Bobbyssl

2021-12-20 11:54:38 +01:00
20 changed files with 87 additions and 18 deletions
--- a/config_comred.cmake
+++ b/config_comred.cmake
@ -121,6 +121,7 @@ set(BOBBYCAR_BUILDFLAGS
  -DSWITCH_BLINK
 #  -DFEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
  -DFEATURE_ESPNOW
+  -DFEATURE_SSL
 )

 if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake")
--- a/config_feedc0de.cmake
+++ b/config_feedc0de.cmake
@ -102,4 +102,5 @@ set(BOBBYCAR_BUILDFLAGS
 #  -DSWITCH_BLINK
  -DFEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
 #  -DFEATURE_ESPNOW
+#  -DFEATURE_SSL
 )
--- a/config_greyhash.cmake
+++ b/config_greyhash.cmake
@ -94,4 +94,5 @@ set(BOBBYCAR_BUILDFLAGS
 #  -DLEDSTRIP_ANIMATION_DEFAULT=0
   -DOLD_NVS
 #   -DFEATURE_DNS_NS
+#   -DFEATURE_SSL
 )
--- a/config_mick.cmake
+++ b/config_mick.cmake
@ -93,6 +93,7 @@ set(BOBBYCAR_BUILDFLAGS
  -DLEDSTRIP_ANIMATION_DEFAULT=0
  -DOLD_NVS
  -DFEATURE_DNS_NS
+#  -DFEATURE_SSL
 )

 if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake")
--- a/config_peter.cmake
+++ b/config_peter.cmake
@ -98,6 +98,7 @@ set(BOBBYCAR_BUILDFLAGS
    -DLEDS_PER_METER=144
    -DOLD_NVS
    -DFEATURE_DNS_NS
+    -DFEATURE_SSL
 )

 if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake")
--- a/main/CMakeLists.txt
+++ b/main/CMakeLists.txt
@ -193,6 +193,7 @@ set(headers
    settings.h
    settingspersister.h
    settingsutils.h
+    sslcert.h
    statistics.h
    statustexthelper.h
    stringsettings.h
@ -412,6 +413,7 @@ set(sources
    settings.cpp
    settingspersister.cpp
    settingsutils.cpp
+    sslcert.cpp
    statistics.cpp
    statustexthelper.cpp
    stringsettings.cpp
@ -436,7 +438,7 @@ set(sources
 )

 set(dependencies
-    freertos nvs_flash esp_http_server esp_https_ota mdns app_update esp_system esp_websocket_client driver
+    freertos nvs_flash esp_http_server esp_https_server esp_https_ota mdns app_update esp_system esp_websocket_client driver
    arduino-esp32 ArduinoJson esp-nimble-cpp FastLED-idf TFT_eSPI QRCode-esp32
    bobbycar-protocol cpputils cxx-ring-buffer date
    espasynchttpreq espasyncota espchrono espcpputils espconfiglib esp-gui-lib esphttpdutils espwifistack expected fmt
@ -450,6 +452,9 @@ idf_component_register(
        .
    REQUIRES
        ${dependencies}
+    EMBED_TXTFILES
+        certs/cert.pem
+        certs/key.pem
 )

 target_compile_options(${COMPONENT_TARGET}
--- a/main/sslcert.cpp
+++ b/main/sslcert.cpp
@ -0,0 +1,5 @@
+#include "sslcert.h"
+
+namespace ssl_cert {
+
+}
--- a/main/sslcert.h
+++ b/main/sslcert.h
@ -0,0 +1,7 @@
+#include <string>
+
+namespace ssl_cert {
+    void init();
+    std::string get_cert();
+    bool check_cert();
+}
--- a/main/webserver.cpp
+++ b/main/webserver.cpp
@ -25,6 +25,23 @@ void initWebserver()
 #endif

    {
+#ifdef FEATURE_SSL
+        httpd_ssl_config_t httpsConfig HTTPD_SSL_CONFIG_DEFAULT();
+        httpsConfig.httpd.core_id = 1;
+        httpsConfig.httpd.max_uri_handlers = 14;
+        httpsConfig.httpd.stack_size = 8192;
+        httpsConfig.transport_mode = HTTPD_SSL_TRANSPORT_SECURE;
+
+        httpsConfig.cacert_pem = (const uint8_t*)bobbywebserver::cert_pem.data();
+        httpsConfig.cacert_len = bobbywebserver::cert_pem.size();
+        httpsConfig.prvtkey_pem = (const uint8_t*)bobbywebserver::key_pem.data();
+        httpsConfig.prvtkey_len = bobbywebserver::key_pem.size();
+
+        const auto result = httpd_ssl_start(&httpdHandle, &httpsConfig);
+        ESP_LOG_LEVEL_LOCAL((result == ESP_OK ? ESP_LOG_INFO : ESP_LOG_ERROR), TAG, "httpd_ssl_start(): %s", esp_err_to_name(result));
+        if (result != ESP_OK)
+            return;
+#else
        httpd_config_t httpConfig HTTPD_DEFAULT_CONFIG();
        httpConfig.core_id = 1;
        httpConfig.max_uri_handlers = 14;
@ -34,6 +51,7 @@ void initWebserver()
        ESP_LOG_LEVEL_LOCAL((result == ESP_OK ? ESP_LOG_INFO : ESP_LOG_ERROR), TAG, "httpd_start(): %s", esp_err_to_name(result));
        if (result != ESP_OK)
            return;
+#endif
    }

    for (const httpd_uri_t &uri : {
@ -145,7 +163,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req)
    else
    {
        ESP_LOGE(TAG, "%.*s", result.error().size(), result.error().data());
-
+        httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
        CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::BadRequest, "text/plain", result.error());
    }

@ -155,7 +173,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req)
    {
        if (!menuDisplayChanged())
        {
-
+            httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
            CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::Ok, "text/plain", "Ok.");
        }
        else
@ -165,7 +183,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req)
    }
    else
    {
-
+        httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
        CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::Unauthorized, "text/plain", "");
    }
 }
--- a/main/webserver.h
+++ b/main/webserver.h
@ -3,11 +3,17 @@
 // system includes
 #include <atomic>
 #include <string_view>
+#include <string>
+#include <iterator>

 // esp-idf includes
 #ifdef FEATURE_WEBSERVER
+#ifdef FEATURE_SSL
+#include <esp_https_server.h>
+#else
 #include <esp_http_server.h>
 #endif
+#endif
 #include <esp_log.h>

 // 3rdparty lib includes
@ -35,10 +41,20 @@ bool MenuDisplayChanged();
 esp_err_t webserver_reboot_handler(httpd_req_t *req);
 esp_err_t webserver_status_handler(httpd_req_t *req);

+extern const char cert_pem_start[] asm("_binary_cert_pem_start");
+extern const char cert_pem_end[] asm("_binary_cert_pem_end");
+extern const char key_pem_start[] asm("_binary_key_pem_start");
+extern const char key_pem_end[] asm("_binary_key_pem_end");
+
 namespace bobbywebserver {
 extern bool forceRefresh;
 extern bool lastScreenWasMenu;
 extern int8_t lastSelectIndex;
 extern std::vector<std::pair<std::string, const espgui::MenuItemIcon*>> menuBuf;
+
+// Certs
+const std::string_view cert_pem{cert_pem_start, size_t(std::distance(cert_pem_start, cert_pem_end))};
+const std::string_view key_pem{key_pem_start, size_t(std::distance(key_pem_start, key_pem_end))};
+
 }
 #endif
--- a/main/webserver_displaycontrol.cpp
+++ b/main/webserver_displaycontrol.cpp
@ -10,6 +10,7 @@ constexpr const char * const TAG = "BOBBYWEB";

 esp_err_t webserver_root_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
@ -220,7 +221,7 @@ esp_err_t webserver_root_handler(httpd_req_t *req)

 esp_err_t webserver_triggerButton_handler(httpd_req_t *req)
 {
-
+httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
@ -339,7 +340,7 @@ esp_err_t webserver_triggerButton_handler(httpd_req_t *req)

 esp_err_t webserver_triggerItem_handler(httpd_req_t *req)
 {
-
+httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
@ -428,7 +429,7 @@ esp_err_t webserver_triggerItem_handler(httpd_req_t *req)

 esp_err_t webserver_setValue_handler(httpd_req_t *req)
 {
-
+httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
--- a/main/webserver_dumpnvs.cpp
+++ b/main/webserver_dumpnvs.cpp
@ -114,7 +114,7 @@ showInputForSetting(std::string_view key, T value, JsonObject &body)

 esp_err_t webserver_dump_nvs_handler(httpd_req_t *req)
 {
-
+httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
--- a/main/webserver_ota.cpp
+++ b/main/webserver_ota.cpp
@ -13,6 +13,7 @@ constexpr const char * const TAG = "BOBBYWEB";

 esp_err_t webserver_ota_percentage_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
@ -72,6 +73,7 @@ esp_err_t webserver_ota_percentage_handler(httpd_req_t *req)

 esp_err_t webserver_ota_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
 #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
@ -340,6 +342,7 @@ esp_err_t webserver_ota_handler(httpd_req_t *req)

 esp_err_t webserver_trigger_ota_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
    {
--- a/main/webserver_settings.cpp
+++ b/main/webserver_settings.cpp
@ -67,6 +67,7 @@ showInputForSetting(std::string_view key, T value, std::string &body)

 esp_err_t webserver_settings_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
    {
@ -231,6 +232,7 @@ saveSetting(T &value, std::string_view newValue, std::string &body)

 esp_err_t webserver_saveSettings_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
    {
--- a/main/webserver_stringsettings.cpp
+++ b/main/webserver_stringsettings.cpp
@ -10,6 +10,7 @@ constexpr const char * const TAG = "BOBBYWEB";

 esp_err_t webserver_stringSettings_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
    {
@ -100,6 +101,7 @@ esp_err_t webserver_stringSettings_handler(httpd_req_t *req)

 esp_err_t webserver_saveStringSettings_handler(httpd_req_t *req)
 {
+    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil<espcpputils::ticks>(5s).count()};
    if (!helper.locked())
    {
--- a/5
+++ b/5
@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192
 #
 CONFIG_ESP_TLS_USING_MBEDTLS=y
 # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set
-# CONFIG_ESP_TLS_SERVER is not set
+CONFIG_ESP_TLS_SERVER=y
 # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set
+# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set
 # CONFIG_ESP_TLS_PSK_VERIFICATION is not set
 # CONFIG_ESP_TLS_INSECURE is not set
 # end of ESP-TLS
@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server

 #
--- a/5
+++ b/5
@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192
 #
 CONFIG_ESP_TLS_USING_MBEDTLS=y
 # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set
-# CONFIG_ESP_TLS_SERVER is not set
+CONFIG_ESP_TLS_SERVER=y
 # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set
+# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set
 # CONFIG_ESP_TLS_PSK_VERIFICATION is not set
 # CONFIG_ESP_TLS_INSECURE is not set
 # end of ESP-TLS
@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server

 #
--- a/5
+++ b/5
@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192
 #
 CONFIG_ESP_TLS_USING_MBEDTLS=y
 # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set
-# CONFIG_ESP_TLS_SERVER is not set
+CONFIG_ESP_TLS_SERVER=y
 # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set
+# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set
 # CONFIG_ESP_TLS_PSK_VERIFICATION is not set
 # CONFIG_ESP_TLS_INSECURE is not set
 # end of ESP-TLS
@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server

 #
--- a/5
+++ b/5
@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192
 #
 CONFIG_ESP_TLS_USING_MBEDTLS=y
 # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set
-# CONFIG_ESP_TLS_SERVER is not set
+CONFIG_ESP_TLS_SERVER=y
 # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set
+# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set
 # CONFIG_ESP_TLS_PSK_VERIFICATION is not set
 # CONFIG_ESP_TLS_INSECURE is not set
 # end of ESP-TLS
@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server

 #
--- a/5
+++ b/5
@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192
 #
 CONFIG_ESP_TLS_USING_MBEDTLS=y
 # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set
-# CONFIG_ESP_TLS_SERVER is not set
+CONFIG_ESP_TLS_SERVER=y
 # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set
+# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set
 # CONFIG_ESP_TLS_PSK_VERIFICATION is not set
 # CONFIG_ESP_TLS_INSECURE is not set
 # end of ESP-TLS
@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server

 #