ];
  char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
  } tx_buf;
- static char rx_buf[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 
  char *auth_hdr = NULL;
  struct rest_client_req_context req;

tests/subsys/net/lib/nrf_provisioning/prj.conf

@@ -19,14 +19,12 @@ CONFIG_NRF_PROVISIONING_AT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 
 CONFIG_NRF_PROVISIONING_CBOR=y

tests/subsys/net/lib/nrf_provisioning/prj_coap.conf

@@ -18,14 +18,12 @@ CONFIG_NRF_PROVISIONING_AT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_COAP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
-CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 
 CONFIG_NRF_PROVISIONING_CBOR=y

tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf

@@ -14,14 +14,13 @@ CONFIG_MODEM_JWT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=n
+CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=y
 CONFIG_NRF_PROVISIONING_JWT=y
 
 CONFIG_NRF_PROVISIONING_CODEC=y

tests/subsys/net/lib/nrf_provisioning/src/coap.c

@@ -249,8 +249,8 @@ static int coap_client_cmds_valid_path_cb(struct coap_client *client, int sock,
  struct coap_client_request *req, int retries,
  int cmock_num_calls)
 {
- char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ)
- "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ);
+ char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ)
+ "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
 
  if (strncmp(req->path, auth_path, strlen(auth_path)) == 0) {
  req->cb(COAP_RESPONSE_CODE_CREATED, 0, NULL, 0, true, req->user_data);

tests/subsys/net/lib/nrf_provisioning/src/main.c

@@ -389,11 +389,11 @@ static int rest_client_request_url_valid(struct rest_client_req_context *req_ctx
  } else if (strncmp(query_items[idx], "txMaxSize=", strlen("txMaxSize=")) == 0) {
  info.txMaxSize = &(query_items[idx][strlen("txMaxSize=")]);
  TEST_ASSERT_EQUAL_INT(
- CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ, atoi(info.txMaxSize));
+ CONFIG_NRF_PROVISIONING_TX_BUF_SZ, atoi(info.txMaxSize));
  } else if (strncmp(query_items[idx], "rxMaxSize=", strlen("rxMaxSize=")) == 0) {
  info.rxMaxSize = &(query_items[idx][strlen("rxMaxSize=")]);
  TEST_ASSERT_EQUAL_INT(
- CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ, atoi(info.rxMaxSize));
+ CONFIG_NRF_PROVISIONING_RX_BUF_SZ, atoi(info.rxMaxSize));
  } else if (strncmp(query_items[idx], "after=", strlen("after=")) == 0) {
  ;
  } else {
@@ -641,7 +641,7 @@ void test_codec_finished_valid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {
@@ -680,7 +680,7 @@ void test_codec_priv_keygen_valid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {
@@ -733,7 +733,7 @@ void test_codec_priv_keygen_rejected_invalid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {
@@ -779,7 +779,7 @@ void test_codec_endorsement_keygen_valid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {
@@ -822,7 +822,7 @@ void test_codec_endorsement_keygen_invalid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {
@@ -866,7 +866,7 @@ void test_codec_config_store1_valid(void)
 {
  struct cdc_context cdc_ctx;
  char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
- char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+ char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
  int mm_cb_ret = 0;
 
  struct nrf_provisioning_mm_change dummy_cb = {