Request device certificate
This commit is contained in:
@@ -35,6 +35,11 @@
|
||||
*/
|
||||
#define ROOT_CA_MAX_BYTES 3000
|
||||
|
||||
/**
|
||||
* Device certificate max length
|
||||
*/
|
||||
#define DEV_CERT_MAX_BYTES 3000
|
||||
|
||||
/**
|
||||
* Secure origin len
|
||||
*/
|
||||
|
||||
@@ -124,7 +124,8 @@ void app_main(void)
|
||||
case DevEnrollUnknown:
|
||||
ESP_LOGI(TAG, "Device unknown, need to enroll!");
|
||||
|
||||
// TODO : remove certificate if present
|
||||
// Remove certificate if present
|
||||
storage_set_dev_cert("");
|
||||
|
||||
// Enroll device
|
||||
ESP_LOGI(TAG, "Enroll device");
|
||||
@@ -138,10 +139,30 @@ void app_main(void)
|
||||
}
|
||||
|
||||
// Wait before next try
|
||||
system_sleep(60);
|
||||
if (!validated)
|
||||
system_sleep(60);
|
||||
};
|
||||
|
||||
// TODO : retrieve certificate if missing
|
||||
// Retrieve device certificate if missing
|
||||
ESP_LOGI(TAG, "Check device certificate");
|
||||
if (storage_get_dev_cert(NULL) == 0)
|
||||
{
|
||||
char *dev_cert = secure_api_get_dev_certificate();
|
||||
if (!dev_cert)
|
||||
{
|
||||
ESP_LOGE(TAG, "Failed to fetch device certificate!");
|
||||
reboot();
|
||||
}
|
||||
storage_set_dev_cert(dev_cert);
|
||||
free(dev_cert);
|
||||
}
|
||||
|
||||
// Print device certificate for debugging purposes
|
||||
ESP_LOGI(TAG, "Get device certificate");
|
||||
char *dev_certificate = calloc(DEV_CERT_MAX_BYTES, 1);
|
||||
assert(storage_get_dev_cert(dev_certificate) > 0);
|
||||
ESP_LOGI(TAG, "Current device certificate:\n%s", dev_certificate);
|
||||
free(dev_certificate);
|
||||
|
||||
ESP_LOGI(TAG, "Starting main loop");
|
||||
system_sleep(120);
|
||||
|
||||
@@ -42,11 +42,8 @@ static char *process_secure_request(const char *uri, const char *body)
|
||||
return res;
|
||||
}
|
||||
|
||||
enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
|
||||
static char *dev_escaped_name()
|
||||
{
|
||||
ESP_LOGI(TAG, "Will check device enrollment status");
|
||||
|
||||
// Prepare URI
|
||||
unsigned char *name = (unsigned char *)dev_name();
|
||||
assert(name);
|
||||
size_t escaped_name_len = http_client_escape_uri(NULL, name, strlen((char *)name));
|
||||
@@ -55,6 +52,15 @@ enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
|
||||
http_client_escape_uri(escaped_name, name, strlen((char *)name));
|
||||
free(name);
|
||||
|
||||
return (char *)escaped_name;
|
||||
}
|
||||
|
||||
enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
|
||||
{
|
||||
ESP_LOGI(TAG, "Will check device enrollment status");
|
||||
|
||||
// Prepare URI
|
||||
char *escaped_name = dev_escaped_name();
|
||||
char *uri = calloc(1, 255);
|
||||
assert(uri);
|
||||
sprintf(uri, "/devices_api/mgmt/enrollment_status?id=%s", escaped_name);
|
||||
@@ -163,3 +169,27 @@ int secure_api_enroll_device()
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
char *secure_api_get_dev_certificate()
|
||||
{
|
||||
ESP_LOGI(TAG, "Will request device certificate");
|
||||
|
||||
// Prepare URI
|
||||
char *escaped_name = dev_escaped_name();
|
||||
char *uri = calloc(1, 255);
|
||||
assert(uri);
|
||||
sprintf(uri, "/devices_api/mgmt/get_certificate?id=%s", escaped_name);
|
||||
free(escaped_name);
|
||||
|
||||
char *res = process_secure_request(uri, NULL);
|
||||
|
||||
free(uri);
|
||||
|
||||
if (res == NULL)
|
||||
{
|
||||
ESP_LOGE(TAG, "Failed to query device certificate!");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
@@ -35,6 +35,11 @@ extern "C"
|
||||
*/
|
||||
int secure_api_enroll_device();
|
||||
|
||||
/**
|
||||
* Get device certificate
|
||||
*/
|
||||
char *secure_api_get_dev_certificate();
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
#define PRIVATE_KEY "prikey"
|
||||
#define SEC_ORIG_KEY "secureOrig"
|
||||
#define SEC_ROOT_CA_KEY "rootCA"
|
||||
#define DEV_CERT_KEY "certKey"
|
||||
|
||||
static const char *TAG = "storage";
|
||||
|
||||
@@ -107,3 +108,7 @@ size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_K
|
||||
void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); }
|
||||
|
||||
size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); }
|
||||
|
||||
void storage_set_dev_cert(const char *cert) { storage_set_str(DEV_CERT_KEY, cert); }
|
||||
|
||||
size_t storage_get_dev_cert(char *dest) { return storage_get_str(DEV_CERT_KEY, DEV_CERT_MAX_BYTES, dest); }
|
||||
@@ -57,6 +57,16 @@ extern "C"
|
||||
*/
|
||||
size_t storage_get_root_ca(char *dest);
|
||||
|
||||
/**
|
||||
* Write device certificate
|
||||
*/
|
||||
void storage_set_dev_cert(const char *cert);
|
||||
|
||||
/**
|
||||
* Get current device certificate
|
||||
*/
|
||||
size_t storage_get_dev_cert(char *dest);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user