mirror of
https://github.com/esp8266/Arduino.git
synced 2025-07-27 18:02:17 +03:00
Make CertStore natively use File interface (#6131)
__This is a breaking change, but the header and example did warn everyone that this API was in flux due to the incompatible SD and SPIFFS File implementations.__ BearSSL CertStores now simply need a filesystem and the names of the data (generated on-chip) and archive (uploaded by user) files on it. No more need to roll your own virtual CertStoreFile class. Update the library, examples, and device test.
This commit is contained in:
Earle F. Philhower, III
committed by
GitHub
GitHub
parent
44bda41cf6
commit
8859b818d8
@ -36,6 +36,7 @@
|
||||
#include <ESP8266WiFi.h>
|
||||
#include <CertStoreBearSSL.h>
|
||||
#include <time.h>
|
||||
#include <FS.h>
|
||||
|
||||
#ifndef STASSID
|
||||
#define STASSID "your-ssid"
|
||||
@ -50,87 +51,6 @@ const char *pass = STAPSK;
|
||||
// the WiFiClientBearSSLs are present.
|
||||
BearSSL::CertStore certStore;
|
||||
|
||||
// Uncomment below to use the SD card to store the certs
|
||||
// #define USE_SDCARD 1
|
||||
|
||||
// NOTE: The CertStoreFile virtual class may migrate to a templated
|
||||
// model in a future release. Expect some changes to the interface,
|
||||
// no matter what, as the SD and SPIFFS filesystem get unified.
|
||||
|
||||
#ifdef USE_SDCARD
|
||||
|
||||
#include <SD.h>
|
||||
class SDCertStoreFile : public BearSSL::CertStoreFile {
|
||||
public:
|
||||
SDCertStoreFile(const char *name) {
|
||||
_name = name;
|
||||
};
|
||||
virtual ~SDCertStoreFile() override {};
|
||||
|
||||
// The main API
|
||||
virtual bool open(bool write = false) override {
|
||||
_file = SD.open(_name, write ? FILE_WRITE : FILE_READ);
|
||||
return _file;
|
||||
}
|
||||
virtual bool seek(size_t absolute_pos) override {
|
||||
return _file.seek(absolute_pos);
|
||||
}
|
||||
virtual ssize_t read(void *dest, size_t bytes) override {
|
||||
return _file.read(dest, bytes);
|
||||
}
|
||||
virtual ssize_t write(void *dest, size_t bytes) override {
|
||||
return _file.write((const uint8_t*)dest, bytes);
|
||||
}
|
||||
virtual void close() override {
|
||||
_file.close();
|
||||
}
|
||||
|
||||
private:
|
||||
File _file;
|
||||
const char *_name;
|
||||
};
|
||||
|
||||
SDCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266
|
||||
SDCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user
|
||||
|
||||
#else
|
||||
|
||||
#include <FS.h>
|
||||
class SPIFFSCertStoreFile : public BearSSL::CertStoreFile {
|
||||
public:
|
||||
SPIFFSCertStoreFile(const char *name) {
|
||||
_name = name;
|
||||
};
|
||||
virtual ~SPIFFSCertStoreFile() override {};
|
||||
|
||||
// The main API
|
||||
virtual bool open(bool write = false) override {
|
||||
_file = SPIFFS.open(_name, write ? "w" : "r");
|
||||
return _file;
|
||||
}
|
||||
virtual bool seek(size_t absolute_pos) override {
|
||||
return _file.seek(absolute_pos, SeekSet);
|
||||
}
|
||||
virtual ssize_t read(void *dest, size_t bytes) override {
|
||||
return _file.readBytes((char*)dest, bytes);
|
||||
}
|
||||
virtual ssize_t write(void *dest, size_t bytes) override {
|
||||
return _file.write((uint8_t*)dest, bytes);
|
||||
}
|
||||
virtual void close() override {
|
||||
_file.close();
|
||||
}
|
||||
|
||||
private:
|
||||
File _file;
|
||||
const char *_name;
|
||||
};
|
||||
|
||||
SPIFFSCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266
|
||||
SPIFFSCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user
|
||||
|
||||
#endif
|
||||
|
||||
// Set time via NTP, as required for x.509 validation
|
||||
void setClock() {
|
||||
configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov");
|
||||
@ -197,11 +117,8 @@ void setup() {
|
||||
Serial.println();
|
||||
Serial.println();
|
||||
|
||||
#ifdef USE_SDCARD
|
||||
SD.begin();
|
||||
#else
|
||||
SPIFFS.begin();
|
||||
#endif
|
||||
// If using a SD card or LittleFS, call the appropriate ::begin instead
|
||||
|
||||
// We start by connecting to a WiFi network
|
||||
Serial.print("Connecting to ");
|
||||
@ -221,10 +138,10 @@ void setup() {
|
||||
|
||||
setClock(); // Required for X.509 validation
|
||||
|
||||
int numCerts = certStore.initCertStore(&certs_idx, &certs_ar);
|
||||
int numCerts = certStore.initCertStore(SPIFFS, PSTR("/certs.idx"), PSTR("/certs.ar"));
|
||||
Serial.printf("Number of CA certs read: %d\n", numCerts);
|
||||
if (numCerts == 0) {
|
||||
Serial.printf("No certs found. Did you run certs-from-mozill.py and upload the SPIFFS directory before running?\n");
|
||||
Serial.printf("No certs found. Did you run certs-from-mozilla.py and upload the SPIFFS directory before running?\n");
|
||||
return; // Can't connect to anything w/o certs!
|
||||
}
|
||||
|
||||
@ -242,6 +159,9 @@ void loop() {
|
||||
do {
|
||||
site = Serial.readString();
|
||||
} while (site == "");
|
||||
// Strip newline if present
|
||||
site.replace(String("\r"), emptyString);
|
||||
site.replace(String("\n"), emptyString);
|
||||
Serial.printf("https://%s/\n", site.c_str());
|
||||
|
||||
BearSSL::WiFiClientSecure *bear = new BearSSL::WiFiClientSecure();
|
||||
|
||||
Reference in New Issue
Block a user