yh Tang
/
NuMaker-mbed-AWS-IoT-example
NuMaker connection with AWS IoT thru MQTT/HTTPS
Diff: my-tlssocket/MyTLSSocket.h
- Revision:
- 25:edf568984d27
diff -r 97cdb9465331 -r edf568984d27 my-tlssocket/MyTLSSocket.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/my-tlssocket/MyTLSSocket.h Mon Apr 15 15:40:16 2019 +0800 @@ -0,0 +1,172 @@ +#ifndef _MY_TLS_SOCKET_H_ +#define _MY_TLS_SOCKET_H_ + +#include "mbedtls/platform.h" +#include "mbedtls/ssl.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/error.h" + +#if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0 +#include "mbedtls/debug.h" +#endif + +#include "mbedtls_utils.h" + +/** + * \brief MyTLSSocket a wrapper around TCPSocket for interacting with TLS servers + */ +class MyTLSSocket { +public: + MyTLSSocket(NetworkInterface* net_iface, const char* ssl_ca_pem, const char* ssl_owncert_pem, const char* ssl_own_priv_key_pem); + ~MyTLSSocket(); + + /** Close the socket + * + * Closes any open connection and deallocates any memory associated + * with the socket. Called from destructor if socket is not closed. + * + * @return 0 on success, negative error code on failure + */ + nsapi_error_t close(); + + nsapi_error_t connect(const char *hostname, uint16_t port); + + /** Send data over a TCP socket + * + * The socket must be connected to a remote host. Returns the number of + * bytes sent from the buffer. + * + * By default, send blocks until all data is sent. If socket is set to + * non-blocking or times out, a partial amount can be written. + * NSAPI_ERROR_WOULD_BLOCK is returned if no data was written. + * + * @param data Buffer of data to send to the host + * @param size Size of the buffer in bytes + * @return Number of sent bytes on success, negative error + * code on failure + */ + nsapi_size_or_error_t send(const void *data, nsapi_size_t size); + + /** Receive data over a TCP socket + * + * The socket must be connected to a remote host. Returns the number of + * bytes received into the buffer. + * + * By default, recv blocks until some data is received. If socket is set to + * non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK can be returned to + * indicate no data. + * + * @param data Destination buffer for data received from the host + * @param size Size of the buffer in bytes + * @return Number of received bytes on success, negative error + * code on failure + */ + nsapi_size_or_error_t recv(void *data, nsapi_size_t size); + + /** Set blocking or non-blocking mode of the socket + * + * Initially all sockets are in blocking mode. In non-blocking mode + * blocking operations such as send/recv/accept return + * NSAPI_ERROR_WOULD_BLOCK if they can not continue. + * + * set_blocking(false) is equivalent to set_timeout(-1) + * set_blocking(true) is equivalent to set_timeout(0) + * + * @param blocking true for blocking mode, false for non-blocking mode. + */ + void set_blocking(bool blocking); + + /** Set timeout on blocking socket operations + * + * Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK + * is returned if a blocking operation takes longer than the specified + * timeout. A timeout of 0 removes the timeout from the socket. A negative + * value give the socket an unbounded timeout. + * + * set_timeout(0) is equivalent to set_blocking(false) + * set_timeout(-1) is equivalent to set_blocking(true) + * + * @param timeout Timeout in milliseconds + */ + void set_timeout(int timeout); + + bool connected(); + + nsapi_error_t error(); + + TCPSocket* get_tcp_socket(); + + mbedtls_ssl_context* get_ssl_context(); + + /** + * Set the debug flag. + * + * If this flag is set, debug information from mbed TLS will be logged to stdout. + */ + void set_debug(bool debug); + + /** + * Timed recv for MQTT lib + */ + int read(unsigned char* buffer, int len, int timeout); + + /** + * Timed send for MQTT lib + */ + int write(unsigned char* buffer, int len, int timeout); + +protected: + +#if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0 + /** + * Debug callback for mbed TLS + * Just prints on the USB serial port + */ + static void my_debug(void *ctx, int level, const char *file, int line, + const char *str); + + /** + * Certificate verification callback for mbed TLS + * Here we only use it to display information on each cert in the chain + */ + static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags); +#endif + + /** + * Receive callback for mbed TLS + */ + static int ssl_recv(void *ctx, unsigned char *buf, size_t len); + + /** + * Send callback for mbed TLS + */ + static int ssl_send(void *ctx, const unsigned char *buf, size_t len); + +private: + void onError(TCPSocket *s, int error); + + TCPSocket* _tcpsocket; + + const char* DRBG_PERS; + const char* _ssl_ca_pem; + const char* _ssl_owncert_pem; + const char* _ssl_own_priv_key_pem; + const char* _hostname; + uint16_t _port; + + bool _debug; + bool _is_connected; + + nsapi_error_t _error; + + mbedtls_entropy_context _entropy; + mbedtls_ctr_drbg_context _ctr_drbg; + mbedtls_x509_crt _cacert; + mbedtls_x509_crt _owncert; + mbedtls_pk_context _own_priv_key; + mbedtls_ssl_context _ssl; + mbedtls_ssl_config _ssl_conf; +}; + +#endif // _MY_TLS_SOCKET_H_