net: lib: nrf_provisioning: Remove duplicate Kconfigs

Remove duplicate Kconfigs from HTTP and CoAP configuration
Add overlay to authenticate with JWT

Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>

samples/cellular/nrf_provisioning/overlay-coap.conf

@@ -2,7 +2,6 @@
 CONFIG_NRF_PROVISIONING_HTTP=n
 CONFIG_NRF_PROVISIONING_COAP=y
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=42
-CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y
 
 # CoAP client
 CONFIG_COAP=y

samples/cellular/nrf_provisioning/overlay-jwt.conf

@@ -0,0 +1,5 @@
+# Client authentication with JWT token
+CONFIG_NRF_PROVISIONING_JWT=y
+CONFIG_MODEM_JWT=y
+
+CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n

samples/cellular/nrf_provisioning/prj.conf

@@ -15,15 +15,11 @@ CONFIG_SETTINGS_SHELL=y
 CONFIG_NRF_PROVISIONING_SHELL=y
 CONFIG_SHELL=y
 
-CONFIG_NRF_PROVISIONING_AT=y
-
 # Client authentication with JWT token
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 CONFIG_MODEM_JWT=n
 
 # Client authentication with attestation token
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 CONFIG_MODEM_ATTEST_TOKEN=y
 

subsys/net/lib/nrf_provisioning/Kconfig

@@ -38,6 +38,9 @@ config NRF_PROVISIONING_WITH_CERT
 	help
 	  Includes the root certificate used by the server side and provisions it if needed.
 
+config NRF_PROVISIONING_ROOT_CA_SEC_TAG
+	int "Root CA for nRF Cloud Identity Service - security tag"
+
 config NRF_PROVISIONING_SAVE_CMD_ID
 	bool "Save the latest command id to storage"
 	help
@@ -53,6 +56,39 @@ config NRF_PROVISIONING_SETTINGS_STORAGE_PATH
 	string "Settings storage path for provisioning"
 	default "provisioning"
 
+config NRF_PROVISIONING_RX_BUF_SZ
+	int "RX buffer size"
+	default 1024
+
+config NRF_PROVISIONING_TX_BUF_SZ
+	int "TX buffer size"
+	default 2048
+
+choice
+	prompt "Authentication token"
+
+config NRF_PROVISIONING_JWT
+	depends on MODEM_JWT
+	bool "Authenticate with JWT"
+
+config NRF_PROVISIONING_ATTESTTOKEN
+	bool "Authenticate with Attestation token"
+
+endchoice
+
+if NRF_PROVISIONING_JWT
+
+config NRF_PROVISIONING_JWT_SEC_TAG
+	int "Provision Service's security tag, private Device Identity key used by default"
+	default 0
+
+config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S
+	int "Maximum JWT valid lifetime (seconds)"
+	range 0 604800
+	default 300
+
+endif
+
 rsource "Kconfig.nrf_provisioning_http"
 
 rsource "Kconfig.nrf_provisioning_at"

subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap

@@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_COAP
 
 if NRF_PROVISIONING_COAP
 
-config NRF_PROVISIONING_ROOT_CA_SEC_TAG
-	int "Root CA for Nordic identity server - security tag"
-
 config NRF_PROVISIONING_COAP_HOSTNAME
 	string "nRF Provisioning COAP API hostname"
 	default "coap.nrfcloud.com"
@@ -23,41 +20,10 @@ config NRF_PROVISIONING_COAP_PORT
 	string "Provision Service's port"
 	default "5684"
 
-config NRF_PROVISIONING_COAP_TIMEOUT_MS
-	int "Provision Service's timeout for COAP connection"
-	default 30000
-
-config NRF_PROVISIONING_COAP_RX_BUF_SZ
-	int "RX buffer size"
-	default 1024
-
-config NRF_PROVISIONING_COAP_TX_BUF_SZ
-	int "Request body size"
-	default 2048
-
-config NRF_PROVISIONING_COAP_TLS_SESSION_CACHE
-	bool "TLS session cache usage"
+config NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE
+	bool "DTLS session cache usage"
 	default y
 
 rsource "Kconfig.nrf_provisioning_codec"
 
-choice
-	prompt "Authentication token"
-
-config NRF_PROVISIONING_COAP_JWT
-	bool "Authenticate with JWT"
-
-config NRF_PROVISIONING_COAP_ATTESTTOKEN
-	bool "Authenticate with Attestation token"
-
-endchoice
-
-if NRF_PROVISIONING_COAP_JWT
-rsource "Kconfig.nrf_provisioning_jwt"
-endif
-
-if NRF_PROVISIONING_COAP_ATTESTTOKEN
-rsource "Kconfig.nrf_provisioning_attesttoken"
-endif
-
 endif

subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http

@@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_HTTP
 
 if NRF_PROVISIONING_HTTP
 
-config NRF_PROVISIONING_ROOT_CA_SEC_TAG
-	int "Root CA for Nordic identity server - security tag"
-
 config NRF_PROVISIONING_HTTP_HOSTNAME
 	string "nRF Provisioning HTTP API hostname"
 	default "provisioning-http.nrfcloud.com"
@@ -27,33 +24,6 @@ config NRF_PROVISIONING_HTTP_TIMEOUT_MS
 	int "Provision Service's timeout for HTTP connection"
 	default 30000
 
-config NRF_PROVISIONING_HTTP_RX_BUF_SZ
-	int "RX buffer size"
-	default 1536
-
-config NRF_PROVISIONING_HTTP_TX_BUF_SZ
-	int "Request body size"
-	default 2048
-
 rsource "Kconfig.nrf_provisioning_codec"
 
-choice
-	prompt "Authentication token"
-
-config NRF_PROVISIONING_HTTP_JWT
-	bool "Authenticate with JWT"
-
-config NRF_PROVISIONING_HTTP_ATTESTTOKEN
-	bool "Authenticate with Attestation token"
-
-endchoice
-
-if NRF_PROVISIONING_HTTP_JWT
-rsource "Kconfig.nrf_provisioning_jwt"
-endif
-
-if NRF_PROVISIONING_HTTP_ATTESTTOKEN
-rsource "Kconfig.nrf_provisioning_attesttoken"
-endif
-
 endif

subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c

@@ -112,7 +112,7 @@ static int dtls_setup(int fd)
 		return err;
 	}
 
-	if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_TLS_SESSION_CACHE)) {
+	if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE)) {
 		session_cache = TLS_SESSION_CACHE_ENABLED;
 	} else {
 		session_cache = TLS_SESSION_CACHE_DISABLED;
@@ -468,8 +468,8 @@ static int request_commands(struct coap_client *client,
 {
 	int ret;
 	char after[NRF_PROVISIONING_CORRELATION_ID_SIZE];
-	char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ);
-	char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ);
+	char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ);
+	char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
 	char cmd[sizeof(CMDS_API_TEMPLATE) + NRF_PROVISIONING_CORRELATION_ID_SIZE +
 		 strlen(rx_buf_sz) + strlen(tx_buf_sz)];
 
@@ -532,10 +532,10 @@ int nrf_provisioning_coap_req(struct nrf_provisioning_coap_context *const coap_c
 
 	/* Only one provisioning ongoing at a time*/
 	static union {
-		char coap[CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ];
+		char coap[CONFIG_NRF_PROVISIONING_TX_BUF_SZ];
 		char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
 	} tx_buf;
-	static char rx_buf[CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ];
+	static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 
 	int ret;
 	char *auth_token = NULL;

subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c

@@ -312,8 +312,8 @@ static int gen_provisioning_url(struct rest_client_req_context *const req)
 {
 	char *url;
 	size_t buff_sz;
-	char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ);
-	char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ);
+	char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ);
+	char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
 	char mver[128];
 	char *cver = STRINGIFY(1);
 	int ret;
@@ -454,10 +454,10 @@ int nrf_provisioning_http_req(struct nrf_provisioning_http_context *const rest_c
 
 	/* Only one provisioning ongoing at a time*/
 	static union {
-		char http[CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ];
+		char http[CONFIG_NRF_PROVISIONING_TX_BUF_SZ];
 		char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
 	} tx_buf;
-	static char rx_buf[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 
 	char *auth_hdr = NULL;
 	struct rest_client_req_context req;

tests/subsys/net/lib/nrf_provisioning/prj.conf

@@ -19,14 +19,12 @@ CONFIG_NRF_PROVISIONING_AT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 
 CONFIG_NRF_PROVISIONING_CBOR=y

tests/subsys/net/lib/nrf_provisioning/prj_coap.conf

@@ -18,14 +18,12 @@ CONFIG_NRF_PROVISIONING_AT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_COAP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=n
 CONFIG_NRF_PROVISIONING_JWT=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
-CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y
 CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y
 
 CONFIG_NRF_PROVISIONING_CBOR=y

tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf

@@ -14,14 +14,13 @@ CONFIG_MODEM_JWT=n
 CONFIG_NRF_PROVISIONING=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=n
+CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n
 
 CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1
 
 CONFIG_NRF_PROVISIONING_CODEC=y
 
 CONFIG_NRF_PROVISIONING_HTTP=y
-CONFIG_NRF_PROVISIONING_HTTP_JWT=y
 CONFIG_NRF_PROVISIONING_JWT=y
 
 CONFIG_NRF_PROVISIONING_CODEC=y

tests/subsys/net/lib/nrf_provisioning/src/coap.c

@@ -249,8 +249,8 @@ static int coap_client_cmds_valid_path_cb(struct coap_client *client, int sock,
 					  struct coap_client_request *req, int retries,
 					  int cmock_num_calls)
 {
-	char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ)
-		"&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ);
+	char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ)
+		"&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ);
 
 	if (strncmp(req->path, auth_path, strlen(auth_path)) == 0) {
 		req->cb(COAP_RESPONSE_CODE_CREATED, 0, NULL, 0, true, req->user_data);

tests/subsys/net/lib/nrf_provisioning/src/main.c

@@ -389,11 +389,11 @@ static int rest_client_request_url_valid(struct rest_client_req_context *req_ctx
 		} else if (strncmp(query_items[idx], "txMaxSize=", strlen("txMaxSize=")) == 0) {
 			info.txMaxSize = &(query_items[idx][strlen("txMaxSize=")]);
 			TEST_ASSERT_EQUAL_INT(
-				CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ, atoi(info.txMaxSize));
+				CONFIG_NRF_PROVISIONING_TX_BUF_SZ, atoi(info.txMaxSize));
 		} else if (strncmp(query_items[idx], "rxMaxSize=", strlen("rxMaxSize=")) == 0) {
 			info.rxMaxSize = &(query_items[idx][strlen("rxMaxSize=")]);
 			TEST_ASSERT_EQUAL_INT(
-				CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ, atoi(info.rxMaxSize));
+				CONFIG_NRF_PROVISIONING_RX_BUF_SZ, atoi(info.rxMaxSize));
 		} else if (strncmp(query_items[idx], "after=", strlen("after=")) == 0) {
 			;
 		} else {
@@ -641,7 +641,7 @@ void test_codec_finished_valid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {
@@ -680,7 +680,7 @@ void test_codec_priv_keygen_valid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {
@@ -733,7 +733,7 @@ void test_codec_priv_keygen_rejected_invalid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {
@@ -779,7 +779,7 @@ void test_codec_endorsement_keygen_valid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {
@@ -822,7 +822,7 @@ void test_codec_endorsement_keygen_invalid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {
@@ -866,7 +866,7 @@ void test_codec_config_store1_valid(void)
 {
 	struct cdc_context cdc_ctx;
 	char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN];
-	char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ];
+	char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ];
 	int mm_cb_ret = 0;
 
 	struct nrf_provisioning_mm_change dummy_cb = {