118 lines
4.2 KiB
C
118 lines
4.2 KiB
C
|
/*
|
||
|
|
WiFiClientSecure.h - Base class that provides Client SSL to ESP32
|
||
|
|
Copyright (c) 2011 Adrian McEwen. All right reserved.
|
||
|
|
Additions Copyright (C) 2017 Evandro Luis Copercini.
|
||
|
|
|
||
|
|
This library is free software; you can redistribute it and/or
|
||
|
|
modify it under the terms of the GNU Lesser General Public
|
||
|
|
License as published by the Free Software Foundation; either
|
||
|
|
version 2.1 of the License, or (at your option) any later version.
|
||
|
|
|
||
|
|
This library is distributed in the hope that it will be useful,
|
||
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
|
Lesser General Public License for more details.
|
||
|
|
|
||
|
|
You should have received a copy of the GNU Lesser General Public
|
||
|
|
License along with this library; if not, write to the Free Software
|
||
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||
|
|
*/
|
||
|
|
|
||
|
|
#ifndef WiFiClientSecure_h
|
||
|
|
#define WiFiClientSecure_h
|
||
|
|
#include "Arduino.h"
|
||
|
|
#include "IPAddress.h"
|
||
|
|
#include <WiFi.h>
|
||
|
|
#include "ssl_client.h"
|
||
|
|
|
||
|
|
class WiFiClientSecure : public WiFiClient
|
||
|
|
{
|
||
|
|
protected:
|
||
|
|
sslclient_context *sslclient;
|
||
|
|
|
||
|
|
int _lastError = 0;
|
||
|
|
int _peek = -1;
|
||
|
|
int _timeout;
|
||
|
|
bool _use_insecure;
|
||
|
|
const char *_CA_cert;
|
||
|
|
const char *_cert;
|
||
|
|
const char *_private_key;
|
||
|
|
const char *_pskIdent; // identity for PSK cipher suites
|
||
|
|
const char *_psKey; // key in hex for PSK cipher suites
|
||
|
|
const char **_alpn_protos;
|
||
|
|
bool _use_ca_bundle;
|
||
|
|
|
||
|
|
public:
|
||
|
|
WiFiClientSecure *next;
|
||
|
|
WiFiClientSecure();
|
||
|
|
WiFiClientSecure(int socket);
|
||
|
|
~WiFiClientSecure();
|
||
|
|
int connect(IPAddress ip, uint16_t port);
|
||
|
|
int connect(IPAddress ip, uint16_t port, int32_t timeout);
|
||
|
|
int connect(const char *host, uint16_t port);
|
||
|
|
int connect(const char *host, uint16_t port, int32_t timeout);
|
||
|
|
int connect(IPAddress ip, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
|
||
|
|
int connect(const char *host, uint16_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
|
||
|
|
int connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey);
|
||
|
|
int connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey);
|
||
|
|
int peek();
|
||
|
|
size_t write(uint8_t data);
|
||
|
|
size_t write(const uint8_t *buf, size_t size);
|
||
|
|
int available();
|
||
|
|
int read();
|
||
|
|
int read(uint8_t *buf, size_t size);
|
||
|
|
void flush() {}
|
||
|
|
void stop();
|
||
|
|
uint8_t connected();
|
||
|
|
int lastError(char *buf, const size_t size);
|
||
|
|
void setInsecure(); // Don't validate the chain, just accept whatever is given. VERY INSECURE!
|
||
|
|
void setPreSharedKey(const char *pskIdent, const char *psKey); // psKey in Hex
|
||
|
|
void setCACert(const char *rootCA);
|
||
|
|
void setCertificate(const char *client_ca);
|
||
|
|
void setPrivateKey (const char *private_key);
|
||
|
|
bool loadCACert(Stream& stream, size_t size);
|
||
|
|
void setCACertBundle(const uint8_t * bundle);
|
||
|
|
bool loadCertificate(Stream& stream, size_t size);
|
||
|
|
bool loadPrivateKey(Stream& stream, size_t size);
|
||
|
|
bool verify(const char* fingerprint, const char* domain_name);
|
||
|
|
void setHandshakeTimeout(unsigned long handshake_timeout);
|
||
|
|
void setAlpnProtocols(const char **alpn_protos);
|
||
|
|
const mbedtls_x509_crt* getPeerCertificate() { return mbedtls_ssl_get_peer_cert(&sslclient->ssl_ctx); };
|
||
|
|
bool getFingerprintSHA256(uint8_t sha256_result[32]) { return get_peer_fingerprint(sslclient, sha256_result); };
|
||
|
|
int setTimeout(uint32_t seconds);
|
||
|
|
int setSocketOption(int option, char* value, size_t len);
|
||
|
|
int setSocketOption(int level, int option, const void* value, size_t len);
|
||
|
|
|
||
|
|
operator bool()
|
||
|
|
{
|
||
|
|
return connected();
|
||
|
|
}
|
||
|
|
WiFiClientSecure &operator=(const WiFiClientSecure &other);
|
||
|
|
bool operator==(const bool value)
|
||
|
|
{
|
||
|
|
return bool() == value;
|
||
|
|
}
|
||
|
|
bool operator!=(const bool value)
|
||
|
|
{
|
||
|
|
return bool() != value;
|
||
|
|
}
|
||
|
|
bool operator==(const WiFiClientSecure &);
|
||
|
|
bool operator!=(const WiFiClientSecure &rhs)
|
||
|
|
{
|
||
|
|
return !this->operator==(rhs);
|
||
|
|
};
|
||
|
|
|
||
|
|
int socket()
|
||
|
|
{
|
||
|
|
return sslclient->socket = -1;
|
||
|
|
}
|
||
|
|
|
||
|
|
private:
|
||
|
|
char *_streamLoad(Stream& stream, size_t size);
|
||
|
|
|
||
|
|
//friend class WiFiServer;
|
||
|
|
using Print::write;
|
||
|
|
};
|
||
|
|
|
||
|
|
#endif /* _WIFICLIENT_H_ */
|