-
-
Notifications
You must be signed in to change notification settings - Fork 212
/
Copy pathMbedSSLClient.h
123 lines (99 loc) · 2.89 KB
/
MbedSSLClient.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
MbedSSLClient.cpp - SSLClient implementation using mbed Sockets
Copyright (c) 2021 Arduino SA. All right reserved.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef MBEDSSLCLIENT_H
#define MBEDSSLCLIENT_H
#include "MbedClient.h"
#include <FATFileSystem.h>
#include <MBRBlockDevice.h>
extern const char CA_CERTIFICATES[];
namespace arduino {
class MbedSSLClient : public arduino::MbedClient {
public:
MbedSSLClient();
virtual ~MbedSSLClient() {
stop();
}
int connect(IPAddress ip, uint16_t port) {
return connectSSL(ip, port);
}
int connect(const char* host, uint16_t port) {
_hostname = host;
return connectSSL(host, port);
}
void disableSNI(bool statusSNI) {
_disableSNI = statusSNI;
}
void appendCustomCACert(const char* rootCA) {
_rootCA = rootCA;
_appendCA = true;
}
void setCACert(const char* rootCA) {
_rootCA = rootCA;
_appendCA = false;
}
void setCertificate(const char* clientCert) {
_clientCert = clientCert;
}
void setPrivateKey(const char* privateKey) {
_privateKey = privateKey;
}
private:
const char* _rootCA;
const char* _hostname;
const char* _clientCert;
const char* _privateKey;
bool _disableSNI;
bool _appendCA;
protected:
int setRootCA() {
int err = 0;
if(_hostname && !_disableSNI) {
((TLSSocket*)sock)->set_hostname(_hostname);
}
if(_clientCert && _privateKey) {
err = ((TLSSocket*)sock)->set_client_cert_key(_clientCert, _privateKey);
if( err != NSAPI_ERROR_OK) {
return err;
}
}
if(!_appendCA && _rootCA) {
return ((TLSSocket*)sock)->set_root_ca_cert(_rootCA);
}
#if defined(MBEDTLS_FS_IO)
mbed::BlockDevice* root = mbed::BlockDevice::get_default_instance();
err = root->init();
if( err != 0) {
return err;
}
mbed::MBRBlockDevice wifi_data(root, 1);
mbed::FATFileSystem wifi("wlan");
err = wifi.mount(&wifi_data);
if (err) {
return err;
}
err = ((TLSSocket*)sock)->set_root_ca_cert_path("/wlan/");
if( err != NSAPI_ERROR_OK) {
return err;
}
#endif
if(_rootCA != NULL) {
err = ((TLSSocket*)sock)->append_root_ca_cert(_rootCA);
}
return err;
}
};
}
#endif /* MBEDSSLCLIENT_H */