Links2004/arduinoWebSockets
1
0
Fork 1
mirror of https://github.com/Links2004/arduinoWebSockets.git synced 2025-07-15 00:06:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SSL client certificate support (#572)

Browse Source 
* Add client certificate support

allows WiFiClientSecureBearSSL users to use client certificate and private key for the WebSocker.
also added SSL functions for socket.io
This commit is contained in:
itay7564
2020-10-26 18:01:31 +02:00
committed by GitHub
parent 5caff59f7f
commit 80bf087cd0
5 changed files with 88 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/esp8266/WebSocketClientSSLWithCA/WebSocketClientSSLWithCA.ino
View File

@ -90,6 +90,10 @@ void setup() {
delay(100); delay(100);
} }
//When using BearSSL, client certificate and private key can be set:
//webSocket.setSSLClientCertKey(clientCert, clientPrivateKey);
//clientCert and clientPrivateKey can be of types (const char *, const char *) , or of types (BearSSL::X509List, BearSSL::PrivateKey)
webSocket.beginSslWithCA("echo.websocket.org", 443, "/", ENDPOINT_CA_CERT); webSocket.beginSslWithCA("echo.websocket.org", 443, "/", ENDPOINT_CA_CERT);
webSocket.onEvent(webSocketEvent); webSocket.onEvent(webSocketEvent);
} }

30
src/SocketIOclient.cpp
View File

@ -24,7 +24,37 @@ void SocketIOclient::begin(String host, uint16_t port, String url, String protoc
WebSocketsClient::beginSocketIO(host, port, url, protocol); WebSocketsClient::beginSocketIO(host, port, url, protocol);
WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5); WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5);
} }
#if defined(HAS_SSL)
void SocketIOclient::beginSSL(const char * host, uint16_t port, const char * url, const char * protocol) {
WebSocketsClient::beginSocketIOSSL(host, port, url, protocol);
WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5);
}
void SocketIOclient::beginSSL(String host, uint16_t port, String url, String protocol) {
WebSocketsClient::beginSocketIOSSL(host, port, url, protocol);
WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5);
}
#if !defined(SSL_AXTLS)
void SocketIOclient::beginSSLWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
WebSocketsClient::beginSocketIOSSLWithCA(host, port, url, CA_cert, protocol);
WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5);
}
void SocketIOclient::beginSSLWithCA(const char * host, uint16_t port, const char * url, BearSSL::X509List * CA_cert, const char * protocol) {
WebSocketsClient::beginSocketIOSSLWithCA(host, port, url, CA_cert, protocol);
WebSocketsClient::enableHeartbeat(60 * 1000, 90 * 1000, 5);
}
void SocketIOclient::setSSLClientCertKey(const char * clientCert, const char * clientPrivateKey) {
WebSocketsClient::setSSLClientCertKey(clientCert, clientPrivateKey);
}
void SocketIOclient::setSSLClientCertKey(BearSSL::X509List * clientCert, BearSSL::PrivateKey * clientPrivateKey) {
WebSocketsClient::setSSLClientCertKey(clientCert, clientPrivateKey);
}
#endif
#endif
/** /**
* set callback function * set callback function
* @param cbEvent SocketIOclientEvent * @param cbEvent SocketIOclientEvent

10
src/SocketIOclient.h
View File

@ -49,6 +49,16 @@ class SocketIOclient : protected WebSocketsClient {
void begin(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * protocol = "arduino"); void begin(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * protocol = "arduino");
void begin(String host, uint16_t port, String url = "/socket.io/?EIO=3", String protocol = "arduino"); void begin(String host, uint16_t port, String url = "/socket.io/?EIO=3", String protocol = "arduino");
#ifdef HAS_SSL
void beginSSL(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * protocol = "arduino");
void beginSSL(String host, uint16_t port, String url = "/socket.io/?EIO=3", String protocol = "arduino");
#ifndef SSL_AXTLS
void beginSSLWithCA(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * CA_cert = NULL, const char * protocol = "arduino");
void beginSSLWithCA(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", BearSSL::X509List * CA_cert = NULL, const char * protocol = "arduino");
void setSSLClientCertKey(const char * clientCert = NULL, const char * clientPrivateKey = NULL);
void setSSLClientCertKey(BearSSL::X509List * clientCert = NULL, BearSSL::PrivateKey * clientPrivateKey = NULL);
#endif
#endif
bool isConnected(void); bool isConnected(void);
void onEvent(SocketIOclientEvent cbEvent); void onEvent(SocketIOclientEvent cbEvent);

42
src/WebSocketsClient.cpp
View File

@ -122,12 +122,6 @@ void WebSocketsClient::beginSSL(const char * host, uint16_t port, const char * u
_fingerprint = fingerprint; _fingerprint = fingerprint;
_CA_cert = NULL; _CA_cert = NULL;
} }
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
begin(host, port, url, protocol);
_client.isSSL = true;
_fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = new BearSSL::X509List(CA_cert);
}
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, BearSSL::X509List * CA_cert, const char * protocol) { void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, BearSSL::X509List * CA_cert, const char * protocol) {
begin(host, port, url, protocol); begin(host, port, url, protocol);
@ -135,6 +129,20 @@ void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const ch
_fingerprint = SSL_FINGERPRINT_NULL; _fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = CA_cert; _CA_cert = CA_cert;
} }
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
beginSslWithCA(host, port, url, new BearSSL::X509List(CA_cert), protocol);
}
void WebSocketsClient::setSSLClientCertKey(BearSSL::X509List * clientCert, BearSSL::PrivateKey * clientPrivateKey) {
_client_cert = clientCert;
_client_key = clientPrivateKey;
}
void WebSocketsClient::setSSLClientCertKey(const char * clientCert, const char * clientPrivateKey) {
setSSLClientCertKey(new BearSSL::X509List(clientCert), new BearSSL::PrivateKey(clientPrivateKey));
}
#endif // SSL_AXTLS #endif // SSL_AXTLS
#endif // HAS_SSL #endif // HAS_SSL
@ -159,17 +167,29 @@ void WebSocketsClient::beginSocketIOSSL(String host, uint16_t port, String url,
beginSocketIOSSL(host.c_str(), port, url.c_str(), protocol.c_str()); beginSocketIOSSL(host.c_str(), port, url.c_str(), protocol.c_str());
} }
#if defined(SSL_BARESSL)
void WebSocketsClient::beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url, BearSSL::X509List * CA_cert, const char * protocol) {
begin(host, port, url, protocol);
_client.isSocketIO = true;
_client.isSSL = true;
_fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = CA_cert;
}
#endif
void WebSocketsClient::beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) { void WebSocketsClient::beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
begin(host, port, url, protocol); begin(host, port, url, protocol);
_client.isSocketIO = true; _client.isSocketIO = true;
_client.isSSL = true; _client.isSSL = true;
_fingerprint = SSL_FINGERPRINT_NULL; _fingerprint = SSL_FINGERPRINT_NULL;
#if defined(SSL_AXTLS) #if defined(SSL_BARESSL)
_CA_cert = CA_cert;
#else
_CA_cert = new BearSSL::X509List(CA_cert); _CA_cert = new BearSSL::X509List(CA_cert);
#else
_CA_cert = CA_cert;
#endif #endif
} }
#endif #endif
#if(WEBSOCKETS_NETWORK_TYPE != NETWORK_ESP8266_ASYNC) #if(WEBSOCKETS_NETWORK_TYPE != NETWORK_ESP8266_ASYNC)
@ -213,6 +233,10 @@ void WebSocketsClient::loop(void) {
_client.ssl->setFingerprint(_fingerprint); _client.ssl->setFingerprint(_fingerprint);
} else { } else {
_client.ssl->setInsecure(); _client.ssl->setInsecure();
}
if(_client_cert && _client_key) {
_client.ssl->setClientRSACert(_client_cert, _client_key);
DEBUG_WEBSOCKETS("[WS-Client] setting client certificate and key");
#endif #endif
} }
} else { } else {

8
src/WebSocketsClient.h
View File

@ -49,6 +49,8 @@ class WebSocketsClient : protected WebSockets {
#else #else
void beginSSL(const char * host, uint16_t port, const char * url = "/", const uint8_t * fingerprint = NULL, const char * protocol = "arduino"); void beginSSL(const char * host, uint16_t port, const char * url = "/", const uint8_t * fingerprint = NULL, const char * protocol = "arduino");
void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", BearSSL::X509List * CA_cert = NULL, const char * protocol = "arduino"); void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", BearSSL::X509List * CA_cert = NULL, const char * protocol = "arduino");
void setSSLClientCertKey(BearSSL::X509List * clientCert = NULL, BearSSL::PrivateKey * clientPrivateKey = NULL);
void setSSLClientCertKey(const char * clientCert = NULL, const char * clientPrivateKey = NULL);
#endif #endif
void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", const char * CA_cert = NULL, const char * protocol = "arduino"); void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", const char * CA_cert = NULL, const char * protocol = "arduino");
#endif #endif
@ -59,7 +61,11 @@ class WebSocketsClient : protected WebSockets {
#if defined(HAS_SSL) #if defined(HAS_SSL)
void beginSocketIOSSL(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * protocol = "arduino"); void beginSocketIOSSL(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * protocol = "arduino");
void beginSocketIOSSL(String host, uint16_t port, String url = "/socket.io/?EIO=3", String protocol = "arduino"); void beginSocketIOSSL(String host, uint16_t port, String url = "/socket.io/?EIO=3", String protocol = "arduino");
void beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * CA_cert = NULL, const char * protocol = "arduino"); void beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", const char * CA_cert = NULL, const char * protocol = "arduino");
#if defined(SSL_BARESSL)
void beginSocketIOSSLWithCA(const char * host, uint16_t port, const char * url = "/socket.io/?EIO=3", BearSSL::X509List * CA_cert = NULL, const char * protocol = "arduino");
#endif
#endif #endif
#if(WEBSOCKETS_NETWORK_TYPE != NETWORK_ESP8266_ASYNC) #if(WEBSOCKETS_NETWORK_TYPE != NETWORK_ESP8266_ASYNC)
@ -110,6 +116,8 @@ class WebSocketsClient : protected WebSockets {
#else #else
const uint8_t * _fingerprint; const uint8_t * _fingerprint;
BearSSL::X509List * _CA_cert; BearSSL::X509List * _CA_cert;
BearSSL::X509List * _client_cert;
BearSSL::PrivateKey * _client_key;
#define SSL_FINGERPRINT_NULL NULL #define SSL_FINGERPRINT_NULL NULL
#endif #endif