Requests a new public-private key pair and certificate for the device from AWS IoT Core and invokes the provided user-callback with the response from the server.

AwsIotProvisioningError_t AwsIotProvisioning_CreateKeysAndCertificate( IotMqttConnection_t connection,
                                                                       uint32_t flags,
                                                                       uint32_t timeoutMs,
                                                                       const AwsIotProvisioningCreateKeysAndCertificateCallbackInfo_t * pResponseCallback );

Note: It is advised to use a shared MQTT connection to AWS IoT Core across all API functions.

Warning: This function is NOT thread-safe. Concurrent calls to the library API functions can result in undefined behavior. Device provisioning with this library REQUIRES calling the API functions of this library sequentially.; Do not overwrite the existing Provisioning claim credentials with the new credentials provided by the server, at least until the device has been provisioned with a new certificate using the AwsIotProvisioning_RegisterThing function. It is also recommended to always retain the Provisioning claim credentials, if your product use-case supports re-provisioning of the device.

Note: We provide a security recommendation for protecting the identity, received from the server through this API function, for your IoT device. For the threat of an unauthorized reuse of the private key, that is received in the server response, in order to clone the device, an effective way to mitigate that is to audit, in the cloud, the use of each device private key. For example, if a device private key is reused, your cloud app (through Fleet Provisioning Hooks) could log an audit event for operator follow-up, and/or initiate a workflow for revoking the previous certificate(s) issued to that key.

Parameters

[in]	connection	The MQTT connection handle to the user AWS IoT account, which will be used for communicating with the server for creating new device credentials.
[in]	flags	The flags for configuring the behavior of the API. See the options available in the aws_iot_provisioning_types.h file.
[in]	timeoutMs	The timeout (in milliseconds) for a response from the server. If there is a timeout, this function returns AWS_IOT_PROVISIONING_TIMEOUT.
[in]	pResponseCallback	The user-defined callback that will be invoked with the response from the server, whether new credentials for the device in case of success, OR error response in case of server rejection of the credentials generation request. The callback should be defined appropriately for storing the credentials provided by the server on the device.

Returns: This function will return AWS_IOT_PROVISIONING_SUCCESS upon success; otherwise, AWS_IOT_PROVISIONING_NOT_INITIALIZED, if the API is called without initializing the Provisioning library (i.e. with a prior call to AwsIotProvisioning_Init function.) AWS_IOT_PROVISIONING_BAD_PARAMETER, if one or more input parameters are invalid. AWS_IOT_PROVISIONING_NO_MEMORY, if there is insufficient memory for allocation in internal operations. AWS_IOT_PROVISIONING_MQTT_ERROR, for errors from the MQTT stack. AWS_IOT_PROVISIONING_TIMEOUT, if there is a timeout in waiting for the server response for the request to generate new credentials for the device. AWS_IOT_PROVISIONING_SERVER_REFUSED, if the server rejects the request for generating device credentials. AWS_IOT_PROVISIONING_BAD_RESPONSE, if the response from the server cannot be successfully parsed or comprehended. AWS_IOT_PROVISIONING_INTERNAL_FAILURE, if any there are operation failures internal to the library.