Request device certificate

This commit is contained in:
Pierre HUBERT 2024-08-29 00:09:47 +02:00
parent d890b23670
commit 31f4203c43
6 changed files with 84 additions and 8 deletions

View File

@ -35,6 +35,11 @@
*/ */
#define ROOT_CA_MAX_BYTES 3000 #define ROOT_CA_MAX_BYTES 3000
/**
* Device certificate max length
*/
#define DEV_CERT_MAX_BYTES 3000
/** /**
* Secure origin len * Secure origin len
*/ */

View File

@ -124,7 +124,8 @@ void app_main(void)
case DevEnrollUnknown: case DevEnrollUnknown:
ESP_LOGI(TAG, "Device unknown, need to enroll!"); ESP_LOGI(TAG, "Device unknown, need to enroll!");
// TODO : remove certificate if present // Remove certificate if present
storage_set_dev_cert("");
// Enroll device // Enroll device
ESP_LOGI(TAG, "Enroll device"); ESP_LOGI(TAG, "Enroll device");
@ -138,10 +139,30 @@ void app_main(void)
} }
// Wait before next try // Wait before next try
system_sleep(60); if (!validated)
system_sleep(60);
}; };
// TODO : retrieve certificate if missing // Retrieve device certificate if missing
ESP_LOGI(TAG, "Check device certificate");
if (storage_get_dev_cert(NULL) == 0)
{
char *dev_cert = secure_api_get_dev_certificate();
if (!dev_cert)
{
ESP_LOGE(TAG, "Failed to fetch device certificate!");
reboot();
}
storage_set_dev_cert(dev_cert);
free(dev_cert);
}
// Print device certificate for debugging purposes
ESP_LOGI(TAG, "Get device certificate");
char *dev_certificate = calloc(DEV_CERT_MAX_BYTES, 1);
assert(storage_get_dev_cert(dev_certificate) > 0);
ESP_LOGI(TAG, "Current device certificate:\n%s", dev_certificate);
free(dev_certificate);
ESP_LOGI(TAG, "Starting main loop"); ESP_LOGI(TAG, "Starting main loop");
system_sleep(120); system_sleep(120);

View File

@ -42,11 +42,8 @@ static char *process_secure_request(const char *uri, const char *body)
return res; return res;
} }
enum DevEnrollmentStatus secure_api_get_device_enrollment_status() static char *dev_escaped_name()
{ {
ESP_LOGI(TAG, "Will check device enrollment status");
// Prepare URI
unsigned char *name = (unsigned char *)dev_name(); unsigned char *name = (unsigned char *)dev_name();
assert(name); assert(name);
size_t escaped_name_len = http_client_escape_uri(NULL, name, strlen((char *)name)); size_t escaped_name_len = http_client_escape_uri(NULL, name, strlen((char *)name));
@ -55,6 +52,15 @@ enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
http_client_escape_uri(escaped_name, name, strlen((char *)name)); http_client_escape_uri(escaped_name, name, strlen((char *)name));
free(name); free(name);
return (char *)escaped_name;
}
enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
{
ESP_LOGI(TAG, "Will check device enrollment status");
// Prepare URI
char *escaped_name = dev_escaped_name();
char *uri = calloc(1, 255); char *uri = calloc(1, 255);
assert(uri); assert(uri);
sprintf(uri, "/devices_api/mgmt/enrollment_status?id=%s", escaped_name); sprintf(uri, "/devices_api/mgmt/enrollment_status?id=%s", escaped_name);
@ -163,3 +169,27 @@ int secure_api_enroll_device()
return 0; return 0;
} }
char *secure_api_get_dev_certificate()
{
ESP_LOGI(TAG, "Will request device certificate");
// Prepare URI
char *escaped_name = dev_escaped_name();
char *uri = calloc(1, 255);
assert(uri);
sprintf(uri, "/devices_api/mgmt/get_certificate?id=%s", escaped_name);
free(escaped_name);
char *res = process_secure_request(uri, NULL);
free(uri);
if (res == NULL)
{
ESP_LOGE(TAG, "Failed to query device certificate!");
return NULL;
}
return res;
}

View File

@ -35,6 +35,11 @@ extern "C"
*/ */
int secure_api_enroll_device(); int secure_api_enroll_device();
/**
* Get device certificate
*/
char *secure_api_get_dev_certificate();
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -11,6 +11,7 @@
#define PRIVATE_KEY "prikey" #define PRIVATE_KEY "prikey"
#define SEC_ORIG_KEY "secureOrig" #define SEC_ORIG_KEY "secureOrig"
#define SEC_ROOT_CA_KEY "rootCA" #define SEC_ROOT_CA_KEY "rootCA"
#define DEV_CERT_KEY "certKey"
static const char *TAG = "storage"; static const char *TAG = "storage";
@ -107,3 +108,7 @@ size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_K
void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); } void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); }
size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); } size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); }
void storage_set_dev_cert(const char *cert) { storage_set_str(DEV_CERT_KEY, cert); }
size_t storage_get_dev_cert(char *dest) { return storage_get_str(DEV_CERT_KEY, DEV_CERT_MAX_BYTES, dest); }

View File

@ -57,6 +57,16 @@ extern "C"
*/ */
size_t storage_get_root_ca(char *dest); size_t storage_get_root_ca(char *dest);
/**
* Write device certificate
*/
void storage_set_dev_cert(const char *cert);
/**
* Get current device certificate
*/
size_t storage_get_dev_cert(char *dest);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif