Merge pull request #8 from kaizoku-oh/feature/heroku-app-cert

Added https and cert for github-ota-api

platformio.ini

@@ -14,10 +14,12 @@ board = esp32dev
 framework = espidf
 monitor_speed = 115200
 board_build.partitions = partitions_two_ota.csv
-board_build.embed_txtfiles = src/certs/root_ca_cert.pem
+board_build.embed_txtfiles =
+  src/certs/aws_s3_root_ca_cert.pem
+  src/certs/heroku_root_ca_cert.pem
 
 build_flags =
-  '-DAPP_VERSION="0.4.0"'
+  '-DAPP_VERSION="0.5.0"'
   ; '-DWIFI_SSID="HUAWEI nova 3i"'
   ; '-DWIFI_PASS="w00tw00t"'
   '-DWIFI_SSID="TOPNET_D770"'

src/certs/heroku_root_ca_cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----

src/main.c

@@ -10,7 +10,7 @@
 #include "wifi_utils.h"
 
 #define TAG                          "APP"
-#define BASE_URL                     "http://github-ota-api.herokuapp.com"
+#define BASE_URL                     "https://github-ota-api.herokuapp.com"
 #define ENDPOINT                     "/firmware/latest"
 #define GITHUB_USERNAME              "kaizoku-oh"
 #define GITHUB_REPOSITORY            "pio-esp32-https-ota"
@@ -26,8 +26,11 @@ static const char* API_URL = BASE_URL ENDPOINT
 
 /* ca certificate */
 /* openssl s_client -showcerts -verify 5 -connect s3.amazonaws.com:443 < /dev/null */
-extern const char root_ca_cert_pem_start[] asm("_binary_root_ca_cert_pem_start");
-extern const char root_ca_cert_pem_end[] asm("_binary_root_ca_cert_pem_end");
+extern const char aws_s3_root_ca_cert_pem_start[] asm("_binary_aws_s3_root_ca_cert_pem_start");
+extern const char aws_s3_root_ca_cert_pem_end[] asm("_binary_aws_s3_root_ca_cert_pem_end");
+/* openssl s_client -showcerts -verify 5 -connect herokuapp.com:443 < /dev/null */
+extern const char heroku_root_ca_cert_pem_start[] asm("_binary_heroku_root_ca_cert_pem_start");
+extern const char heroku_root_ca_cert_pem_end[] asm("_binary_heroku_root_ca_cert_pem_end");
 
 /* http receive buffer */
 char tcHttpRcvBuffer[HTTP_APP_RX_BUFFER_SIZE];
@@ -37,30 +40,30 @@ esp_err_t _http_event_handler(esp_http_client_event_t *pstEvent)
   switch(pstEvent->event_id)
   {
   case HTTP_EVENT_ERROR:
-    ESP_LOGI(TAG, "HTTP_EVENT_ERROR");
+    ESP_LOGI(TAG, "HTTP error");
     break;
   case HTTP_EVENT_ON_CONNECTED:
-    ESP_LOGI(TAG, "HTTP_EVENT_ON_CONNECTED");
+    ESP_LOGI(TAG, "HTTP connected to server");
     break;
-  case HTTP_EVENT_HEADER_SENT:
-    ESP_LOGI(TAG, "HTTP_EVENT_HEADER_SENT");
+  case HTTP_EVENT_HEADERS_SENT:
+    ESP_LOGI(TAG, "All HTTP headers are sent to server");
     break;
   case HTTP_EVENT_ON_HEADER:
-    ESP_LOGI(TAG, "HTTP_EVENT_ON_HEADER");
+    ESP_LOGI(TAG, "Received HTTP header from server");
     printf("%.*s", pstEvent->data_len, (char*)pstEvent->data);
     break;
   case HTTP_EVENT_ON_DATA:
-    ESP_LOGI(TAG, "HTTP_EVENT_ON_DATA, len=%d", pstEvent->data_len);
+    ESP_LOGI(TAG, "Received data from server, len=%d", pstEvent->data_len);
     if(!esp_http_client_is_chunked_response(pstEvent->client))
     {
       strncpy(tcHttpRcvBuffer, (char*)pstEvent->data, pstEvent->data_len);
     }
     break;
   case HTTP_EVENT_ON_FINISH:
-    ESP_LOGI(TAG, "HTTP_EVENT_ON_FINISH");
+    ESP_LOGI(TAG, "HTTP session is finished");
     break;
   case HTTP_EVENT_DISCONNECTED:
-    ESP_LOGI(TAG, "HTTP_EVENT_DISCONNECTED");
+    ESP_LOGI(TAG, "HTTP connection is closed");
     break;
   }
   return ESP_OK;
@@ -81,6 +84,7 @@ char* get_download_url()
     .url = API_URL,
     .buffer_size = HTTP_INTERNAL_RX_BUFFER_SIZE,
     .event_handler = _http_event_handler,
+    .cert_pem = heroku_root_ca_cert_pem_start,
   };
   pstClient = esp_http_client_init(&config);
   s32RetVal = esp_http_client_perform(pstClient);
@@ -149,7 +153,7 @@ void check_update_task(void *pvParameter)
       esp_http_client_config_t ota_client_config =
       {
         .url = pcDownloadUrl,
-        .cert_pem = root_ca_cert_pem_start,
+        .cert_pem = aws_s3_root_ca_cert_pem_start,
         .buffer_size = HTTP_INTERNAL_RX_BUFFER_SIZE,
         .buffer_size_tx = HTTP_INTERNAL_TX_BUFFER_SIZE,
       };

src/wifi_utils.c

@@ -14,12 +14,16 @@
 #define WIFI_CONNECTED_BIT BIT0
 #define WIFI_FAIL_BIT      BIT1
 
-static const char *TAG = "WIFI_UTILS";
+typedef struct
+{
+  EventGroupHandle_t stWifiEventGroup;
+  int8_t u08RetryCount;
+  ip_event_got_ip_t* pstIpEvent;
+  EventBits_t u32EventBits;
+}wifi_ctx_t;
 
-static EventGroupHandle_t stWifiEventGroupe;
-static int8_t u08RetryCount = 0;
-ip_event_got_ip_t* pstIpEvent;
-EventBits_t u32EventBits;
+static const char *TAG = "WIFI_UTILS";
+static wifi_ctx_t stCtx;
 
 static void wifi_event_handler(void* pvArg,
                                esp_event_base_t pcEventBase,
@@ -32,37 +36,40 @@ static void wifi_event_handler(void* pvArg,
   }
   else if((pcEventBase == WIFI_EVENT) && (s32EventId == WIFI_EVENT_STA_DISCONNECTED))
   {
-    if(u08RetryCount < WIFI_MAXIMUM_RETRY)
+    if(stCtx.u08RetryCount < WIFI_MAXIMUM_RETRY)
     {
       esp_wifi_connect();
-      u08RetryCount++;
-      ESP_LOGI(TAG, "retry to connect to the AP");
+      stCtx.u08RetryCount++;
+      ESP_LOGI(TAG, "Retrying to connect to the AP");
     }
     else
     {
-      xEventGroupSetBits(stWifiEventGroupe, WIFI_FAIL_BIT);
+      xEventGroupSetBits(stCtx.stWifiEventGroup, WIFI_FAIL_BIT);
     }
-    ESP_LOGI(TAG,"connect to the AP fail");
+    ESP_LOGI(TAG,"Connection to the AP fail");
   }
   else if((pcEventBase == IP_EVENT) && (s32EventId == IP_EVENT_STA_GOT_IP))
   {
-    pstIpEvent = (ip_event_got_ip_t*) pvEventData;
-    ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&pstIpEvent->ip_info.ip));
-    u08RetryCount = 0;
-    xEventGroupSetBits(stWifiEventGroupe, WIFI_CONNECTED_BIT);
+    stCtx.pstIpEvent = (ip_event_got_ip_t*) pvEventData;
+    ESP_LOGI(TAG, "Got IP:" IPSTR, IP2STR(&stCtx.pstIpEvent->ip_info.ip));
+    stCtx.u08RetryCount = 0;
+    xEventGroupSetBits(stCtx.stWifiEventGroup, WIFI_CONNECTED_BIT);
   }
 }
 
 void wifi_initialise(void)
 {
-  esp_err_t s32RetVal = nvs_flash_init();
+  esp_err_t s32RetVal;
+
+  memset(&stCtx, 0x00, sizeof(stCtx));
+  s32RetVal = nvs_flash_init();
   if((s32RetVal == ESP_ERR_NVS_NO_FREE_PAGES) || (s32RetVal == ESP_ERR_NVS_NEW_VERSION_FOUND))
   {
     ESP_ERROR_CHECK(nvs_flash_erase());
     s32RetVal = nvs_flash_init();
   }
   ESP_ERROR_CHECK(s32RetVal);
-  stWifiEventGroupe = xEventGroupCreate();
+  stCtx.stWifiEventGroup = xEventGroupCreate();
   ESP_ERROR_CHECK(esp_netif_init());
   ESP_ERROR_CHECK(esp_event_loop_create_default());
   esp_netif_create_default_wifi_sta();
@@ -93,25 +100,25 @@ void wifi_initialise(void)
   ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
   ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
   ESP_ERROR_CHECK(esp_wifi_start() );
-  ESP_LOGI(TAG, "wifi_initialise finished");
+  ESP_LOGI(TAG, "Finished wifi initialization");
 }
 
 void wifi_wait_connected(void)
 {
   ESP_LOGI(TAG, "Waiting for wifi connection");
-  u32EventBits = xEventGroupWaitBits(stWifiEventGroupe,
+  stCtx.u32EventBits = xEventGroupWaitBits(stCtx.stWifiEventGroup,
                                      WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,
                                      pdFALSE,
                                      pdFALSE,
                                      portMAX_DELAY);
-  if(u32EventBits & WIFI_CONNECTED_BIT)
+  if(stCtx.u32EventBits & WIFI_CONNECTED_BIT)
   {
     ESP_LOGI(TAG,
-             "connected to ap SSID:%s password:%s",
+             "Connected to ap SSID:%s password:%s",
              WIFI_SSID,
              WIFI_PASS);
   }
-  else if(u32EventBits & WIFI_FAIL_BIT)
+  else if(stCtx.u32EventBits & WIFI_FAIL_BIT)
   {
   ESP_LOGI(TAG,
            "Failed to connect to SSID:%s, password:%s",
@@ -120,13 +127,13 @@ void wifi_wait_connected(void)
   }
   else
   {
-    ESP_LOGE(TAG, "UNEXPECTED EVENT");
+    ESP_LOGE(TAG, "Unexpected wifi event");
   }
   ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT,
                                                IP_EVENT_STA_GOT_IP,
                                                &wifi_event_handler));
   ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT,
                                                ESP_EVENT_ANY_ID,
                                                &wifi_event_handler));
-  vEventGroupDelete(stWifiEventGroupe);
+  vEventGroupDelete(stCtx.stWifiEventGroup);
 }