X-CUBE-VS4A -- How to pass Amazon ATS certificates?

Hi,

The detail error log is as below:(I reneamed part of clientId/clientSecret)

================================================================

Sdk : Version v1.1.1 

App : Version v1.1.1 

Debug : service_persistent_storage.c:246 : Persistent: Write Item in Flash

Debug : platform_adapt.c:226 : going to overwrite flash memory

Debug : platform_adapt.c:273 : Persistent: Refresh OK

Debug : service_persistent_storage.c:310 : Read Private config

Debug : service_persistent_storage.c:321 : Flash Store empty

Debug : avs_lwip_network_imp.c:164 : Start the Network ...

Debug : avs_lwip_tls_imp.c:196 : Seeding the random number generator.

Debug : service_persistent_storage.c:227 : Read CA Root

**** Instance *** clientId : "amzn1.application-oa2-client.042288f4357e41c4babb533b67bxxxxx" clientSecret : "a4288cc28f02c4e680e1f545935d84dda7124a7f18ca697af4985e688f0yyyyy" productId : "my_device4" serialNumber : "S/N_2818085" macAddr : { 0xE0,0xA0,0x25,0x00,0x2B,0x80 } hostName : "STVS4A Application" used_dhcp : 1 use_mdns_responder : 1 ipV4_host_addr : "***.***.***.***" ipV4_subnet_msk : "***.***.***.***" ipV4_default_gatway : "***.***.***.***" ipV4_primary_dns : "8.8.8.8" ipV4_secondary_dns : "8.8.4.4" urlNtpServer : "0.fr.pool.ntp.org" urlEndPoint : "avs-alexa-na.amazon.com" redirectUri : "http://stvs4a/grant_me" cpuID : "STM32F769I cut 1.1" toolChainID : "GCC" profile : 2:AVS_PROFILE_NEAR_FIELD initiator : 2:AVS_INITIATOR_TAP_TO_TALK portingAudioName : "bsp-audio" netSupportName : "LWIP_eth" alexaKeyWord : "ALEXA" synthesizerSampleRate : 24000 synthesizerSampleChannels : 2 useAuxAudio : 1 auxAudioSampleRate : 16000 auxAudioSampleChannels : 1 recognizerSampleRate : 16000 eventCB : 0x08014BED eventCB_Cookie : 0x00000000 persistentCB : 0x08014BE9 memDTCMSize : 128 memPRAMSize : 147 memNCACHEDSize : 0 **** Audio *** audioInLatency : 0 audioOutLatency : 0 audioMp3Latency : 0 initVolume : 60 freqenceOut : 48000 buffSizeOut : 0.00 freqenceIn : 16000 buffSizeIn : 0.00 chOut : 2 chIn : 1 platform.numConfig : 0 platform.numProfile : 0************ Start ***************

14:32:32 : Mem DTCM 128 KB -> 100.0% 

10:44:16 : Mem PRAM 147 KB -> 100.0% 

10:44:16 : Mem HEAP 3959 KB -> 96.7% 

Debug : avs_lwip_network_imp.c:103 : IpAdress = 192.168.101.105

11:35:28 : Recognizer task starts : EVT_AUDIO_RECOGNIZER_TASK_START(0)

13:07:12 : Synthesizer task starts : EVT_AUDIO_SYNTHESIZER_TASK_START(0)

15:55:44 : State task starts : EVT_STATE_TASK_START(0)

Debug : avs_state_imp.c:412 : Enter Start HTTP2

Debug : avs_state_imp.c:428 : Leave Start HTTP2

00:00:00 : Connection task starts : EVT_CONNECTION_TASK_START(0)

21:17:52 : Reset Http2 : EVT_RESET_HTTP(0)

Debug : avs_token_imp.c:138 : Wait for a token available

15:55:44 : MP3 task starts : EVT_MP3_TASK_START(0)

Debug : avs_token_imp.c:138 : Wait for a token available

...

Debug : avs_token_imp.c:138 : Wait for a token available

04:05:17 : Network time synchronized : EVT_SYNC_TIME(1)

04:05:17 : Refresh Token task starts : EVT_REFRESH_TOKEN_TASK_START(0)

Debug : service_persistent_storage.c:185 : Persistent: Looking from token in Flash

Debug : service_persistent_storage.c:189 : Flash doesn't contain a valid token yet

Warning : avs_token_imp.c:517 : RefreshToken is null... can't get a token from a previous session from persistant memory

Debug : avs_token_imp.c:460 : could not get token from amazon with code 

04:05:17 : Read persistent token : EVT_READ_TOKEN(0)

04:05:17 : Wait a token : EVT_WAIT_TOKEN(0)

04:05:17 : Wait a token : EVT_WAIT_TOKEN(0)

Debug : service_authentication.c:291 : Auth Server Send :

HTTP/1.1 302 Found

Location: https://www.amazon.com/ap/o...{ "alexa:all": { "productID": "my_device4", "productInstanceAttributes": { "deviceSerialNumber": "S/N_2818085" } } }&response_type=code&redirect_uri=http://stvs4a/grant_me&state=stm32F7_RqGC Content-type: text/html

Debug : avs_token_imp.c:138 : Wait for a token available

...

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:460 : could not get token from amazon with code 

04:05:27 : Wait a token : EVT_WAIT_TOKEN(0)

Debug : avs_token_imp.c:138 : Wait for a token available

...

Debug : avs_token_imp.c:138 : Wait for a token available

04:05:57 : Token renew via the web page : EVT_RENEW_ACCESS_TOKEN(0)

Debug : avs_lwip_tls_imp.c:293 : Connecting to tcp/api.amazon.com/443...

04:05:57 : Wait a token : EVT_WAIT_TOKEN(0)

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_lwip_tls_imp.c:304 : Setting up the SSL/TLS structure

Debug : avs_lwip_tls_imp.c:347 : Performing the SSL/TLS handshake

Network : ssl_tls.c:4587 : 0xc043681c: x509_verify_cert() returned -9984 (-0x2700)

Debug : 04:05:58 : TLS certification error, check the Root CA : EVT_TLS_CERT_VERIFY_FAILED(0)

04:05:58 : Open a TLS Connection : EVT_OPEN_TLS(0)

avs_token_imp.c:460 : could not get token from amazon with code ANkbcVrAdaJvYuFpLhGc

Debug : avs_token_imp.c:138 : Wait for a token available

..

Any suggestion to fix this problem is appreciated!

My Sequence is: (have step3 or haven't step3 results the same error)

1.enable the new Amazon ATS certificates by uncommenting this line in service_asset.c

 {"default_amazon_root_ca", default_amazon_root_ca, sizeof(default_amazon_root_ca)},

2.Enable Messages in avs_base,h 

 AVS_TRACE_LVL_DEFAULT = (AVS_TRACE_LVL_ALL)

3.Create a Project in developer.amazon.com, update MY_CLIENT_ID, MY_CLIENT_SECRET_ID, MY_CLIENT_PRODUCT_ID values from "Security Profile > Web" page

Add "http://stvs4a/grant_me" in "Allowed return URLs"

4.Use trueStudio build code, select \Projects\STM32F769I-Discovery\Applications\STVS4A\SW4STM32\STVS4A_BSP_LWIP

Binary file outputs: STM32_AVSdemo_F769.elf

5.Use STM32CubeProgramer:

 5-1.Connect Device

 5-2.Option:Unlocked DBANK

 5-3.Select STM32_AVSdemo_F769.elf, set Verify programming.

 5-4.Select Available external loaders:MX25L512G_STM32F769I_DISCO

 5-5.Full chip erase

 5-6.start programming

6.Plug Network from RJ45, Hardware Reset Device

7.Open PC's browser, enter Device's local ip, log in Amazon, redirects to a token url. rename with the local ip in front of the url

8.Browser shows:Got the Alexa access token : xxxxxxx...

 But Message shows

 "Network : ssl_tls.c:4587 : 0xc0436874: x509_verify_cert() returned -9984 (-0x2700)"

 "TLS certification error, check the Root CA"

 ...

 Error : avs_state_imp.c:450 : Start time-out > 120 secs

​

Hi,

don't change service_asset.c for the moment and it will connect.

This piece of code was written, based on Amazon message telling that the connection way would be updated mid June. The connection part itself was tested on a test server, but the full use case could not be executed at that time.

Currently the legacy way still works.

We'll work on this evolution and make it work for next release.

Emmanuel

Hi,

I remove step1.

A Token is already available

But still get another Error as below:

Debug : avs_http2_imp.c:215 : http2ClientConnect FAILED with error : 1 : Retry

The LCD always shows: Resolving Amazon...

Firmware returns error (HTTP2_STATUS_FAILURE) in

Http2Status avs_porting_http2_client_connect(AVS_instance_handle * pHandle)

>> Http2Status err = http2ClientConnect(pHandle->hHttpClient, &serverAddr, sizeof(serverAddr));

 ===================================================

...

Error : avs_lwip_tls_imp.c:359 : mbedtls_ssl_handshake FAILED :  -0x4c

 09:55:56 : Open a TLS Connection     : EVT_OPEN_TLS(0)

Debug : avs_token_imp.c:460 : could not get token from amazon with code ANzqtPBvLEoybtUstaAP

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_lwip_tls_imp.c:293 : Connecting to tcp/api.amazon.com/443...

 09:56:07 : Wait a token          : EVT_WAIT_TOKEN(0)

Debug : avs_lwip_tls_imp.c:304 : Setting up the SSL/TLS structure

Debug : avs_lwip_tls_imp.c:347 : Performing the SSL/TLS handshake

Debug : avs_token_imp.c:138 : Wait for a token available

Network : ssl_tls.c:4587 : 0xc04367ac: x509_verify_cert() returned -9984 (-0x2700)

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_lwip_tls_imp.c:368 : Verifying peer X.509 certificate

Debug : avs_lwip_tls_imp.c:375 : mbedtls_ssl_get_verify_result FAILED 

 ! The certificate is not correctly signed by the trusted CA

Debug : avs_token_imp.c:254 : Token: Header

POST /auth/o2/token HTTP/1.1

Host: api.amazon.com

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Content-Length: 242

 09:56:11 : Open a TLS Connection     : EVT_OPEN_TLS(1)

Debug : avs_token_imp.c:256 : Token: Body

grant_type=authorization_code&code=ANzqtPBvLEoybtUstaAP&client_id=amzn1.application-oa2-client.042288f4357e41c4babb533b67bxxxxx&client_secret=a4288cc28f02c4e680e1f545935d84dda7124a7f18ca697af4985e688f0yyyyy&redirect_uri=http://stvs4a/grant_meDebug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:301 : Token: response header

HTTP/1.1 200 OK

Server: Server

Date: Thu, 30 Aug 2018 09:56:12 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 1212

Connection: keep-alive

x-amzn-RequestId: ed8754c0-ac3a-11e8-82a8-11a3f5ccf6d0

X-Amz-Date: Thu, 30 Aug 2018 09:56:12 GMT

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Vary: Accept-Encoding,User-Agent

Debug : avs_token_imp.c:323 : Token: Response body

{ "access_token":"Atza|IwEBIN1G0om_AEQXo4a9XwdOTXwU2_GYKgK2ADTnBkwtwSr7Y6XumcBH7j4HXh_CxEPll0X6YsFPmqSTrjCPbbHjmMJaYn9C2PnBULQKPOV7TasQIOxggsIbXSmKWwFxFRMl9pxg_jaLUN_ooMaJqsNyZhWnHcTt2AODL5bTF3dbykkbsf900PaFNdUFOboHg0RkRgzvY-oaPrtMrZ4zh8jrjb9OssbrT5TMAzZdZfcxDiHFCpqs9I9qoKeX8NJr6YiZgKdnPnRs7gHowkALEHZQXI9Fl_86hoebCpKhRIGpjzwJR1XJp3HzX8PVEuvsvt50ttd7Y6pZ9Tknp8yyLpXLMqqmSceu4Ey6cxbds6jQ4d8xoxQwsb3LpVxOVfwTXrP2HnGoCVBW68QIwMOHgxXhWWRzbQc6iv-TVLh8dKY3_kPZZuUkEnkfuqRNHSYIattW-DapI3i8RTK8CUQ8Ewye7hEMJz_-CcimbJ--v7r9DUtyw22ojnqNeO-QgzTrbCUe2JJcCaiFjfZdRplE0VOTpk127r1mkWs7wld3pXyxzHddGw", "refresh_token":"Atzr|IwEBIBhatC_XrM6UZKORNxc14CsHy0fF3AuJmLb5120JEUivHgQQb6pZt47wE17RwZQVBL6NTFNwo0mIH99qad7TIVmojCOkqkuMOV1hUSsvi17Pkay7PFqgEFDr8sRcupcJfu2UZ4L7j31GEjV50skqyLZTPzES_n8UCGhNHWFEFO7gM5d-zkqSrREzsdTM20ew3MVNUdNzd4i340BWDBfss9EXyq7_kIdcugWXUfifinGXhg4pmx_3SG7fvb4EAl7ys5LDanKayQq1LlvfNhUmAyRXuT6CPrqjj3AG3mjC6LtbcqyiCAWDVGt3iBMyPhMEbkuRaW0kzvvXBJotLHZO4fzDS-JvZd7ClbekYLVAJrM0QGODfjGRoiDmS7nb7YkPjTU7fXv-D5jBDa9nUYUrGbZ_qfxIOWDr1jDnZLDiAaCyKaZaTOjC2ki9a9hiV2tPyc3zyAWGr0_FJ2smp5LgvRbazdbIh5IdquCuK77MunU3MArPhWnRDhf_jlPaZZGgLUU8ymLJUcIHbbCdb_SwrcwZs-PtmdXQKkMtEFyDApAHmw", "token_type":"bearer", "expires_in":3600}Debug : service_persistent_storage.c:206 : Persistent: Write token in Flash

Debug : platform_adapt.c:226 : going to overwrite flash memory

Debug : platform_adapt.c:273 : Persistent: Refresh OK

Network : ssl_tls.c:2846 : 0xc04367ac: mbedtls_ssl_flush_output() returned -69 (-0x0045)

Network : ssl_tls.c:4134 : 0xc04367ac: mbedtls_ssl_write_record() returned -69 (-0x0045)

Network : ssl_tls.c:7197 : 0xc04367ac: mbedtls_ssl_send_alert_message() returned -69 (-0x0045)

 09:56:13 : Write persistent token     : EVT_WRITE_TOKEN(1)

Debug : avs_token_imp.c:569 : Time 87009

 09:56:13 : Token Valid !         : EVT_VALID_TOKEN(0)

Debug : avs_token_imp.c:138 : Wait for a token available

Debug : avs_token_imp.c:143 : --------Got a token-----------

Debug : avs_http2_imp.c:205 : Use token (bearer) = Bearer Atza|IwEBIN1G0om_AEQXo4a9XwdOTXwU2_GYKgK2ADTnBkwtwSr7Y6XumcBH7j4HXh_CxEPll0X6YsFPmqSTrjCPbbHjmMJaYn9C2PnBULQKPOV7TasQIOxggsIbXSmKWwFxFRMl9pxg_jaLUN_ooMaJqsNyZhWnHcTt2AODL5bTF3dbykkbsf900PaFNdUFOboHg0RkRgzvY-oaPrtMrZ4zh8jrjb9OssbrT5TMAzZdZfcxDiHFCpqs9I9qoKeX8NJr6YiZgKdnPnRs7gHowkALEHZQXI9Fl_86hoebCpKhRIGpjzwJR1XJp3HzX8PVEuvsvt50ttd7Y6pZ9Tknp8yyLpXLMqqmSceu4Ey6cxbds6j...

 09:56:14 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

j2

Debug : avs_http2_imp.c:215 : http2ClientConnect FAILED with error : 1 : Retry

Debug : avs_token_imp.c:132 : A Token is already available

Debug : avs_http2_imp.c:205 : Use token (bearer) = Bearer Atza|IwEBIN1G0om_AEQXo4a9XwdOTXwU2_GYKgK2ADTnBkwtwSr7Y6XumcBH7j4HXh_CxEPll0X6YsFPmqSTrjCPbbHjmMJaYn9C2PnBULQKPOV7TasQIOxggsIbXSmKWwFxFRMl9pxg_jaLUN_ooMaJqsNyZhWnHcTt2AODL5bTF3dbykkbsf900PaFNdUFOboHg0RkRgzvY-oaPrtMrZ4zh8jrjb9OssbrT5TMAzZdZfcxDiHFCpqs9I9qoKeX8NJr6YiZgKdnPnRs7gHowkALEHZQXI9Fl_86hoebCpKhRIGpjzwJR1XJp3HzX8PVEuvsvt50ttd7Y6pZ9Tknp8yyLpXLMqqmSceu4Ey6cxbds6j...

 09:56:14 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

(Repeat...)

Make sure you have updated the external flash content and that it doesn't contain anymore the default_amazon_root_ca section

Hi Emmanuel_C,

Yes, I did full chip Erase by STM32CubeProgramer before download firmware.

I use default setting to run Sdk v1.1.1 and v1.1.0, both has the same log, and LCD is always showing "Resolving Amazon..."

I only change clientId, clientSecret, productId, which are get from the project I created in Alexa's developer web site.

Use default clientId, clientSecret, productId has the same result also.

======== Below log with default debug settings, for detail error please refer my previous comment ============

Hello STVS4A

Sdk : Version v1.1.1 

App : Version v1.1.1 

 **** Instance *** clientId            : "amzn1.application-oa2-client.042288f4357e41c4babb533b67bxxxxx" clientSecret          : "a4288cc28f02c4e680e1f545935d84dda7124a7f18ca697af4985e688f0yyyyy" productId           : "my_device4" serialNumber          : "S/N_2818085" macAddr            : { 0xE0,0xA0,0x25,0x00,0x2B,0x80 } hostName            : "STVS4A Application" used_dhcp           : 1 use_mdns_responder       : 1 ipV4_host_addr         : "***.***.***.***" ipV4_subnet_msk        : "***.***.***.***" ipV4_default_gatway      : "***.***.***.***" ipV4_primary_dns        : "8.8.8.8" ipV4_secondary_dns       : "8.8.4.4" urlNtpServer          : "0.fr.pool.ntp.org" urlEndPoint          : "avs-alexa-na.amazon.com" redirectUri          : "http://stvs4a/grant_me" cpuID             : "STM32F769I cut 1.1" toolChainID          : "GCC" profile            : 2:AVS_PROFILE_NEAR_FIELD initiator           : 2:AVS_INITIATOR_TAP_TO_TALK portingAudioName        : "bsp-audio" netSupportName         : "LWIP_eth" alexaKeyWord          : "ALEXA" synthesizerSampleRate     : 24000 synthesizerSampleChannels   : 2 useAuxAudio          : 1 auxAudioSampleRate       : 16000 auxAudioSampleChannels     : 1 recognizerSampleRate      : 16000 eventCB            : 0x08014BED eventCB_Cookie         : 0x00000000 persistentCB          : 0x08014BE9 memDTCMSize          : 128 memPRAMSize          : 147 memNCACHEDSize         : 0 **** Audio *** audioInLatency         : 0 audioOutLatency        : 0 audioMp3Latency        : 0 initVolume           : 60 freqenceOut          : 48000 buffSizeOut          : 0.00 freqenceIn           : 16000 buffSizeIn           : 0.00 chOut             : 2 chIn              : 1 platform.numConfig       : 0 platform.numProfile      : 0************ Start ***************

 14:32:32 : Mem DTCM  128 KB -> 100.0% 

 10:44:16 : Mem PRAM  147 KB -> 100.0% 

 10:44:16 : Mem HEAP  3959 KB -> 96.7% 

 11:35:28 : Recognizer task starts     : EVT_AUDIO_RECOGNIZER_TASK_START(0)

 03:24:48 : Synthesizer task starts    : EVT_AUDIO_SYNTHESIZER_TASK_START(0)

 15:55:44 : State task starts       : EVT_STATE_TASK_START(0)

 00:00:00 : Connection task starts     : EVT_CONNECTION_TASK_START(0)

 21:17:52 : Reset Http2          : EVT_RESET_HTTP(0)

 15:55:44 : MP3 task starts        : EVT_MP3_TASK_START(0)

 06:34:22 : Network time synchronized   : EVT_SYNC_TIME(1)

 06:34:22 : Refresh Token task starts   : EVT_REFRESH_TOKEN_TASK_START(0)

Warning : avs_token_imp.c:517 : RefreshToken is null... can't get a token from a previous session from persistant memory

 06:34:22 : Read persistent token     : EVT_READ_TOKEN(0)

 06:34:22 : Wait a token          : EVT_WAIT_TOKEN(0)

 06:35:14 : Wait a token          : EVT_WAIT_TOKEN(0)

 06:35:24 : Token renew via the web page  : EVT_RENEW_ACCESS_TOKEN(0)

 06:35:24 : Wait a token          : EVT_WAIT_TOKEN(0)

 06:35:27 : Open a TLS Connection     : EVT_OPEN_TLS(1)

 06:35:27 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

 06:35:27 : Write persistent token     : EVT_WRITE_TOKEN(1)

 06:35:27 : Token Valid !         : EVT_VALID_TOKEN(0)

 06:35:28 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

 06:35:28 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

(Repeat...)

 06:35:30 : Amazon resolved        : EVT_HOSTNAME_RESOLVED(0)

Hi,

Except doing internal and external flash full chip erase.

I also remove codes relative default_amazon_root_ca:

1.service_assets.c -- assets_header_flash_base

2.service_persistent_storage.c -- service_persistent_init_default

After build, no "default_amazon_root_ca" relative codes can be found in output.map.

But still get the same log. LCD also always shows "Resolving Amazon...".

​

There's an error returned in avs_porting_http2_client_connect > http2ClientConnect.

How should I do to fix this error?

Thank you.

​

Please try version 1.1.2.

It should solve your problem