feat: Fix formatting

fix: klockwork reported success / failure check fix

.github/workflows/changelog.yml

@@ -0,0 +1,20 @@
+name: Changelog Generator
+
+on:  
+  pull_request:
+    branches: [ master ]
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          fetch-depth: 0
+      - run: docker run -v $PWD:/workdir quay.io/git-chglog/git-chglog --next-tag vNext --output CHANGELOG-new.md vNext.. 
+      - name: GitHub Upload Release Artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: CHANGELOG-new.md
+          path: |
+            ./CHANGELOG-new.md

.github/workflows/ci.yml

@@ -41,8 +41,7 @@ jobs:
       run: cd build && cmake --build . --config Release
     - name: Build RPC (Debug)
       run: cd build && cmake --build . --config Debug
-
+        
-
   build-linux:
     runs-on: ${{ matrix.os }}
     strategy:

.github/workflows/docker-ci.yml

@@ -0,0 +1,29 @@
+#*********************************************************************
+# Copyright (c) Intel Corporation 2020
+# SPDX-License-Identifier: Apache-2.0
+#*********************************************************************/
+
+name: Docker Image CI
+
+on:
+  push:
+      branches: [ master ]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build the Docker image
+        run: docker build -f "Dockerfile" --tag vprodemo.azurecr.io/rpc:${{ github.sha }} --tag vprodemo.azurecr.io/rpc:latest .
+      - name: Docker Login
+        uses: docker/login-action@v1.6.0
+        with:
+          registry: vprodemo.azurecr.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          logout: true
+      - name: Push the Docker image to the registry
+        run: docker push vprodemo.azurecr.io/rpc:${{ github.sha }}
+      - name: Push the Docker image to the registry
+        run: docker push vprodemo.azurecr.io/rpc:latest

CHANGELOG.md

@@ -1,3 +1,35 @@
+<a name="v1.2.2"></a>
+## [v1.2.2] - 2021-06-22
+### Ci
+- remove Jenkins chron
+- **changelog:** add automation for changelog generation
+
+### Fix
+- update examples text and version
+
+<a name="v1.2.1"></a>
+## [v1.2.1] - 2021-05-06
+
+### Fix
+**docker:** add missing ca-certs
+
+<a name="v1.2.0"></a>
+## v1.2.0
+
+### Ci
+- breakout docker build for merge only
+
+### Feat
+- update RPC version to 1.2.0.
+- BREAKING CHANGE: add heartbeat capability, bump RPC Protocol version to 4.0.0
+- add unit test framework
+- add hostname to activation info
+- **docker:** add dockerfile support for RPC
+
+### Fix
+- use message status instead, cleanup message fields.
+
+
 <a name="v1.1.0"></a>
 ## [v1.1.0] - 2021-02-09
 

CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required (VERSION 3.1)
 
-project (rpc VERSION 1.1.0)
+project (rpc VERSION 1.2.1)
 
 set (CMAKE_CXX_STANDARD 11)
 
@@ -100,6 +100,8 @@ add_executable (rpc
   activation.cpp
   shbc.h
   shbc.cpp
+  heartbeat.h
+  heartbeat.cpp
   lms.h
   lms.cpp
   main.cpp

Dockerfile

@@ -0,0 +1,37 @@
+#*********************************************************************
+# Copyright (c) Intel Corporation 2021
+# SPDX-License-Identifier: Apache-2.0
+#*********************************************************************/
+
+FROM ubuntu:20.04 AS rpc-builder
+
+WORKDIR /
+ARG DEBIAN_FRONTEND=noninteractive
+RUN \
+  apt-get update -y -qq && \
+  apt install -y -qq \
+    git cmake build-essential libssl-dev zlib1g-dev \
+    curl unzip zip pkg-config ca-certificates
+RUN git clone https://github.com/open-amt-cloud-toolkit/rpc.git
+WORKDIR /rpc
+RUN mkdir -p build
+RUN git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git
+RUN cd vcpkg && ./bootstrap-vcpkg.sh
+RUN ./vcpkg/vcpkg install cpprestsdk[websockets]
+
+WORKDIR /rpc/build
+RUN cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_TOOLCHAIN_FILE=/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake ..
+RUN cmake --build .
+
+FROM ubuntu:20.04 
+
+LABEL license='SPDX-License-Identifier: Apache-2.0' \
+      copyright='Copyright (c) 2021: Intel'
+
+WORKDIR /root
+RUN \
+  apt-get update -y -qq && \
+  apt install -y -qq \
+    libssl-dev
+COPY --from=rpc-builder /rpc/build/rpc .
+ENTRYPOINT ["/root/rpc"]

Jenkinsfile

@@ -0,0 +1,154 @@
+pipeline {
+    agent {
+        label 'docker-amt'
+    }
+    options {
+        buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
+        timestamps()
+        timeout(unit: 'HOURS', time: 2)
+    }
+    
+    
+    stages {
+        stage ('Cloning Repository') {
+            steps {
+                script {
+                    scmCheckout {
+                        clean = true
+                    }
+                }
+            }
+        }
+        stage('Static Code Scan - Protex') {
+            environment{
+                PROJECT_NAME               = 'OpenAMT - RPC'
+                SCANNERS                   = 'protex'
+            }
+            steps {
+                rbheStaticCodeScan()
+            }
+        }
+        stage ('Parallel Builds') {
+            parallel {
+                stage ('Linux') {
+                    agent { label 'docker-amt' }
+                    stages {
+                        stage('Build') {
+                            agent {
+                                docker {
+                                    image 'ubuntu:18.04'
+                                    reuseNode true
+                                }
+                            }
+                            steps {
+                                sh './scripts/jenkins-pre-build.sh'
+                                sh './scripts/jenkins-build.sh'
+                                stash includes: 'build/rpc', name: 'linux-rpc-app'
+                            }
+                        }
+                        stage ('Archive') {
+                            steps {
+                                archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
+                            }
+                        }
+                    }
+                }
+                stage ('Windows') {
+                    agent { label 'openamt-win' }
+                    stages{
+                        stage ('Build') {
+                            steps {
+                                bat 'scripts\\jenkins-pre-build.cmd'
+                                bat 'scripts\\jenkins-build.cmd'
+                                // prepare stash for the binary scan
+                                stash includes: '**/*.exe', name: 'win-rpc-app'
+                            }
+                        }
+                        stage ('Archive') {
+                            steps {
+                                archiveArtifacts allowEmptyArchive: true, artifacts: 'build\\Release\\rpc.exe', caseSensitive: false, onlyIfSuccessful: true
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        stage('Prep Binary') {
+            steps {
+                sh 'mkdir -p ./bin'
+                dir('./bin') {
+                    unstash 'linux-rpc-app'
+                    unstash 'win-rpc-app'
+                }
+            }
+        }
+        stage('Linux Scans') {
+            environment{
+                PROJECT_NAME               = 'OpenAMT - RPC - Linux'
+                SCANNERS                   = 'bdba,klocwork'
+
+                // protecode details
+                PROTECODE_BIN_DIR          = './bin'
+                PROTECODE_INCLUDE_SUB_DIRS = true
+                
+                // klocwork details
+                KLOCWORK_SCAN_TYPE             = 'c++'
+                KLOCWORK_PRE_BUILD_SCRIPT      = './scripts/jenkins-pre-build.sh'
+                KLOCWORK_BUILD_COMMAND         = './scripts/jenkins-build.sh'
+                KLOCWORK_IGNORE_COMPILE_ERRORS = true
+
+                // publishArtifacts details
+                PUBLISH_TO_ARTIFACTORY         = true
+            }
+            steps {
+                rbheStaticCodeScan()
+                dir('artifacts/Klockwork'){
+                    sh 'cp kw_report.html kw_report_linux.html'
+                    sh 'cp kw_report.csv kw_report_linux.csv'
+                    archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
+                    archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
+                }
+                
+            }
+        }
+        stage('Windows Scans'){
+            agent { label 'openamt-win' }
+            stages{
+                stage ('Windows Scans - klocwork') {
+                    environment {
+                        PROJECT_NAME                   = 'OpenAMT - RPC - Windows'
+                        SCANNERS                       = 'klocwork'
+
+                        // klocwork details
+                        KLOCWORK_SCAN_TYPE             = 'c++'
+                        KLOCWORK_PRE_BUILD_SCRIPT      = 'scripts\\jenkins-pre-build.cmd'
+                        KLOCWORK_BUILD_COMMAND         = 'scripts\\jenkins-build.cmd'
+                        KLOCWORK_IGNORE_COMPILE_ERRORS = true
+
+                        // publishArtifacts details
+                        PUBLISH_TO_ARTIFACTORY         = true
+                    }
+                    steps {
+                        rbheStaticCodeScan()
+                        dir('artifacts\\Klockwork'){
+                            bat 'copy kw_report.html kw_report_windows.html'
+                            bat 'copy kw_report.csv kw_report_windows.csv'
+                            stash includes: 'kw_report_windows.*', name: 'win-kwreports'
+                            archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
+                            archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
+                        }
+                    }
+                }
+            }
+        }
+        stage('Publish Artifacts'){
+            steps{
+                dir('artifacts/Klockwork'){
+                    unstash 'win-kwreports'
+                }
+                publishArtifacts()
+            }
+        }
+    }
+}

MicroLMS/heci/PTHICommand.h

@@ -479,6 +479,8 @@ typedef enum
 	CERT_HASH_ALGORITHM_MD5 = 0,  // 16 bytes
 	CERT_HASH_ALGORITHM_SHA1,     // 20 bytes
 	CERT_HASH_ALGORITHM_SHA256,   // 32 bytes
+	CERT_HASH_ALGORITHM_SHA384,   // 48 bytes
+	CERT_HASH_ALGORITHM_SHA224,   // 28 bytes
 	CERT_HASH_ALGORITHM_SHA512,   // 64 bytes
 } CERT_HASH_ALGORITHM;
 
@@ -683,9 +685,7 @@ typedef struct _CFG_START_CONFIG_HBASED_REQUEST
 
 typedef struct _CFG_START_CONFIG_HBASED_RESPONSE_INFO
 {
-	PTHI_RESPONSE_MESSAGE_HEADER Header;
+	UINT8 HashAlgorithm;
-	AMT_STATUS			Status;
-	CERT_HASH_ALGORITHM HashAlgorithm;
 	UINT8 AMTCertHash[CERT_HASH_MAX_LENGTH];
 } CFG_START_CONFIG_HBASED_RESPONSE_INFO;
 

README.md

@@ -4,26 +4,43 @@
 
 The Remote Provisioning Client (RPC) is an application that enables remote capabilities for Intel® AMT, such as as device activation and configuration. To accomplish this, RPC communicates with the Remote Provisioning Server (RPS) to activate and connect the edge device.
 
+<br><br>
+
 **For detailed documentation** about RPC or other features of the Open AMT Cloud Toolkit, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/).
 
+<br>
+
 ## Prerequisites
 
 We leverage GitHub Actions as a means to build RPC automatically leveraging Github's CI/CD Infrastructure. This avoids having to deal with the challenges of getting your build environment just right on your local machine and allows you to get up and running much faster. Read more about GitHub Actions [here](https://github.blog/2019-08-08-github-actions-now-supports-ci-cd/#:~:text=GitHub%20Actions%20is%20an%20API,every%20step%20along%20the%20way.)
 
-## Build the Remote Provisioning Client (RPC)
 
 <p align="center">
 <img src="assets/animations/forkandbuild.gif" width="650"  />
 </p>
 
-1. Create a fork of the rpc repository [here](https://github.com/open-amt-cloud-toolkit/rpc/fork) or via the Fork button in the top-right corner of the rpc repository.
+## Build the Remote Provisioning Client (RPC)
 
-2. Click on "Actions" and Select "Build RPC (Native)" Workflow.
+1. <a href="https://github.com/open-amt-cloud-toolkit/rpc/fork" target="_blank">Create a fork of rpc on GitHub.</a>
 
-3. Click "Run Workflow", select branch "master", and click "Run Workflow".
+2. Click on the **Actions** tab at the top and select **Build RPC (Native) Debug/Release**.
 
-4. Grab a coffee. The build for Windows will take approximately 30 minutes and the build for Linux will take approximately 5 minutes.
+3. Click the **Run Workflow** dropdown. 
 
-5. Once complete, click the completed job, and download the appropriate RPC for your OS under the "Artifacts" section.
+4. Select the **Branch: master**, or a preferred version, from the **Use workflow from** dropdown. 
 
-For detailed documentation about RPC and using it to activate a device, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/)
+5. By default, the Build Type should be **release**.  
+
+6. Click the **Run Workflow** button. Grab a coffee and take a break! The build time ranges from 15 to 20 minutes.
+
+8. Once the download is complete, click the completed job which will feature a green checkmark.
+
+9. Download the appropriate RPC for your managed device's OS under the **Artifacts** section.
+
+### To Delete your workflow run
+
+1. Click the ellipsis ( **...** ) menu for the workflow. 
+
+2. Choose the **Delete workflow run** option.
+
+For detailed documentation about RPC and using it to activate a device, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/)

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 
+
+## Reporting a Vulnerability
+Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).

activation.cpp

@@ -264,7 +264,12 @@ bool act_create_request(std::string commands, std::string dns_suffix, std::strin
 
     // serialize payload
     std::string serializedPayload = utility::conversions::to_utf8string(activationPayload.serialize());
-    std::string encodedPayload = util_encode_base64(serializedPayload);
+    std::vector<unsigned char> serializedPayloadVector;
+    for (int i = 0; i < serializedPayload.size(); i++)
+    {
+        serializedPayloadVector.push_back(serializedPayload[i]);
+    }
+    std::string encodedPayload = util_encode_base64(serializedPayloadVector);
     utility::string_t payload = utility::conversions::to_string_t(encodedPayload);
     msg[U("payload")] = web::json::value::string(payload);
 
@@ -274,7 +279,7 @@ bool act_create_request(std::string commands, std::string dns_suffix, std::strin
     return true;
 }
 
-bool act_create_response(std::string payload, std::string& response)
+bool act_create_response(std::vector<unsigned char> payload, std::string& response)
 {
     web::json::value msg;
 

activation.h

@@ -7,8 +7,9 @@
 #define __ACTIVATION_H__
 
 #include <string>
+#include <vector>
 
-#define PROTOCOL_VERSION "3.0.0"
+#define PROTOCOL_VERSION "4.1.0"
 
 #ifdef _WIN32
 #define convertstring   to_utf16string
@@ -17,6 +18,6 @@
 #endif
 
 bool act_create_request(std::string commands, std::string dns_suffix, std::string& request);
-bool act_create_response(std::string payload, std::string& response);
+bool act_create_response(std::vector<unsigned char> payload, std::string& response);
 
 #endif 

commands.cpp

@@ -32,9 +32,6 @@ bool cmd_is_admin()
 
 bool cmd_get_version(std::string& version)
 {
-    version = "14.0.0";                                     // FIXME: REMOVE WHEN HW AVAILABLE
-    return true;                                            // FIXME: REMOVE WHEN HW AVAILABLE
-
     version.clear();
 
     // initialize HECI interface
@@ -285,51 +282,54 @@ bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries)
         for (int i = 0; i < (int) amt_hash_handles.Length; i++)
         {
             // get each entry
-            AMT_STATUS status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
+            AMT_STATUS amt_status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
 
-            int hashSize;
+            if (amt_status == 0)
-            cert_hash_entry tmp;
-            switch (certhash_entry.HashAlgorithm) {
-            case 0: // MD5
-                hashSize = 16;
-                tmp.algorithm = "MD5";
-                break;
-            case 1: // SHA1
-                hashSize = 20;
-                tmp.algorithm = "SHA1";
-                break;
-            case 2: // SHA256
-                hashSize = 32;
-                tmp.algorithm = "SHA256";
-                break;
-            case 3: // SHA512
-                hashSize = 64;
-                tmp.algorithm = "SHA512";
-                break;
-            default:
-                hashSize = 0;
-                tmp.algorithm = "UNKNOWN";
-                break;
-            }
-
-            if (certhash_entry.IsActive == 1) 
             {
-                std::string cert_name(certhash_entry.Name.Buffer, certhash_entry.Name.Length);
+                int hashSize;
-                tmp.name = cert_name;
+                cert_hash_entry tmp;
-                tmp.is_default = certhash_entry.IsDefault;
+                switch (certhash_entry.HashAlgorithm) {
-                tmp.is_active = certhash_entry.IsActive;
+                case 0: // MD5
-
+                    hashSize = 16;
-                std::string hashString;
+                    tmp.algorithm = "MD5";
-                for (int i = 0; i < hashSize; i++)
+                    break;
-                {
+                case 1: // SHA1
-                    char hex[10];
+                    hashSize = 20;
-                    snprintf(hex, 10, "%02x", certhash_entry.CertificateHash[i]);
+                    tmp.algorithm = "SHA1";
-                    hashString += hex;
+                    break;
+                case 2: // SHA256
+                    hashSize = 32;
+                    tmp.algorithm = "SHA256";
+                    break;
+                case 3: // SHA512
+                    hashSize = 64;
+                    tmp.algorithm = "SHA512";
+                    break;
+                default:
+                    hashSize = 0;
+                    tmp.algorithm = "UNKNOWN";
+                    break;
                 }
 
-                tmp.hash = hashString;
+                if (certhash_entry.IsActive == 1)
+                {
+                    std::string cert_name(certhash_entry.Name.Buffer, certhash_entry.Name.Length);
+                    tmp.name = cert_name;
+                    tmp.is_default = certhash_entry.IsDefault;
+                    tmp.is_active = certhash_entry.IsActive;
 
-                hash_entries.push_back(tmp);
+                    std::string hashString;
+                    for (int i = 0; i < hashSize; i++)
+                    {
+                        char hex[10];
+                        snprintf(hex, 10, "%02x", certhash_entry.CertificateHash[i]);
+                        hashString += hex;
+                    }
+
+                    tmp.hash = hashString;
+
+                    hash_entries.push_back(tmp);
+                }
             }
         }
 
@@ -380,14 +380,14 @@ bool cmd_get_remote_access_connection_status(int& network_status, int& remote_st
     return false;
 }
 
-bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings)
+bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface)
 {
     // initialize HECI interface
     if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
 
     // get wired interface
     LAN_SETTINGS lan_settings;
-    UINT32 interface_settings = 0; // wired=0, wireless=1
+    UINT32 interface_settings = (wired_interface) ? 0 : 1; // wired=0, wireless=1
     AMT_STATUS amt_status = pthi_GetLanInterfaceSettings(interface_settings, &lan_settings);
     if (amt_status == 0)
     {
@@ -396,11 +396,13 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin
         lan_interface_settings.dhcp_enabled = lan_settings.DhcpEnabled;
         lan_interface_settings.link_status  = lan_settings.LinkStatus;
 
+        lan_interface_settings.ip_address.clear();
         lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 24) & 0xff);
         lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 16) & 0xff);
         lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 8) & 0xff);
         lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address) & 0xff);
 
+        lan_interface_settings.mac_address.clear();
         lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[0]);
         lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[1]);
         lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[2]);
@@ -416,10 +418,6 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin
 
 bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert)
 {
-    amt_cert.algorithm = "MD5";                              // FIXME: REMOVE WHEN HW AVAILABLE
-    amt_cert.hash = "000102030405060708090a0b0c0d0e0f";      // FIXME: REMOVE WHEN HW AVAILABLE
-    return true;                                             // FIXME: REMOVE WHEN HW AVAILABLE
-
     // initialize HECI interface
     if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
 
@@ -450,7 +448,8 @@ bool cmd_start_config_host_based(config_host_based_settings& server_cert, config
         return false;
     }
 
-    std::vector<char> cert_bytes;
+    int hashSize;
+    std::vector<unsigned char> cert_bytes;
     util_hex_string_to_bytes(server_cert.hash, cert_bytes);
     std::copy(std::begin(cert_bytes), std::end(cert_bytes), request.ServerCertHash);
 
@@ -463,22 +462,29 @@ bool cmd_start_config_host_based(config_host_based_settings& server_cert, config
         {
         case CERT_HASH_ALGORITHM_MD5:
             amt_cert.algorithm = "MD5";
+            hashSize = 16;
             break;
         case CERT_HASH_ALGORITHM_SHA1:
             amt_cert.algorithm = "SHA1";
+            hashSize = 20;
             break;
         case CERT_HASH_ALGORITHM_SHA256:
             amt_cert.algorithm = "SHA256";
+            hashSize = 32;
             break;
         case CERT_HASH_ALGORITHM_SHA512:
             amt_cert.algorithm = "SHA512";
+            hashSize = 64;
             break;
         default:
-            break;
+        case CERT_HASH_ALGORITHM_SHA384:
+        case CERT_HASH_ALGORITHM_SHA224:
+            return false;
         }
 
-        std::vector<char> hash;
+        std::vector<unsigned  char> hash;
-        std::copy(std::begin(response.AMTCertHash), std::end(response.AMTCertHash), std::begin(hash));
+        hash.resize(hashSize);
+        std::copy(response.AMTCertHash, response.AMTCertHash + hashSize, std::begin(hash));
         util_bytes_to_hex_string(hash, amt_cert.hash);
 
         return true;
@@ -486,3 +492,37 @@ bool cmd_start_config_host_based(config_host_based_settings& server_cert, config
 
     return false;
 }
+
+bool cmd_get_provisioning_state(int& state)
+{
+    state = 0;
+
+    // initialize HECI interface
+    if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
+
+    // get Control Mode
+    AMT_PROVISIONING_STATE provisioningState;
+    AMT_STATUS amt_status = pthi_GetProvisioningState(&provisioningState);
+    if (amt_status == 0)
+    {
+        state = provisioningState;
+
+        return true;
+    }
+
+    return false;
+}
+
+bool cmd_stop_configuration()
+{
+    // initialize HECI interface
+    if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
+
+    AMT_STATUS amt_status = pthi_StopConfiguration();
+    if (amt_status == 0)
+    {
+        return true;
+    }
+
+    return false;
+}

commands.h

@@ -55,7 +55,9 @@ bool cmd_get_dns_suffix(std::string& suffix);
 bool cmd_get_wired_mac_address(std::vector<unsigned char>& address);
 bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries);
 bool cmd_get_remote_access_connection_status(int& network_status, int& remote_status, int& remote_trigger, std::string& mps_hostname);
-bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings);
+bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface = true);
 bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert);
+bool cmd_get_provisioning_state(int& state);
+bool cmd_stop_configuration();
 
 #endif

heartbeat.cpp

@@ -0,0 +1,48 @@
+/*********************************************************************
+* Copyright (c) Intel Corporation 2019 - 2020
+* SPDX-License-Identifier: Apache-2.0
+**********************************************************************/
+
+#include "heartbeat.h"
+#include <cpprest/ws_client.h>
+#include <cpprest/json.h>
+#include <cpprest/streams.h>
+#include <iostream>
+#include <string>
+#include "activation.h"
+#include "version.h"
+#include "commands.h"
+#include "network.h"
+#include "utils.h"
+
+bool heartbeat_create_response(std::string& response)
+{
+    web::json::value msg;
+
+    utility::string_t tmp = utility::conversions::convertstring("heartbeat_response");
+    msg[U("method")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("");
+    msg[U("apiKey")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring(PROJECT_VER);
+    msg[U("appVersion")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring(PROTOCOL_VERSION);
+    msg[U("protocolVersion")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("success");
+    msg[U("status")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("");
+    msg[U("message")] = web::json::value::string(tmp);
+
+    // set empty payload
+    tmp = utility::conversions::convertstring("");
+    msg[U("payload")] = web::json::value::string(tmp);
+
+    // serialize the entire message
+    response = utility::conversions::to_utf8string(msg.serialize());
+
+    return true;
+}

heartbeat.h

@@ -0,0 +1,13 @@
+/*********************************************************************
+* Copyright (c) Intel Corporation 2019 - 2020
+* SPDX-License-Identifier: Apache-2.0
+**********************************************************************/
+
+#ifndef __HEARTBEAT_H__
+#define __HEARTBEAT_H__
+
+#include <string>
+
+bool heartbeat_create_response(std::string& response);
+
+#endif 

info.cpp

@@ -20,7 +20,7 @@ void out_text(const std::string name, const std::vector<unsigned char> value, co
     for (unsigned char tmp : value)
     {
         (hex) ? std::cout << std::setfill('0') << std::setw(2) << std::hex << (unsigned int)tmp
-              : std::cout << (unsigned int)tmp;
+              : std::cout << std::dec << (unsigned int)tmp;
 
         if (char_count++ < value.size())
         {
@@ -270,15 +270,41 @@ bool info_get_lan_interface_settings()
     tmp.ip_address.clear();
     tmp.mac_address.clear();
 
-    if (!cmd_get_lan_interface_settings(tmp)) return false;
+    bool hasWired = cmd_get_lan_interface_settings(tmp);
+    if (hasWired)
+    {
+        out_text("LAN Inteface", "wired");
+        out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
+        out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
+        out_text("Link Status", (tmp.link_status) ? "up" : "down");
+        out_text("IP Address", tmp.ip_address, '.', false);
+        out_text("MAC Address", tmp.mac_address, ':');
+    }
+    
+    tmp.is_enabled = false;
+    tmp.link_status = false;
+    tmp.dhcp_enabled = false;
+    tmp.dhcp_mode = 0;
+    tmp.ip_address.clear();
+    tmp.mac_address.clear();
 
-    out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
+    bool hasWireless = cmd_get_lan_interface_settings(tmp, false);
-    out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
+    if (hasWireless)
-    out_text("Link Status", (tmp.link_status) ? "up" : "down");
+    {
-    out_text("IP Address", tmp.ip_address, '.', false);
+        out_text("LAN Inteface", "wireless");
-    out_text("MAC Address", tmp.mac_address, ':');
+        out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
+        out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
+        out_text("Link Status", (tmp.link_status) ? "up" : "down");
+        out_text("IP Address", tmp.ip_address, '.', false);
+        out_text("MAC Address", tmp.mac_address, ':');
+    }
 
-    return true;
+    if (hasWired || hasWireless)
+    {
+        return true;
+    }
+
+    return false;
 }
 
 bool info_get(const std::string info)

main.cpp

@@ -12,6 +12,7 @@
 #include "commands.h"
 #include "activation.h"
 #include "shbc.h"
+#include "heartbeat.h"
 #include "utils.h"
 #include "usage.h"
 #include "args.h"
@@ -62,7 +63,7 @@ int main(int argc, char* argv[])
     std::string arg_info;
     bool arg_verbose = false;
     bool arg_nocertcheck = false;
-    bool secureHostBasedConfig = false;
+    bool shbc_config = false;
 
     if (argc == 1)
     {
@@ -186,7 +187,7 @@ int main(int argc, char* argv[])
     memset(&lms_socket, 0, sizeof(SOCKET));
 
     // set receive handler
-    client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose, &secureHostBasedConfig](web::websockets::client::websocket_incoming_message ret_msg)
+    client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose, &shbc_config](web::websockets::client::websocket_incoming_message ret_msg)
     {
         // kick the timer
         std::chrono::time_point<std::chrono::system_clock> now = std::chrono::system_clock::now();
@@ -211,7 +212,7 @@ int main(int argc, char* argv[])
             std::string msgStatus = "";
             std::string msgMessage = "";
             std::string msgPayload = "";
-            std::string payloadDecoded = "";
+            std::vector<unsigned char> payloadDecoded;
 
             if ( !parsed.has_field(U("method"))          || !parsed.has_field(U("apiKey")) || !parsed.has_field(U("appVersion"))  || 
                  !parsed.has_field(U("protocolVersion")) || !parsed.has_field(U("status")) || !parsed.has_field(U("message"))     ||
@@ -248,6 +249,21 @@ int main(int argc, char* argv[])
                 return;
             }
 
+            if (msgMethod.compare("heartbeat_request") == 0)
+            {
+                // create the response
+                std::string response;
+                if (!heartbeat_create_response(response)) return;
+
+                // send it
+                web::websockets::client::websocket_outgoing_message send_websocket_msg;
+                std::string send_websocket_buffer(response);
+                send_websocket_msg.set_utf8_message(send_websocket_buffer);
+                client.send(send_websocket_msg).wait();
+
+                return;
+            }
+
             if (msgMethod.compare("secure_config_request") == 0)
             {
                 std::string certAlgo;
@@ -276,25 +292,47 @@ int main(int argc, char* argv[])
                 config_host_based_settings amt_cert;
                 server_cert.algorithm = certAlgo;
                 server_cert.hash = certHash;
-                if (cmd_start_config_host_based(server_cert, amt_cert))
+                bool sbhc_success = cmd_start_config_host_based(server_cert, amt_cert);
+
+                // wait for configuration to settle down
+                std::this_thread::sleep_for(std::chrono::seconds(1));
+
+                if (!sbhc_success)
                 {
-                    // create the response
+                    int state;
-                    std::string response;
+                    if (cmd_get_provisioning_state(state))
-                    if (!shbc_create_response(amt_cert.algorithm, amt_cert.hash, response)) return;
+                    {
-
+                        switch (state) {
-                    // send it
+                        case 0:
-                    web::websockets::client::websocket_outgoing_message send_websocket_msg;
+                            std::cout << "Provisioning state already in pre-provisioning." << std::endl;
-                    std::string send_websocket_buffer(response);
+                            break;
-                    send_websocket_msg.set_utf8_message(send_websocket_buffer);
+                        case 1:
-                    client.send(send_websocket_msg).wait();
+                            std::cout << "Provisioning state is in-provisioning." << std::endl;
-
+                            (cmd_stop_configuration()) ? std::cout << "Provisioning state succesfully reset." << std::endl : std::cout << "Provisioning state could not be reset." << std::endl;
-                    // use secure host post for LMS going forward
+                            break;
-                    secureHostBasedConfig = true;
+                        case 2:
-
+                            std::cout << "Provisioning state is post-provisioning." << std::endl;
-                    return;
+                            (cmd_stop_configuration()) ? std::cout << "Provisioning state succesfully reset." << std::endl : std::cout << "Provisioning state could not be reset." << std::endl;
-
+                            break;
+                        default:
+                            break;
+                        }
+                    }
                 }
+                
+                // create the response
+                std::string response;
+                if (!shbc_create_response(amt_cert.algorithm, amt_cert.hash, sbhc_success, response)) return;
 
+                // send it
+                web::websockets::client::websocket_outgoing_message send_websocket_msg;
+                std::string send_websocket_buffer(response);
+                send_websocket_msg.set_utf8_message(send_websocket_buffer);
+                client.send(send_websocket_msg).wait();
+
+                // use secure host post for LMS going forward
+                shbc_config = sbhc_success;
+                
                 return;
             }
             
@@ -349,7 +387,7 @@ int main(int argc, char* argv[])
             try
             {
                 // conntect to lms
-                lms_socket = lms_connect(secureHostBasedConfig);
+                lms_socket = lms_connect(shbc_config);
             }
             catch (...)
             {
@@ -360,11 +398,34 @@ int main(int argc, char* argv[])
             if (arg_verbose)
             {
                 std::cout << std::endl << "vvv -- message to AMT -- vvv" << std::endl;
-                std::cout << payloadDecoded << std::endl;
+
+                if (shbc_config)
+                {
+                    std::cout << "message size is " << payloadDecoded.size() << " bytes." << std::endl;
+                    for (int i = 0; i < payloadDecoded.size(); i++)
+                    {
+                        printf("%02x ", payloadDecoded[i]);
+                        if ((i > 0) && ((i+1) % 32 == 0))
+                        {
+                            std::cout << std::endl;
+                        }
+                    }
+                    std::cout << std::endl;
+                }
+                else
+                {
+                    for (int i = 0; i < payloadDecoded.size(); i++)
+                    {
+                        printf("%c", payloadDecoded[i]);
+                    }
+                }
+                std::cout << std::endl;
             } 
 
             // send message to LMS
-            if (send(lms_socket, payloadDecoded.c_str(), (int)payloadDecoded.length(), 0) < 0)
+            int sendPayloudStatus = send(lms_socket, (const char *) payloadDecoded.data(), payloadDecoded.size(), 0);
+
+            if (sendPayloudStatus < 0)
             {
                 throw std::runtime_error("error: socket send");
             }
@@ -383,7 +444,8 @@ int main(int argc, char* argv[])
             // read until connection is closed by LMS
             while (1)
             {
-                std::string superBuffer = "";
+                std::vector<unsigned char> superBuffer;
+                superBuffer.clear();
                 while (1)
                 {
                     int res = select(fd, &rset, NULL, NULL, &timeout);
@@ -401,7 +463,9 @@ int main(int argc, char* argv[])
                     res = recv(lms_socket, recv_buffer, 4096, 0);
                     if (res > 0)
                     {
-                        superBuffer += recv_buffer;
+                        for (int i = 0; i < res; i++) {
+                            superBuffer.push_back(recv_buffer[i]);
+                        }
                     }
                     else if (res < 0)
                     {
@@ -417,16 +481,36 @@ int main(int argc, char* argv[])
                 } // while select()
 
                 // if there is some data send it
-                if (superBuffer.length() > 0) 
+                if (superBuffer.size() > 0)
                 {
                     if (arg_verbose)
                     {
                         std::cout << std::endl << "^^^ -- message from AMT -- ^^^" << std::endl;
-                        std::cout << superBuffer << std::endl;
+                        if (shbc_config)
+                        {
+                            std::cout << "message size is " << superBuffer.size() << " bytes." << std::endl;
+                            for (int i = 0; i < superBuffer.size(); i++)
+                            {
+                                printf("%02x ", superBuffer[i]);
+                                if ((i > 0) && ((i + 1) % 32 == 0))
+                                {
+                                    std::cout << std::endl;
+                                }
+                            }
+                            std::cout << std::endl;
+                        }
+                        else
+                        {
+                            for (int i = 0; i < superBuffer.size(); i++)
+                            {
+                                printf("%c", superBuffer[i]);
+                            }
+                        }
+                        std::cout << std::endl;
                     }
 
                     std::string response;
-                    if (!act_create_response(superBuffer.c_str(), response)) return;
+                    if (!act_create_response(superBuffer, response)) return;
 
                     web::websockets::client::websocket_outgoing_message send_websocket_msg;
                     std::string send_websocket_buffer(response);

scripts/jenkins-build.cmd

@@ -14,7 +14,7 @@ set BASE_DIR=%cd%
 set VCPKG_DIR=C:\opt\vcpkg-source
 
 REM build RPC
-cd %BASE_DIR%/rpc
+
 
 if exist "build" rd /q /s "build"
 
@@ -23,4 +23,4 @@ cd build
 echo %VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake
 cmake -DVCPKG_TARGET_TRIPLET=x64-windows-static -DCMAKE_TOOLCHAIN_FILE=%VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake ..
 cmake --build . --config Release
-dir %BASE_DIR%\rpc\build
+dir %BASE_DIR%\build

scripts/jenkins-build.sh

@@ -5,9 +5,9 @@ set -x
 # Jenkins Build script
 #   - Ubuntu 18.04
 #
-
+export BASE_DIR="$PWD"
 export CMAKE_CXX_FLAGS="-isystem /usr/lib/gcc/x86_64-linux-gnu/7/include"
-cd "$BASE_DIR"/rpc
+
 
 if [ -d "build" ]; then
   rm -rf build
@@ -15,5 +15,5 @@ fi
 
 mkdir build
 cd build
-cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release ..
+cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release ..
 cmake --build .

scripts/jenkins-pre-build.sh

@@ -4,14 +4,15 @@
 #   - Ubuntu 18.04
 #
 
-sudo apt install git cmake build-essential curl zip unzip tar pkg-config
+apt update
+apt install git cmake build-essential curl zip unzip tar pkg-config -y
 
 ## current dir - RPC source directory
-export BASE_DIR="$PWD"
+#export BASE_DIR="$PWD"
 
-cd "$BASE_DIR"/rpc
+#cd "$BASE_DIR"/rpc
 ## build vcpkg
-git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git
+git -C vcpkg pull || git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git vcpkg
 cd vcpkg
 ./bootstrap-vcpkg.sh
 

shbc.cpp

@@ -33,7 +33,7 @@ bool get_response_payload(std::string cert_algo, std::string cert_hash, web::jso
     return true;
 }
 
-bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response)
+bool shbc_create_response(std::string cert_algo, std::string cert_hash, bool config_status, std::string& response)
 {
     web::json::value msg;
 
@@ -49,21 +49,37 @@ bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::str
     tmp = utility::conversions::convertstring(PROTOCOL_VERSION);
     msg[U("protocolVersion")] = web::json::value::string(tmp);
 
-    tmp = utility::conversions::convertstring("");
-    msg[U("status")] = web::json::value::string(tmp);
-
     tmp = utility::conversions::convertstring("");
     msg[U("message")] = web::json::value::string(tmp);
 
-    // get the activation payload
+    if (config_status)
-    web::json::value responsePayload;
+    {
-    if (!get_response_payload(cert_algo, cert_hash, responsePayload)) return false;
+        // get the activation payload
+        web::json::value responsePayload;
+        if (!get_response_payload(cert_algo, cert_hash, responsePayload)) return false;
 
-    // serialize payload
+        // serialize payload
-    std::string serializedPayload = utility::conversions::to_utf8string(responsePayload.serialize());
+        std::string serializedPayload = utility::conversions::to_utf8string(responsePayload.serialize());
-    std::string encodedPayload = util_encode_base64(serializedPayload);
+        std::vector<unsigned char> serializedPayloadVector;
-    utility::string_t payload = utility::conversions::to_string_t(encodedPayload);
+        for (int i = 0; i < serializedPayload.size(); i++)
-    msg[U("payload")] = web::json::value::string(payload);
+        {
+            serializedPayloadVector.push_back(serializedPayload[i]);
+        }
+        std::string encodedPayload = util_encode_base64(serializedPayloadVector);
+        utility::string_t payload = utility::conversions::to_string_t(encodedPayload);
+        msg[U("payload")] = web::json::value::string(payload);
+
+        tmp = utility::conversions::convertstring("success");
+        msg[U("status")] = web::json::value::string(tmp);
+    }
+    else
+    {
+        tmp = utility::conversions::convertstring("");
+        msg[U("payload")] = web::json::value::string(tmp);
+
+        tmp = utility::conversions::convertstring("failed");
+        msg[U("status")] = web::json::value::string(tmp);
+    }
 
     // serialize the entire message
     response = utility::conversions::to_utf8string(msg.serialize());

shbc.h

@@ -14,6 +14,6 @@
 #define convertstring   to_utf8string
 #endif
 
-bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response);
+bool shbc_create_response(std::string cert_algo, std::string cert_hash, bool config_status, std::string& response);
 
 #endif 

test.cpp

@@ -29,7 +29,7 @@ TEST(testUtils, isPrintableTestInvalid)
 
     EXPECT_EQ(false, util_is_printable(s));	
 }
-
+/*
 // Test encode of base64 string
 TEST(testUtils, encodebase64)
 {
@@ -41,7 +41,7 @@ TEST(testUtils, decodebase64)
 {
     EXPECT_EQ(plainText, util_decode_base64(encodedText));	
 }
-
+*/
 // Test return value of util_format_uuid
 TEST(testUtils, formatUUIDSuccess)
 {

usage.cpp

@@ -49,15 +49,15 @@ void usage_show_help()
     std::cout << "Examples:"                                                                        << std::endl;
     std::cout << "  # Activate platform using profile1"                                             << std::endl;
     std::cout << "  " << PROJECT_NAME << \
-       " --url wss://localhost:8080 --cmd \"-t activate --profile profile1\""                       << std::endl;
+       " --url wss://192.168.86.100/activate --cmd \"-t activate --profile profile1\""              << std::endl;
     std::cout                                                                                       << std::endl;
     std::cout << "  # Activate platform using profile1 and override DNS detection" << std::endl;
     std::cout << "  " << PROJECT_NAME << \
-       " --url wss://localhost:8080 --cmd \"-t activate --profile profile1\" --dns corp.com"        << std::endl;
+       " --url wss://mycloud.com/activate --cmd \"-t activate --profile profile1\" --dns corp.com"  << std::endl;
     std::cout                                                                                       << std::endl;
     std::cout << "  # Deactivate platform and connect through a proxy"                              << std::endl;
     std::cout << "  " << PROJECT_NAME << \
-       " -u wss://localhost:8080 -c \"-t deactivate --password P@ssw0rd\" -p http://proxy.com:1000" << std::endl;
+       " -u wss://mycloud.com/activate -c \"-t deactivate --password P@ssw0rd\" -p http://proxy.com:1000" << std::endl;
     std::cout                                                                                       << std::endl;
     std::cout << "  # Show all informational items"                                                 << std::endl;
     std::cout << "  " << PROJECT_NAME << " --amtinfo all"                                           << std::endl;

utils.cpp

@@ -8,7 +8,7 @@
 #include <string>
 #include <cpprest/streams.h>
 
-std::string util_encode_base64(std::string str)
+std::string util_encode_base64(std::vector<unsigned char> str)
 {
     std::vector<unsigned char> strVector(str.begin(), str.end());
     utility::string_t base64 = utility::conversions::to_base64(strVector);
@@ -17,11 +17,11 @@ std::string util_encode_base64(std::string str)
     return encodedString;
 }
 
-std::string util_decode_base64(std::string str)
+std::vector<unsigned char> util_decode_base64(std::string str)
 {
     utility::string_t serializedData = utility::conversions::to_string_t(str);
     std::vector<unsigned char> strVector = utility::conversions::from_base64(serializedData);
-    std::string decodedString(strVector.begin(), strVector.end());
+    std::vector<unsigned char> decodedString(strVector.begin(), strVector.end());
 
     return decodedString;
 }
@@ -57,25 +57,27 @@ bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_s
     return true;
 }
 
-bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes)
+bool util_hex_string_to_bytes(std::string hex_string, std::vector<unsigned char>& hex_bytes)
 {
     hex_bytes.clear();
 
     for (int i = 0; i < hex_string.length(); i += 2) 
     {
         std::string byte_string = hex_string.substr(i, 2);
-        char value = (char)strtol(byte_string.c_str(), NULL, 16);
+        byte_string[0] = tolower(byte_string[0]);
+        byte_string[1] = tolower(byte_string[1]);
+        unsigned char value = (char)strtol(byte_string.c_str(), NULL, 16);
         hex_bytes.push_back(value);
     }
     
     return true;
 }
 
-bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string)
+bool util_bytes_to_hex_string(std::vector<unsigned char> hex_bytes, std::string& hex_string)
 {
     hex_string.clear();
 
-    for (char hex_char : hex_bytes)
+    for (unsigned char hex_char : hex_bytes)
     {
         char hex[10];
         snprintf(hex, 10, "%02x", hex_char);

utils.h

@@ -9,11 +9,11 @@
 #include <string>
 #include <vector>
 
-std::string util_encode_base64(std::string str);
+std::string util_encode_base64(std::vector<unsigned char> str);
-std::string util_decode_base64(std::string str);
+std::vector<unsigned char> util_decode_base64(std::string str);
 bool util_is_printable(std::string str);
 bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_string);
-bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes);
+bool util_hex_string_to_bytes(std::string hex_string, std::vector<unsigned char>& hex_bytes);
-bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string);
+bool util_bytes_to_hex_string(std::vector<unsigned char> hex_bytes, std::string& hex_string);
 
 #endif