-
Notifications
You must be signed in to change notification settings - Fork 7.5k
/
NetworkClientSecure.h
131 lines (115 loc) · 4.6 KB
/
NetworkClientSecure.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/*
NetworkClientSecure.h - Base class that provides Client SSL to ESP32
Copyright (c) 2011 Adrian McEwen. All right reserved.
Additions Copyright (C) 2017 Evandro Luis Copercini.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef NetworkClientSecure_h
#define NetworkClientSecure_h
#include "Arduino.h"
#include "IPAddress.h"
#include "Network.h"
#include "ssl_client.h"
#include <memory>
class NetworkClientSecure : public NetworkClient {
protected:
std::shared_ptr<sslclient_context> sslclient;
bool _use_insecure;
bool _stillinPlainStart;
bool _ca_cert_free;
bool _cert_free;
bool _private_key_free;
const char *_CA_cert;
const char *_cert;
const char *_private_key;
const char *_pskIdent; // identity for PSK cipher suites
const char *_psKey; // key in hex for PSK cipher suites
const char **_alpn_protos;
bool _use_ca_bundle;
public:
NetworkClientSecure *next;
NetworkClientSecure();
NetworkClientSecure(int socket);
~NetworkClientSecure();
int connect(IPAddress ip, uint16_t port);
int connect(IPAddress ip, uint16_t port, int32_t timeout);
int connect(const char *host, uint16_t port);
int connect(const char *host, uint16_t port, int32_t timeout);
int connect(IPAddress ip, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
int connect(const char *host, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
int connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey);
int connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey);
int connect(IPAddress ip, uint16_t port, const char *host, const char *CA_cert, const char *cert, const char *private_key);
int peek();
size_t write(uint8_t data);
size_t write(const uint8_t *buf, size_t size);
int available();
int read();
int read(uint8_t *buf, size_t size);
void flush() {}
void stop();
uint8_t connected();
int lastError(char *buf, const size_t size);
void setInsecure(); // Don't validate the chain, just accept whatever is given. VERY INSECURE!
void setPreSharedKey(const char *pskIdent, const char *psKey); // psKey in Hex
void setCACert(const char *rootCA);
void setCertificate(const char *client_ca);
void setPrivateKey(const char *private_key);
bool loadCACert(Stream &stream, size_t size);
void setCACertBundle(const uint8_t *bundle, size_t size);
bool loadCertificate(Stream &stream, size_t size);
bool loadPrivateKey(Stream &stream, size_t size);
bool verify(const char *fingerprint, const char *domain_name);
void setHandshakeTimeout(unsigned long handshake_timeout);
void setAlpnProtocols(const char **alpn_protos);
// Certain protocols start in plain-text; and then have the client
// give some STARTSSL command to `upgrade' the connection to TLS
// or SSL. Setting PlainStart to true (the default is false) enables
// this. It is up to the application code to then call 'startTLS()'
// at the right point to initialize the SSL or TLS upgrade.
void setPlainStart() {
_stillinPlainStart = true;
};
bool stillInPlainStart() {
return _stillinPlainStart;
};
int startTLS();
const mbedtls_x509_crt *getPeerCertificate() {
return mbedtls_ssl_get_peer_cert(&sslclient->ssl_ctx);
};
bool getFingerprintSHA256(uint8_t sha256_result[32]) {
return get_peer_fingerprint(sslclient.get(), sha256_result);
};
int fd() const;
operator bool() {
return connected();
}
bool operator==(const bool value) {
return bool() == value;
}
bool operator!=(const bool value) {
return bool() != value;
}
bool operator==(const NetworkClientSecure &);
bool operator!=(const NetworkClientSecure &rhs) {
return !this->operator==(rhs);
};
int socket() {
return sslclient->socket = -1;
}
private:
char *_streamLoad(Stream &stream, size_t size);
//friend class NetworkServer;
using Print::write;
};
#endif /* _WIFICLIENT_H_ */