NuMaker connection with AWS IoT thru MQTT/HTTPS

Dependencies:   MQTT

Revision:
41:b878d7cd7035
Parent:
25:edf568984d27
diff -r 5a813d7ad6d8 -r b878d7cd7035 my-tlssocket/MyTLSSocket.cpp
--- a/my-tlssocket/MyTLSSocket.cpp	Thu Nov 12 16:24:00 2020 +0800
+++ b/my-tlssocket/MyTLSSocket.cpp	Fri Mar 27 14:32:06 2020 +0800
@@ -1,243 +1,53 @@
 #include "mbed.h"
 #include "MyTLSSocket.h"
 
-
-MyTLSSocket::MyTLSSocket(NetworkInterface* net_iface, const char* ssl_ca_pem, const char* ssl_owncert_pem, const char* ssl_own_priv_key_pem)
+MyTLSSocket::MyTLSSocket()
 {
-    _tcpsocket = new TCPSocket(net_iface);
-    _ssl_ca_pem = ssl_ca_pem;
-    _ssl_owncert_pem = ssl_owncert_pem;
-    _ssl_own_priv_key_pem = ssl_own_priv_key_pem;
-    _is_connected = false;
-    _debug = false;
-    _hostname = NULL;
-    _port = 0;
-    _error = 0;
+    /* TLSSocket prints debug message thru mbed-trace. We override it and print thru STDIO. */
+#if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0
+    mbedtls_ssl_conf_verify(get_ssl_config(), my_verify, this);
+    mbedtls_ssl_conf_dbg(get_ssl_config(), my_debug, this);
+    mbedtls_debug_set_threshold(MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL);
+#endif
 
-    DRBG_PERS = "mbed TLS helloword client";
-
-    mbedtls_entropy_init(&_entropy);
-    mbedtls_ctr_drbg_init(&_ctr_drbg);
-    mbedtls_x509_crt_init(&_cacert);
-    mbedtls_x509_crt_init(&_owncert);
-    mbedtls_pk_init(&_own_priv_key);
-    mbedtls_ssl_init(&_ssl);
-    mbedtls_ssl_config_init(&_ssl_conf);
+    /* Enable RFC 6066 max_fragment_length extension in SSL */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && (MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN > 0)
+    mbedtls_ssl_conf_max_frag_len(get_ssl_config(), MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN);
+#endif
 }
 
 MyTLSSocket::~MyTLSSocket()
 {
-    mbedtls_entropy_free(&_entropy);
-    mbedtls_ctr_drbg_free(&_ctr_drbg);
-    mbedtls_x509_crt_free(&_cacert);
-    mbedtls_x509_crt_free(&_owncert);
-    mbedtls_pk_free(&_own_priv_key);
-    mbedtls_ssl_free(&_ssl);
-    mbedtls_ssl_config_free(&_ssl_conf);
-
-    if (_tcpsocket) {
-        _tcpsocket->close();
-        delete _tcpsocket;
-    }
 }
 
-nsapi_error_t MyTLSSocket::close()
-{
-    return _tcpsocket->close();
-}
-    
-nsapi_error_t MyTLSSocket::connect(const char *hostname, uint16_t port)
-{
-    _hostname = hostname;
-    _port = port;
-        
-    /* Initialize the flags */
-    /*
-     * Initialize TLS-related stuf.
-     */
-    int ret;
-    if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
-                                    (const unsigned char *) DRBG_PERS,
-                                    sizeof (DRBG_PERS))) != 0) {
-        print_mbedtls_error("mbedtls_crt_drbg_init", ret);
-        _error = ret;
-        return _error;
-    }
-
-    if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
-                                      strlen(_ssl_ca_pem) + 1)) != 0) {
-        print_mbedtls_error("mbedtls_x509_crt_parse", ret);
-        _error = ret;
-        return _error;
-    }
-
-    if ((ret = mbedtls_x509_crt_parse(&_owncert, (const unsigned char *) _ssl_owncert_pem,
-                                      strlen(_ssl_owncert_pem) + 1)) != 0) {
-        print_mbedtls_error("mbedtls_x509_crt_parse", ret);
-        _error = ret;
-        return _error;
-    }
-        
-    if ((ret = mbedtls_pk_parse_key(&_own_priv_key, (const unsigned char *) _ssl_own_priv_key_pem,
-                                    strlen(_ssl_own_priv_key_pem) + 1, NULL, 0)) != 0) {
-        print_mbedtls_error("mbedtls_pk_parse_key", ret);
-        _error = ret;
-        return _error;
-    }
-        
-    if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
-                                           MBEDTLS_SSL_IS_CLIENT,
-                                           MBEDTLS_SSL_TRANSPORT_STREAM,
-                                           MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
-        print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
-        _error = ret;
-        return _error;
-    }
-
-    mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
-    mbedtls_ssl_conf_own_cert(&_ssl_conf, &_owncert, &_own_priv_key);
-    mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
-
-    /* It is possible to disable authentication by passing
-     * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
-     */
-    mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-
-    /* Enable RFC 6066 max_fragment_length extension in SSL */
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && (MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN > 0)
-    mbedtls_ssl_conf_max_frag_len(&_ssl_conf, MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN);
-#endif
-
-#if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0
-    mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, this);
-    mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, this);
-    mbedtls_debug_set_threshold(MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL);
-#endif
-
-    if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
-        print_mbedtls_error("mbedtls_ssl_setup", ret);
-        _error = ret;
-        return _error;
-    }
-
-    mbedtls_ssl_set_hostname(&_ssl, _hostname);
-
-    mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
-                        ssl_send, ssl_recv, NULL );
-
-    /* Connect to the server */
-    if (_debug) {
-        mbedtls_printf("Connecting to %s:%d\r\n", _hostname, _port);
-    }
-    ret = _tcpsocket->connect(_hostname, _port);
-    if (ret != NSAPI_ERROR_OK) {
-        if (_debug) {
-            mbedtls_printf("Failed to connect\r\n");
-        }
-        onError(_tcpsocket, -1);
-        return _error;
-    }
-
-    /* Start the handshake, the rest will be done in onReceive() */
-    if (_debug) {
-        mbedtls_printf("Starting the TLS handshake...\r\n");
-    }
-    do {
-        ret = mbedtls_ssl_handshake(&_ssl);
-    } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);
-    if (ret < 0) {
-        print_mbedtls_error("mbedtls_ssl_handshake", ret);
-        onError(_tcpsocket, ret);
-        return ret;
-    }
-            
-    /* It also means the handshake is done, time to print info */
-    if (_debug) {
-        mbedtls_printf("TLS connection to %s:%d established\r\n", _hostname, _port);
-    }
-
-    const uint32_t buf_size = 1024;
-    char *buf = new char[buf_size];
-    mbedtls_x509_crt_info(buf, buf_size, "\r    ", mbedtls_ssl_get_peer_cert(&_ssl));
-    if (_debug) {
-        mbedtls_printf("Server certificate:\r\n%s\r", buf);
-    }
-
-    uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
-    if (flags != 0) {
-        mbedtls_x509_crt_verify_info(buf, buf_size, "\r  ! ", flags);
-        if (_debug) {
-            mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
-        }
-    }
-    else {
-        if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
-    }
-    delete [] buf;
-    buf = NULL;
-
-    _is_connected = true;
-
-    return 0;
-}
-
-nsapi_size_or_error_t MyTLSSocket::send(const void *data, nsapi_size_t size)
-{
-    return mbedtls_ssl_write(&_ssl, (const uint8_t *) data, size);
-}
-    
-nsapi_size_or_error_t MyTLSSocket::recv(void *data, nsapi_size_t size)
-{
-    return mbedtls_ssl_read(&_ssl, (uint8_t *) data, size);
-}
-
-void MyTLSSocket::set_blocking(bool blocking)
-{
-    _tcpsocket->set_blocking(blocking);
-}
-
-void MyTLSSocket::set_timeout(int timeout)
-{
-    _tcpsocket->set_timeout(timeout);
-}
-    
-bool MyTLSSocket::connected()
-{
-    return _is_connected;
-}
-
-nsapi_error_t MyTLSSocket::error()
-{
-    return _error;
-}
-
-TCPSocket* MyTLSSocket::get_tcp_socket()
-{
-    return _tcpsocket;
-}
-
-mbedtls_ssl_context *MyTLSSocket::get_ssl_context()
-{
-    return &_ssl;
-}
-
-void MyTLSSocket::set_debug(bool debug)
-{
-    _debug = debug;
-}
-    
 int MyTLSSocket::read(unsigned char* buffer, int len, int timeout)
 {
     set_timeout(timeout);
+
     int rc = recv(buffer, len);
-    return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
+    if (rc >= 0) {
+        return rc;
+    } else if (rc == NSAPI_ERROR_WOULD_BLOCK) {
+        return 0;
+    } else {
+        printf("TLSSocket recv(%d) failed with %d\n", len, rc);
+        return -1;
+    }
 }
 
 int MyTLSSocket::write(unsigned char* buffer, int len, int timeout)
 {
     set_timeout(timeout);
+
     int rc = send(buffer, len);
-    return (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE) ? 0 : rc;
+    if (rc >= 0) {
+        return rc;
+    } else if (rc == NSAPI_ERROR_WOULD_BLOCK) {
+        return 0;
+    } else {
+        printf("TLSSocket send(%d) failed with %d\n", len, rc);
+        return -1;
+    }
 }
 
 #if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0
@@ -254,9 +64,7 @@
         }
     }
 
-    if (tlssocket->_debug) {
-        mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
-    }
+    mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
 }
 
 int MyTLSSocket::my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
@@ -265,65 +73,19 @@
     char *buf = new char[buf_size];
     MyTLSSocket *tlssocket = static_cast<MyTLSSocket *>(data);
 
-    if (tlssocket->_debug) {
-        mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
-    }
+    printf("\nVerifying certificate at depth %d:\n", depth);
     mbedtls_x509_crt_info(buf, buf_size - 1, "  ", crt);
-    if (tlssocket->_debug) {
-        mbedtls_printf("%s", buf);
-    }
-    
+    printf("%s", buf);
+
     if (*flags == 0) {
-        if (tlssocket->_debug) {
-            mbedtls_printf("No verification issue for this certificate\n");
-        }
-    }
-    else {
+        printf("No verification issue for this certificate\n");
+    } else {
         mbedtls_x509_crt_verify_info(buf, buf_size, "  ! ", *flags);
-        if (tlssocket->_debug) mbedtls_printf("%s\n", buf);
+        printf("%s\n", buf);
     }
 
     delete[] buf;
+
     return 0;
 }
 #endif
-
-int MyTLSSocket::ssl_recv(void *ctx, unsigned char *buf, size_t len)
-{
-    int recv = -1;
-    TCPSocket *socket = static_cast<TCPSocket *>(ctx);
-    recv = socket->recv(buf, len);
-
-    if (NSAPI_ERROR_WOULD_BLOCK == recv) {
-        return MBEDTLS_ERR_SSL_WANT_READ;
-    }
-    else if (recv < 0) {
-        return -1;
-    }
-    else {
-        return recv;
-    }
-}
-
-int MyTLSSocket::ssl_send(void *ctx, const unsigned char *buf, size_t len)
-{
-    int size = -1;
-    TCPSocket *socket = static_cast<TCPSocket *>(ctx);
-    size = socket->send(buf, len);
-
-    if (NSAPI_ERROR_WOULD_BLOCK == size) {
-        return MBEDTLS_ERR_SSL_WANT_WRITE;
-    }
-    else if (size < 0) {
-        return -1;
-    }
-    else {
-        return size;
-    }
-}
-
-void MyTLSSocket::onError(TCPSocket *s, int error)
-{
-    s->close();
-    _error = error;
-}