From 2d0992661575d6f3a8f4b269acc0646eb46c8875 Mon Sep 17 00:00:00 2001
From: fabik111 <fabiomassimo.centonze@gmail.com>
Date: Wed, 23 Apr 2025 15:35:01 +0200
Subject: [PATCH 1/2] generate private key if fails in generating the token

---
 .github/workflows/compile-examples.yml        | 18 ++++++---
 .../Provisioning_2.0/ClaimingHandler.cpp      | 38 +++++++++++++++++--
 .../Provisioning_2.0/ClaimingHandler.h        |  1 +
 3 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/compile-examples.yml b/.github/workflows/compile-examples.yml
index d30277a07..2010469e3 100644
--- a/.github/workflows/compile-examples.yml
+++ b/.github/workflows/compile-examples.yml
@@ -196,7 +196,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -213,7 +214,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -232,7 +234,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -251,7 +254,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -269,7 +273,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-Notecard
@@ -285,7 +290,8 @@ jobs:
               - name: Blues Wireless Notecard
               - name: ArduinoBLE
               - name: Arduino_KVStore
-              - name: Arduino_NetworkConfigurator
+              - source-url: https://github.com/arduino-libraries/Arduino_NetworkConfigurator.git
+                version: c7c6f9d4973222c1126ac3e73959e20870102c1f
             sketch-paths: |
               - examples/ArduinoIoTCloud-NetConfig
               - examples/ArduinoIoTCloud-Notecard
diff --git a/examples/utility/Provisioning_2.0/ClaimingHandler.cpp b/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
index 7456f410b..59eca730f 100644
--- a/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
+++ b/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
@@ -100,7 +100,7 @@ void ClaimingHandlerClass::getIdReqHandler() {
     idMsg.m.uhwid = _uhwidBytes;
     _agentManager.sendMsg(idMsg);
 
-    String token = getAIoTCloudJWT(*_secureElement, *_uhwid, _ts, 1);
+    String token = generateToken();
     if (token == "") {
       DEBUG_ERROR("CH::%s Error: token not created", __FUNCTION__);
       sendStatus(StatusMessage::ERROR);
@@ -112,6 +112,19 @@ void ClaimingHandlerClass::getIdReqHandler() {
     jwtMsg.m.jwt = token.c_str();
     _agentManager.sendMsg(jwtMsg);
     _ts = 0;
+
+    SElementJWS sejws;
+    String publicKey =  sejws.publicKey(*_secureElement, 1, false);
+    if (publicKey == "") {
+      DEBUG_ERROR("CH::%s Error: public key not created", __FUNCTION__);
+      sendStatus(StatusMessage::ERROR);
+      return;
+    }
+
+    //Send public key
+    ProvisioningOutputMessage publicKeyMsg = {MessageOutputType::PROV_PUBLIC_KEY};
+    publicKeyMsg.m.provPublicKey = publicKey.c_str();
+    _agentManager.sendMsg(publicKeyMsg);
   } else {
     DEBUG_ERROR("CH::%s Error: timestamp not provided" , __FUNCTION__);
     sendStatus(StatusMessage::PARAMS_NOT_FOUND);
@@ -186,7 +199,24 @@ void ClaimingHandlerClass::getProvSketchVersionRequestCb() {
   _receivedEvent = ClaimingReqEvents::GET_PROV_SKETCH_VERSION;
 }
 
-bool ClaimingHandlerClass::sendStatus(StatusMessage msg) {
-  ProvisioningOutputMessage statusMsg = { MessageOutputType::STATUS, { msg } };
-  return _agentManager.sendMsg(statusMsg);
+String ClaimingHandlerClass::generateToken()
+{
+  String token = getAIoTCloudJWT(*_secureElement, *_uhwid, _ts, 1);
+  if(token == "") {
+    byte publicKey[64];
+    DEBUG_INFO("Generating private key");
+    if(!_secureElement->generatePrivateKey(1, publicKey)){
+      DEBUG_ERROR("CH::%s Error: private key generation failed", __FUNCTION__);
+      return "";
+    }
+    token = getAIoTCloudJWT(*_secureElement, *_uhwid, _ts, 1);
+  }
+
+  return token;
+}
+
+bool ClaimingHandlerClass::sendStatus(StatusMessage msg)
+{
+    ProvisioningOutputMessage statusMsg = {MessageOutputType::STATUS, {msg}};
+    return _agentManager.sendMsg(statusMsg);
 }
diff --git a/examples/utility/Provisioning_2.0/ClaimingHandler.h b/examples/utility/Provisioning_2.0/ClaimingHandler.h
index 77f2ebea6..7b8693b36 100644
--- a/examples/utility/Provisioning_2.0/ClaimingHandler.h
+++ b/examples/utility/Provisioning_2.0/ClaimingHandler.h
@@ -36,6 +36,7 @@ class ClaimingHandlerClass {
   LEDFeedbackClass &_ledFeedback;
   static inline uint64_t _ts;
   SecureElement *_secureElement;
+  String generateToken();
 
   bool sendStatus(StatusMessage msg);
   /* Commands handlers */

From 8da406b953180743ce7d23da8a8190d70e8f64dd Mon Sep 17 00:00:00 2001
From: fabik111 <fabiomassimo.centonze@gmail.com>
Date: Fri, 27 Jun 2025 15:39:57 +0200
Subject: [PATCH 2/2] send public key before uhwid

---
 .../Provisioning_2.0/ClaimingHandler.cpp      | 72 ++++++++++---------
 1 file changed, 38 insertions(+), 34 deletions(-)

diff --git a/examples/utility/Provisioning_2.0/ClaimingHandler.cpp b/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
index 59eca730f..9e42c6469 100644
--- a/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
+++ b/examples/utility/Provisioning_2.0/ClaimingHandler.cpp
@@ -92,43 +92,47 @@ void ClaimingHandlerClass::poll() {
 }
 
 void ClaimingHandlerClass::getIdReqHandler() {
-  if (_ts != 0) {
-    byte _uhwidBytes[32];
-    hex::decode(_uhwid->c_str(), _uhwidBytes, _uhwid->length());
-    //Send UHWID
-    ProvisioningOutputMessage idMsg = {MessageOutputType::UHWID};
-    idMsg.m.uhwid = _uhwidBytes;
-    _agentManager.sendMsg(idMsg);
-
-    String token = generateToken();
-    if (token == "") {
-      DEBUG_ERROR("CH::%s Error: token not created", __FUNCTION__);
-      sendStatus(StatusMessage::ERROR);
-      return;
-    }
-
-    //Send JWT
-    ProvisioningOutputMessage jwtMsg = {MessageOutputType::JWT};
-    jwtMsg.m.jwt = token.c_str();
-    _agentManager.sendMsg(jwtMsg);
-    _ts = 0;
-
-    SElementJWS sejws;
-    String publicKey =  sejws.publicKey(*_secureElement, 1, false);
-    if (publicKey == "") {
-      DEBUG_ERROR("CH::%s Error: public key not created", __FUNCTION__);
-      sendStatus(StatusMessage::ERROR);
-      return;
-    }
-
-    //Send public key
-    ProvisioningOutputMessage publicKeyMsg = {MessageOutputType::PROV_PUBLIC_KEY};
-    publicKeyMsg.m.provPublicKey = publicKey.c_str();
-    _agentManager.sendMsg(publicKeyMsg);
-  } else {
+  if (_ts == 0) {
     DEBUG_ERROR("CH::%s Error: timestamp not provided" , __FUNCTION__);
     sendStatus(StatusMessage::PARAMS_NOT_FOUND);
+    return;
+  }
+
+  byte _uhwidBytes[32];
+  hex::decode(_uhwid->c_str(), _uhwidBytes, _uhwid->length());
+
+  String token = generateToken();
+  if (token == "") {
+    DEBUG_ERROR("CH::%s Error: token not created", __FUNCTION__);
+    sendStatus(StatusMessage::ERROR);
+    return;
   }
+
+  SElementJWS sejws;
+  String publicKey =  sejws.publicKey(*_secureElement, 1, false);
+  if (publicKey == "") {
+    DEBUG_ERROR("CH::%s Error: public key not created", __FUNCTION__);
+    sendStatus(StatusMessage::ERROR);
+    return;
+  }
+
+  //Send public key
+  ProvisioningOutputMessage publicKeyMsg = {MessageOutputType::PROV_PUBLIC_KEY};
+  publicKeyMsg.m.provPublicKey = publicKey.c_str();
+  _agentManager.sendMsg(publicKeyMsg);
+
+
+  //Send UHWID
+  ProvisioningOutputMessage idMsg = {MessageOutputType::UHWID};
+  idMsg.m.uhwid = _uhwidBytes;
+  _agentManager.sendMsg(idMsg);
+
+  //Send JWT
+  ProvisioningOutputMessage jwtMsg = {MessageOutputType::JWT};
+  jwtMsg.m.jwt = token.c_str();
+  _agentManager.sendMsg(jwtMsg);
+  _ts = 0;
+
 }
 
 void ClaimingHandlerClass::resetStoredCredReqHandler() {