Can get root CA

esp32_device/main/constants.h

@@ -15,6 +15,11 @@
  */
 #define PRV_KEY_DER_MAX_BYTES 1500
 
+/**
+ * Root CA max length
+ */
+#define ROOT_CA_MAX_BYTES 3000
+
 /**
  * Secure origin len
  */

esp32_device/main/main.c

@@ -67,6 +67,25 @@ void app_main(void)
     ESP_LOGI(TAG, "Current secure origin: %s", sec_ori);
     free(sec_ori);
 
+    ESP_LOGI(TAG, "Check root CA");
+    if (storage_get_root_ca(NULL) == 0)
+    {
+        char *root_ca = unsecure_api_get_root_ca();
+        if (!root_ca)
+        {
+            ESP_LOGE(TAG, "Failed to fetch root CA!");
+            reboot();
+        }
+        storage_set_root_ca(root_ca);
+        free(root_ca);
+    }
+
+    ESP_LOGI(TAG, "Get root CA");
+    char *root_ca = calloc(ROOT_CA_MAX_BYTES, 1);
+    assert(storage_get_root_ca(root_ca) > 0);
+    ESP_LOGI(TAG, "Current root CA:\n%s", root_ca);
+    free(root_ca);
+
     system_sleep(120);
 
     reboot();

esp32_device/main/storage.c

@@ -10,6 +10,7 @@
 #define DEV_NAME_KEY "dev_name"
 #define PRIVATE_KEY "prikey"
 #define SEC_ORIG_KEY "secureOrig"
+#define SEC_ROOT_CA_KEY "rootCA"
 
 static const char *TAG = "storage";
 
@@ -99,6 +100,10 @@ size_t storage_get_priv_key(unsigned char *key)
     return len;
 }
 
-void storage_set_secure_origin(const char *name) { storage_set_str(SEC_ORIG_KEY, name); }
+void storage_set_secure_origin(const char *orig) { storage_set_str(SEC_ORIG_KEY, orig); }
 
 size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); }
+
+void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); }
+
+size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); }

esp32_device/main/storage.h

@@ -40,13 +40,23 @@ extern "C"
     /**
      * Write secure origin
      */
-    void storage_set_secure_origin(const char *name);
+    void storage_set_secure_origin(const char *orig);
 
     /**
      * Get current secure origin
      */
     size_t storage_get_secure_origin(char *dest);
 
+    /**
+     * Write root CA
+     */
+    void storage_set_root_ca(const char *ca);
+
+    /**
+     * Get current root CA
+     */
+    size_t storage_get_root_ca(char *dest);
+
 #ifdef __cplusplus
 }
 #endif

esp32_device/main/unsecure_api.c

@@ -20,3 +20,19 @@ char *unsecure_api_get_secure_origin()
 
     return res;
 }
+
+char *unsecure_api_get_root_ca()
+{
+    const char *url = BACKEND_UNSECURE_URL "/pki/root_ca.crt";
+
+    http_request_opts opts = {.url = url};
+    char *res = http_client_exec(&opts);
+
+    if (!res)
+    {
+        ESP_LOGE(TAG, "Failed to query root CA!");
+        return NULL;
+    }
+
+    return res;
+}

esp32_device/main/unsecure_api.h

@@ -17,6 +17,14 @@ extern "C"
      */
     char *unsecure_api_get_secure_origin();
 
+    /**
+     * Get root CA
+     *
+     * @returns The root CA or NULL in case of failure. Value must be
+     * released by caller.
+     */
+    char *unsecure_api_get_root_ca();
+
 #ifdef __cplusplus
 }
 #endif