Can get root CA

This commit is contained in:
Pierre HUBERT 2024-08-18 19:42:40 +02:00
parent 3b6e79e5e4
commit a6b283d023
6 changed files with 66 additions and 3 deletions

View File

@ -15,6 +15,11 @@
*/ */
#define PRV_KEY_DER_MAX_BYTES 1500 #define PRV_KEY_DER_MAX_BYTES 1500
/**
* Root CA max length
*/
#define ROOT_CA_MAX_BYTES 3000
/** /**
* Secure origin len * Secure origin len
*/ */

View File

@ -67,6 +67,25 @@ void app_main(void)
ESP_LOGI(TAG, "Current secure origin: %s", sec_ori); ESP_LOGI(TAG, "Current secure origin: %s", sec_ori);
free(sec_ori); free(sec_ori);
ESP_LOGI(TAG, "Check root CA");
if (storage_get_root_ca(NULL) == 0)
{
char *root_ca = unsecure_api_get_root_ca();
if (!root_ca)
{
ESP_LOGE(TAG, "Failed to fetch root CA!");
reboot();
}
storage_set_root_ca(root_ca);
free(root_ca);
}
ESP_LOGI(TAG, "Get root CA");
char *root_ca = calloc(ROOT_CA_MAX_BYTES, 1);
assert(storage_get_root_ca(root_ca) > 0);
ESP_LOGI(TAG, "Current root CA:\n%s", root_ca);
free(root_ca);
system_sleep(120); system_sleep(120);
reboot(); reboot();

View File

@ -10,6 +10,7 @@
#define DEV_NAME_KEY "dev_name" #define DEV_NAME_KEY "dev_name"
#define PRIVATE_KEY "prikey" #define PRIVATE_KEY "prikey"
#define SEC_ORIG_KEY "secureOrig" #define SEC_ORIG_KEY "secureOrig"
#define SEC_ROOT_CA_KEY "rootCA"
static const char *TAG = "storage"; static const char *TAG = "storage";
@ -99,6 +100,10 @@ size_t storage_get_priv_key(unsigned char *key)
return len; return len;
} }
void storage_set_secure_origin(const char *name) { storage_set_str(SEC_ORIG_KEY, name); } void storage_set_secure_origin(const char *orig) { storage_set_str(SEC_ORIG_KEY, orig); }
size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); } size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); }
void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); }
size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); }

View File

@ -40,13 +40,23 @@ extern "C"
/** /**
* Write secure origin * Write secure origin
*/ */
void storage_set_secure_origin(const char *name); void storage_set_secure_origin(const char *orig);
/** /**
* Get current secure origin * Get current secure origin
*/ */
size_t storage_get_secure_origin(char *dest); size_t storage_get_secure_origin(char *dest);
/**
* Write root CA
*/
void storage_set_root_ca(const char *ca);
/**
* Get current root CA
*/
size_t storage_get_root_ca(char *dest);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -18,5 +18,21 @@ char *unsecure_api_get_secure_origin()
return NULL; return NULL;
} }
return res;
}
char *unsecure_api_get_root_ca()
{
const char *url = BACKEND_UNSECURE_URL "/pki/root_ca.crt";
http_request_opts opts = {.url = url};
char *res = http_client_exec(&opts);
if (!res)
{
ESP_LOGE(TAG, "Failed to query root CA!");
return NULL;
}
return res; return res;
} }

View File

@ -17,6 +17,14 @@ extern "C"
*/ */
char *unsecure_api_get_secure_origin(); char *unsecure_api_get_secure_origin();
/**
* Get root CA
*
* @returns The root CA or NULL in case of failure. Value must be
* released by caller.
*/
char *unsecure_api_get_root_ca();
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif