packages/third-party/mbedtls/SConscript

from building import *
import rtconfig
Import('RTT_ROOT')
import os
from string import Template

# 1. Specific certificate file template
cert_template = """
/*
 * Copyright (c) 2006-2018 RT-Thread Development Team. All rights reserved.
 * License-Identifier: Apache-2.0
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#include "mbedtls/certs.h"

const char mbedtls_root_certificate[] = 
"-----BEGIN CERTIFICATE-----\\r\\n\" \\
"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\\r\\n" \\
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\\r\\n" \\
"DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\\r\\n" \\
"PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\\r\\n" \\
"Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\\r\\n" \\
"AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\\r\\n" \\
"rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\\r\\n" \\
"OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\\r\\n" \\
"xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\\r\\n" \\
"7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\\r\\n" \\
"aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\\r\\n" \\
"HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\\r\\n" \\
"SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\\r\\n" \\
"ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\\r\\n" \\
"AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\\r\\n" \\
"R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\\r\\n" \\
"JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\\r\\n" \\
"Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\\r\\n" \\
"-----END CERTIFICATE-----\\r\\n" \\
${CERT_CONTENT}
;

const size_t mbedtls_root_certificate_len = sizeof(mbedtls_root_certificate);

"""

# 2. Create substitute from template
cert_subs = Template(cert_template)

# 3. Get the current absolute path
cwd = GetCurrentDir()

# 4. PEM certificate file path (*.pem or *.cer)
certs_user_dir = cwd + os.sep + 'certs'
certs_default_dir = cwd + os.sep + (os.sep).join(['certs', 'default'])

ROOT_CA_FILE = []

# 5. File that stores the contents of the certificate file
output_cert_file = cwd + os.sep + (os.sep).join(['ports', 'src', 'tls_certificate.c'])

if GetDepend(['LPKG_USING_MBEDTLS_EXAMPLE']):
    path = cwd + os.sep + (os.sep).join(['certs', 'default', 'DIGITAL_SIGNATURE_TRUST_ROOT_CA.cer'])
    if os.path.exists(path):
        ROOT_CA_FILE += [path]

if GetDepend(['LPKG_USING_MBEDTLS_USE_ALL_CERTS']):
    file_list = os.listdir(certs_default_dir)
    if len(file_list):
        for i in range(0, len(file_list)):
            path = os.path.join(certs_default_dir, file_list[i])
            if os.path.isfile(path):
                ROOT_CA_FILE += [path]

if GetDepend(['LPKG_USING_MBEDTLS_USER_CERTS']):
    file_list = os.listdir(certs_user_dir)
    if len(file_list):
        for i in range(0, len(file_list)):
            path = os.path.join(certs_user_dir, file_list[i])
            if os.path.isfile(path):
                ROOT_CA_FILE += [path]


KCONFIG_ROOT_CA_DICT = {'LPKG_USING_MBEDTLS_THAWTE_ROOT_CA': 'THAWTE_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_VERSIGN_PBULIC_ROOT_CA': 'VERSIGN_PUBLIC_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_VERSIGN_UNIVERSAL_ROOT_CA': 'VERSIGN_UNIVERSAL_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_GEOTRUST_ROOT_CA': 'GEOTRUST_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_DIGICERT_ROOT_CA': 'DIGICERT_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_GODADDY_ROOT_CA': 'GODADDY_ROOT_CA.cer', 
                        'LPKG_USING_MBEDTLS_COMODOR_ROOT_CA': 'COMODOR_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_DST_ROOT_CA': 'DIGITAL_SIGNATURE_TRUST_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_CLOBALSIGN_ROOT_CA': 'CLOBALSIGN_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_ENTRUST_ROOT_CA': 'ENTRUST_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_CERTUM_TRUSTED_NETWORK_ROOT_CA': 'CERTUM_TRUSTED_NETWORK_ROOT_CA.cer', \
                        'LPKG_USING_MBEDTLS_AMAZON_ROOT_CA': 'AMAZON_ROOT_CA.cer'}

for key, value in KCONFIG_ROOT_CA_DICT.items():
    if GetDepend([key]):
        path = os.path.join(certs_default_dir, value)
        if os.path.exists(path) and os.path.isfile(path):
            ROOT_CA_FILE += [path]

ROOT_CA_FILE = list(set(ROOT_CA_FILE))

file_content = ""

# 6. Traverse the specified certificate file
if len(ROOT_CA_FILE) > 0:
    for i in range(0, len(ROOT_CA_FILE)):
        if os.path.isfile(ROOT_CA_FILE[i]):
            # READ CER FILE, copy to tls_certificate.c
            with open(ROOT_CA_FILE[i], 'r') as ca:
                # Pre-read, check first line
                if not ca.readline().startswith("-----BEGIN CERTIFICATE"):
                    print("[mbedtls] Warning: ", ROOT_CA_FILE[i], "is not CA file! Skipped!")
                    continue
                ca.seek(0)
                for line in ca.readlines():
                    file_content += '"' + line.strip() + '\\r\\n" \\\n'

# 7. Populate certificate template content
cert_content = cert_subs.substitute(CERT_CONTENT = file_content)

# 8. Write certificate template content to tls_certificate.c
with open(output_cert_file, 'w') as f:
    f.write(cert_content)


src = Glob('mbedtls/library/*.c')
SrcRemove(src, 'mbedtls/library/net_sockets.c')

src += Glob('ports/src/*.c')

if GetDepend(['LPKG_USING_MBEDTLS_EXAMPLE']):
    src += Glob('samples/*.c')

CPPPATH = [
cwd + '/mbedtls/include',
cwd + '/mbedtls/library',
cwd + '/ports/inc',
]

if rtconfig.CROSS_TOOL == 'gcc' or rtconfig.CROSS_TOOL == 'keil' or rtconfig.CROSS_TOOL == 'iar':
    import shutil
    cp_src = cwd + '/ports/inc/tls_config.h'
    cp_dst = cwd + '/mbedtls/include/mbedtls/config.h'
    shutil.copyfile(cp_src, cp_dst)
    CPPDEFINES = []
else:
    CPPDEFINES = []

LOCAL_CCFLAG = ' -w'

group = DefineGroup('mbedtls', src, depend = ['LPKG_USING_MBEDTLS'], CPPPATH = CPPPATH, CPPDEFINES = CPPDEFINES, LOCAL_CFLAGS=LOCAL_CCFLAG)

Return('group')
V1.0.5 2024-06-04 19:00:30 +08:00			`from building import *`
			`import rtconfig`
			`Import('RTT_ROOT')`
			`import os`
			`from string import Template`

			`# 1. Specific certificate file template`
			`cert_template = """`
			`/*`
			`* Copyright (c) 2006-2018 RT-Thread Development Team. All rights reserved.`
			`* License-Identifier: Apache-2.0`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`* not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*`
			`*/`

			`#include "mbedtls/certs.h"`

			`const char mbedtls_root_certificate[] =`
			`"-----BEGIN CERTIFICATE-----\\r\\n\" \\`
			`"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\\r\\n" \\`
			`"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\\r\\n" \\`
			`"DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\\r\\n" \\`
			`"PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\\r\\n" \\`
			`"Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\\r\\n" \\`
			`"AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\\r\\n" \\`
			`"rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\\r\\n" \\`
			`"OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\\r\\n" \\`
			`"xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\\r\\n" \\`
			`"7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\\r\\n" \\`
			`"aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\\r\\n" \\`
			`"HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\\r\\n" \\`
			`"SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\\r\\n" \\`
			`"ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\\r\\n" \\`
			`"AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\\r\\n" \\`
			`"R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\\r\\n" \\`
			`"JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\\r\\n" \\`
			`"Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\\r\\n" \\`
			`"-----END CERTIFICATE-----\\r\\n" \\`
			`${CERT_CONTENT}`
			`;`

			`const size_t mbedtls_root_certificate_len = sizeof(mbedtls_root_certificate);`

			`"""`

			`# 2. Create substitute from template`
			`cert_subs = Template(cert_template)`

			`# 3. Get the current absolute path`
			`cwd = GetCurrentDir()`

			`# 4. PEM certificate file path (.pem or .cer)`
			`certs_user_dir = cwd + os.sep + 'certs'`
			`certs_default_dir = cwd + os.sep + (os.sep).join(['certs', 'default'])`

			`ROOT_CA_FILE = []`

			`# 5. File that stores the contents of the certificate file`
			`output_cert_file = cwd + os.sep + (os.sep).join(['ports', 'src', 'tls_certificate.c'])`

			`if GetDepend(['LPKG_USING_MBEDTLS_EXAMPLE']):`
			`path = cwd + os.sep + (os.sep).join(['certs', 'default', 'DIGITAL_SIGNATURE_TRUST_ROOT_CA.cer'])`
			`if os.path.exists(path):`
			`ROOT_CA_FILE += [path]`

			`if GetDepend(['LPKG_USING_MBEDTLS_USE_ALL_CERTS']):`
			`file_list = os.listdir(certs_default_dir)`
			`if len(file_list):`
			`for i in range(0, len(file_list)):`
			`path = os.path.join(certs_default_dir, file_list[i])`
			`if os.path.isfile(path):`
			`ROOT_CA_FILE += [path]`

			`if GetDepend(['LPKG_USING_MBEDTLS_USER_CERTS']):`
			`file_list = os.listdir(certs_user_dir)`
			`if len(file_list):`
			`for i in range(0, len(file_list)):`
			`path = os.path.join(certs_user_dir, file_list[i])`
			`if os.path.isfile(path):`
			`ROOT_CA_FILE += [path]`


			`KCONFIG_ROOT_CA_DICT = {'LPKG_USING_MBEDTLS_THAWTE_ROOT_CA': 'THAWTE_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_VERSIGN_PBULIC_ROOT_CA': 'VERSIGN_PUBLIC_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_VERSIGN_UNIVERSAL_ROOT_CA': 'VERSIGN_UNIVERSAL_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_GEOTRUST_ROOT_CA': 'GEOTRUST_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_DIGICERT_ROOT_CA': 'DIGICERT_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_GODADDY_ROOT_CA': 'GODADDY_ROOT_CA.cer',`
			`'LPKG_USING_MBEDTLS_COMODOR_ROOT_CA': 'COMODOR_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_DST_ROOT_CA': 'DIGITAL_SIGNATURE_TRUST_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_CLOBALSIGN_ROOT_CA': 'CLOBALSIGN_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_ENTRUST_ROOT_CA': 'ENTRUST_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_CERTUM_TRUSTED_NETWORK_ROOT_CA': 'CERTUM_TRUSTED_NETWORK_ROOT_CA.cer', \`
			`'LPKG_USING_MBEDTLS_AMAZON_ROOT_CA': 'AMAZON_ROOT_CA.cer'}`

			`for key, value in KCONFIG_ROOT_CA_DICT.items():`
			`if GetDepend([key]):`
			`path = os.path.join(certs_default_dir, value)`
			`if os.path.exists(path) and os.path.isfile(path):`
			`ROOT_CA_FILE += [path]`

			`ROOT_CA_FILE = list(set(ROOT_CA_FILE))`

			`file_content = ""`

			`# 6. Traverse the specified certificate file`
			`if len(ROOT_CA_FILE) > 0:`
			`for i in range(0, len(ROOT_CA_FILE)):`
			`if os.path.isfile(ROOT_CA_FILE[i]):`
			`# READ CER FILE, copy to tls_certificate.c`
			`with open(ROOT_CA_FILE[i], 'r') as ca:`
			`# Pre-read, check first line`
			`if not ca.readline().startswith("-----BEGIN CERTIFICATE"):`
			`print("[mbedtls] Warning: ", ROOT_CA_FILE[i], "is not CA file! Skipped!")`
			`continue`
			`ca.seek(0)`
			`for line in ca.readlines():`
			`file_content += '"' + line.strip() + '\\r\\n" \\\n'`

			`# 7. Populate certificate template content`
			`cert_content = cert_subs.substitute(CERT_CONTENT = file_content)`

			`# 8. Write certificate template content to tls_certificate.c`
			`with open(output_cert_file, 'w') as f:`
			`f.write(cert_content)`


			`src = Glob('mbedtls/library/*.c')`
			`SrcRemove(src, 'mbedtls/library/net_sockets.c')`

			`src += Glob('ports/src/*.c')`

			`if GetDepend(['LPKG_USING_MBEDTLS_EXAMPLE']):`
			`src += Glob('samples/*.c')`

			`CPPPATH = [`
			`cwd + '/mbedtls/include',`
			`cwd + '/mbedtls/library',`
			`cwd + '/ports/inc',`
			`]`

			`if rtconfig.CROSS_TOOL == 'gcc' or rtconfig.CROSS_TOOL == 'keil' or rtconfig.CROSS_TOOL == 'iar':`
			`import shutil`
			`cp_src = cwd + '/ports/inc/tls_config.h'`
			`cp_dst = cwd + '/mbedtls/include/mbedtls/config.h'`
			`shutil.copyfile(cp_src, cp_dst)`
			`CPPDEFINES = []`
			`else:`
			`CPPDEFINES = []`

			`LOCAL_CCFLAG = ' -w'`

			`group = DefineGroup('mbedtls', src, depend = ['LPKG_USING_MBEDTLS'], CPPPATH = CPPPATH, CPPDEFINES = CPPDEFINES, LOCAL_CFLAGS=LOCAL_CCFLAG)`

			`Return('group')`