This software setup a central node of a star topology network
Dependencies: MQTT target_st_bluenrg
Fork of ble-star-mbed by
MQTTNetwork.h@5:5cfb069b2587, 2018-04-04 (annotated)
- Committer:
- lorevee
- Date:
- Wed Apr 04 14:42:35 2018 +0000
- Revision:
- 5:5cfb069b2587
- Parent:
- 4:4af40af2530e
default id
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
lorevee | 4:4af40af2530e | 1 | #ifndef _MQTTNETWORK_H_ |
lorevee | 4:4af40af2530e | 2 | #define _MQTTNETWORK_H_ |
lorevee | 4:4af40af2530e | 3 | |
lorevee | 4:4af40af2530e | 4 | #include "NetworkInterface.h" |
lorevee | 4:4af40af2530e | 5 | #include "mbedtls/platform.h" |
lorevee | 4:4af40af2530e | 6 | #include "mbedtls/ssl.h" |
lorevee | 4:4af40af2530e | 7 | #include "mbedtls/entropy.h" |
lorevee | 4:4af40af2530e | 8 | #include "mbedtls/ctr_drbg.h" |
lorevee | 4:4af40af2530e | 9 | #include "mbedtls/error.h" |
lorevee | 4:4af40af2530e | 10 | |
lorevee | 4:4af40af2530e | 11 | /* Change to a number between 1 and 4 to debug the TLS connection */ |
lorevee | 4:4af40af2530e | 12 | #define DEBUG_LEVEL 0 |
lorevee | 4:4af40af2530e | 13 | |
lorevee | 4:4af40af2530e | 14 | #if DEBUG_LEVEL > 0 |
lorevee | 4:4af40af2530e | 15 | #include "mbedtls/debug.h" |
lorevee | 4:4af40af2530e | 16 | #endif |
lorevee | 4:4af40af2530e | 17 | |
lorevee | 4:4af40af2530e | 18 | #define TLS_OFF 0 |
lorevee | 4:4af40af2530e | 19 | #define TLS_ON 1 |
lorevee | 4:4af40af2530e | 20 | |
lorevee | 4:4af40af2530e | 21 | /* personalization string for the drbg */ |
lorevee | 4:4af40af2530e | 22 | const char *DRBG_PERS = "mbed TLS Publisher for IBM Watson IoT"; |
lorevee | 4:4af40af2530e | 23 | |
lorevee | 4:4af40af2530e | 24 | /* List of trusted root CA certificates |
lorevee | 4:4af40af2530e | 25 | * currently only GlobalSign, the CA for os.mbed.com |
lorevee | 4:4af40af2530e | 26 | * |
lorevee | 4:4af40af2530e | 27 | * To add more than one root, just concatenate them. |
lorevee | 4:4af40af2530e | 28 | */ |
lorevee | 4:4af40af2530e | 29 | mbedtls_entropy_context _entropy; |
lorevee | 4:4af40af2530e | 30 | mbedtls_ctr_drbg_context _ctr_drbg; |
lorevee | 4:4af40af2530e | 31 | mbedtls_x509_crt _cacert; |
lorevee | 4:4af40af2530e | 32 | mbedtls_ssl_context _ssl; |
lorevee | 4:4af40af2530e | 33 | mbedtls_ssl_config _ssl_conf; |
lorevee | 4:4af40af2530e | 34 | |
lorevee | 4:4af40af2530e | 35 | class MQTTNetwork { |
lorevee | 4:4af40af2530e | 36 | public: |
lorevee | 4:4af40af2530e | 37 | MQTTNetwork(NetworkInterface *net_iface) : _network(net_iface) { |
lorevee | 4:4af40af2530e | 38 | _tcpsocket = new TCPSocket(); |
lorevee | 4:4af40af2530e | 39 | _tcpsocket->set_blocking(false); |
lorevee | 4:4af40af2530e | 40 | _is_tcpsocket_connected = 0; |
lorevee | 4:4af40af2530e | 41 | } |
lorevee | 4:4af40af2530e | 42 | |
lorevee | 4:4af40af2530e | 43 | ~MQTTNetwork() { |
lorevee | 4:4af40af2530e | 44 | if (_is_tcpsocket_connected && _tls) { |
lorevee | 4:4af40af2530e | 45 | mbedtls_ssl_session_reset( &_ssl ); |
lorevee | 4:4af40af2530e | 46 | mbedtls_entropy_free(&_entropy); |
lorevee | 4:4af40af2530e | 47 | mbedtls_ctr_drbg_free(&_ctr_drbg); |
lorevee | 4:4af40af2530e | 48 | mbedtls_x509_crt_free(&_cacert); |
lorevee | 4:4af40af2530e | 49 | mbedtls_ssl_free(&_ssl); |
lorevee | 4:4af40af2530e | 50 | mbedtls_ssl_config_free(&_ssl_conf); |
lorevee | 4:4af40af2530e | 51 | } |
lorevee | 4:4af40af2530e | 52 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 53 | delete _tcpsocket; |
lorevee | 4:4af40af2530e | 54 | } |
lorevee | 4:4af40af2530e | 55 | |
lorevee | 4:4af40af2530e | 56 | int read(unsigned char* buffer, int len, int timeout) { |
lorevee | 4:4af40af2530e | 57 | size_t _bpos = 0; int offset = 0; int ret = 0; |
lorevee | 4:4af40af2530e | 58 | if (_tls) { |
lorevee | 4:4af40af2530e | 59 | //_tcpsocket->set_timeout(timeout); |
lorevee | 4:4af40af2530e | 60 | /* Read data out of the socket */ |
lorevee | 4:4af40af2530e | 61 | offset = 0; |
lorevee | 4:4af40af2530e | 62 | Countdown timer; |
lorevee | 4:4af40af2530e | 63 | timer.countdown_ms(timeout); |
lorevee | 4:4af40af2530e | 64 | |
lorevee | 4:4af40af2530e | 65 | do { |
lorevee | 4:4af40af2530e | 66 | ret = mbedtls_ssl_read(&_ssl, buffer + offset, |
lorevee | 4:4af40af2530e | 67 | len - offset ); |
lorevee | 4:4af40af2530e | 68 | if (ret > 0) offset += ret; |
lorevee | 4:4af40af2530e | 69 | if (offset == len) return offset; |
lorevee | 4:4af40af2530e | 70 | if (timer.expired()) return 0; |
lorevee | 4:4af40af2530e | 71 | } while (ret == MBEDTLS_ERR_SSL_WANT_READ || |
lorevee | 4:4af40af2530e | 72 | ret == MBEDTLS_ERR_SSL_WANT_WRITE || ret == 0 ); |
lorevee | 4:4af40af2530e | 73 | if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) { |
lorevee | 4:4af40af2530e | 74 | print_mbedtls_error("MBEDTLS_ERR_SSL_CLIENT_RECONNECT\n\r", ret); |
lorevee | 4:4af40af2530e | 75 | // int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); |
lorevee | 4:4af40af2530e | 76 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 77 | _is_tcpsocket_connected = 0; |
lorevee | 4:4af40af2530e | 78 | return ret; |
lorevee | 4:4af40af2530e | 79 | } |
lorevee | 4:4af40af2530e | 80 | |
lorevee | 4:4af40af2530e | 81 | if (ret < 0) { |
lorevee | 4:4af40af2530e | 82 | print_mbedtls_error("mbedtls_ssl_read", ret); |
lorevee | 4:4af40af2530e | 83 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 84 | _is_tcpsocket_connected = 0; |
lorevee | 4:4af40af2530e | 85 | return ret; |
lorevee | 4:4af40af2530e | 86 | } |
lorevee | 4:4af40af2530e | 87 | return ret; |
lorevee | 4:4af40af2530e | 88 | } else { |
lorevee | 4:4af40af2530e | 89 | _tcpsocket->set_blocking(true); |
lorevee | 4:4af40af2530e | 90 | _tcpsocket->set_timeout(timeout); |
lorevee | 4:4af40af2530e | 91 | return _tcpsocket->recv(buffer, len); |
lorevee | 4:4af40af2530e | 92 | } |
lorevee | 4:4af40af2530e | 93 | } |
lorevee | 4:4af40af2530e | 94 | |
lorevee | 4:4af40af2530e | 95 | |
lorevee | 4:4af40af2530e | 96 | int write(unsigned char* buffer, int len, int timeout) { |
lorevee | 4:4af40af2530e | 97 | |
lorevee | 4:4af40af2530e | 98 | size_t _bpos = len; |
lorevee | 4:4af40af2530e | 99 | int offset = 0; int ret = 0; |
lorevee | 4:4af40af2530e | 100 | if (_tls) { |
lorevee | 4:4af40af2530e | 101 | do { |
lorevee | 4:4af40af2530e | 102 | ret = mbedtls_ssl_write(&_ssl, |
lorevee | 4:4af40af2530e | 103 | (const unsigned char *) buffer + offset, |
lorevee | 4:4af40af2530e | 104 | _bpos - offset); |
lorevee | 4:4af40af2530e | 105 | if (ret > 0) |
lorevee | 4:4af40af2530e | 106 | offset += ret; |
lorevee | 4:4af40af2530e | 107 | } while (offset < _bpos && (ret > 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || |
lorevee | 4:4af40af2530e | 108 | ret == MBEDTLS_ERR_SSL_WANT_WRITE)); |
lorevee | 4:4af40af2530e | 109 | if (ret < 0) { |
lorevee | 4:4af40af2530e | 110 | print_mbedtls_error("mbedtls_ssl_write", ret); |
lorevee | 4:4af40af2530e | 111 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 112 | _is_tcpsocket_connected = 0; |
lorevee | 4:4af40af2530e | 113 | return ret; |
lorevee | 4:4af40af2530e | 114 | } |
lorevee | 4:4af40af2530e | 115 | return ret; |
lorevee | 4:4af40af2530e | 116 | } else { |
lorevee | 4:4af40af2530e | 117 | _tcpsocket->set_blocking(true); |
lorevee | 4:4af40af2530e | 118 | _tcpsocket->set_timeout(timeout); |
lorevee | 4:4af40af2530e | 119 | return _tcpsocket->send(buffer, len); |
lorevee | 4:4af40af2530e | 120 | } |
lorevee | 4:4af40af2530e | 121 | } |
lorevee | 4:4af40af2530e | 122 | |
lorevee | 4:4af40af2530e | 123 | int connect(const char* hostname, int port, unsigned int tls=TLS_OFF, const char * cert=NULL, unsigned int sizeof_cert=0) { |
lorevee | 4:4af40af2530e | 124 | _tls = tls; |
lorevee | 4:4af40af2530e | 125 | if (tls == TLS_ON) { printf ("--->TLS is ON\n\r");}; |
lorevee | 4:4af40af2530e | 126 | if (tls == TLS_ON) { |
lorevee | 4:4af40af2530e | 127 | mbedtls_entropy_init(&_entropy); |
lorevee | 4:4af40af2530e | 128 | mbedtls_ctr_drbg_init(&_ctr_drbg); |
lorevee | 4:4af40af2530e | 129 | mbedtls_x509_crt_init(&_cacert); |
lorevee | 4:4af40af2530e | 130 | mbedtls_ssl_init(&_ssl); |
lorevee | 4:4af40af2530e | 131 | mbedtls_ssl_config_init(&_ssl_conf); |
lorevee | 4:4af40af2530e | 132 | /* |
lorevee | 4:4af40af2530e | 133 | * Initialize TLS-related stuf. |
lorevee | 4:4af40af2530e | 134 | */ |
lorevee | 4:4af40af2530e | 135 | int ret = 0; |
lorevee | 4:4af40af2530e | 136 | if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy, |
lorevee | 4:4af40af2530e | 137 | (const unsigned char *) DRBG_PERS, |
lorevee | 4:4af40af2530e | 138 | sizeof (DRBG_PERS))) != 0) { |
lorevee | 4:4af40af2530e | 139 | print_mbedtls_error("mbedtls_crt_drbg_init", ret); |
lorevee | 4:4af40af2530e | 140 | return ret; |
lorevee | 4:4af40af2530e | 141 | } |
lorevee | 4:4af40af2530e | 142 | if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) cert, |
lorevee | 4:4af40af2530e | 143 | sizeof_cert)) != 0) { |
lorevee | 4:4af40af2530e | 144 | print_mbedtls_error("mbedtls_x509_crt_parse", ret); |
lorevee | 4:4af40af2530e | 145 | return ret; |
lorevee | 4:4af40af2530e | 146 | } |
lorevee | 4:4af40af2530e | 147 | if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf, |
lorevee | 4:4af40af2530e | 148 | MBEDTLS_SSL_IS_CLIENT, |
lorevee | 4:4af40af2530e | 149 | MBEDTLS_SSL_TRANSPORT_STREAM, |
lorevee | 4:4af40af2530e | 150 | MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { |
lorevee | 4:4af40af2530e | 151 | print_mbedtls_error("mbedtls_ssl_config_defaults", ret); |
lorevee | 4:4af40af2530e | 152 | return ret; |
lorevee | 4:4af40af2530e | 153 | } |
lorevee | 4:4af40af2530e | 154 | mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL); |
lorevee | 4:4af40af2530e | 155 | mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg); |
lorevee | 4:4af40af2530e | 156 | /* It is possible to disable authentication by passing |
lorevee | 4:4af40af2530e | 157 | * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode() |
lorevee | 4:4af40af2530e | 158 | */ |
lorevee | 4:4af40af2530e | 159 | mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED); |
lorevee | 4:4af40af2530e | 160 | #if DEBUG_LEVEL > 0 |
lorevee | 4:4af40af2530e | 161 | mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL); |
lorevee | 4:4af40af2530e | 162 | mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL); |
lorevee | 4:4af40af2530e | 163 | mbedtls_debug_set_threshold(DEBUG_LEVEL); |
lorevee | 4:4af40af2530e | 164 | #endif |
lorevee | 4:4af40af2530e | 165 | if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) { |
lorevee | 4:4af40af2530e | 166 | print_mbedtls_error("mbedtls_ssl_setup", ret); |
lorevee | 4:4af40af2530e | 167 | return ret; |
lorevee | 4:4af40af2530e | 168 | } |
lorevee | 4:4af40af2530e | 169 | mbedtls_ssl_set_hostname(&_ssl, hostname); |
lorevee | 4:4af40af2530e | 170 | |
lorevee | 4:4af40af2530e | 171 | mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket), ssl_send, ssl_recv, NULL ); |
lorevee | 4:4af40af2530e | 172 | /* Connect to the server */ |
lorevee | 4:4af40af2530e | 173 | _tcpsocket->open(_network); |
lorevee | 4:4af40af2530e | 174 | mbedtls_printf("Connecting with %s port: %d\n", hostname, port); |
lorevee | 4:4af40af2530e | 175 | ret = _tcpsocket->connect(hostname, port); |
lorevee | 4:4af40af2530e | 176 | if (ret != NSAPI_ERROR_OK) { |
lorevee | 4:4af40af2530e | 177 | mbedtls_printf("Failed to connect\n"); |
lorevee | 4:4af40af2530e | 178 | printf("MBED: Socket Error: %d\n", ret); |
lorevee | 4:4af40af2530e | 179 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 180 | return ret; |
lorevee | 4:4af40af2530e | 181 | } |
lorevee | 4:4af40af2530e | 182 | printf ("--->TCP Connected\n\r"); |
lorevee | 4:4af40af2530e | 183 | _is_tcpsocket_connected = 1; |
lorevee | 4:4af40af2530e | 184 | |
lorevee | 4:4af40af2530e | 185 | /* Start the handshake, the rest will be done in onReceive() */ |
lorevee | 4:4af40af2530e | 186 | mbedtls_printf("Starting the TLS handshake...\n"); |
lorevee | 4:4af40af2530e | 187 | do { |
lorevee | 4:4af40af2530e | 188 | ret = mbedtls_ssl_handshake(&_ssl); |
lorevee | 4:4af40af2530e | 189 | } while (ret != 0 && (ret == MBEDTLS_ERR_SSL_WANT_READ || |
lorevee | 4:4af40af2530e | 190 | ret == MBEDTLS_ERR_SSL_WANT_WRITE)); |
lorevee | 4:4af40af2530e | 191 | if (ret < 0) { |
lorevee | 4:4af40af2530e | 192 | print_mbedtls_error("mbedtls_ssl_handshake", ret); |
lorevee | 4:4af40af2530e | 193 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 194 | return ret; |
lorevee | 4:4af40af2530e | 195 | } |
lorevee | 4:4af40af2530e | 196 | /* const uint32_t buf_size = 1024; |
lorevee | 4:4af40af2530e | 197 | char *buf = new char[buf_size]; |
lorevee | 4:4af40af2530e | 198 | mbedtls_x509_crt_info(buf, buf_size, "\r ", |
lorevee | 4:4af40af2530e | 199 | mbedtls_ssl_get_peer_cert(&_ssl)); |
lorevee | 4:4af40af2530e | 200 | mbedtls_printf("Server certificate:\n%s", buf); |
lorevee | 4:4af40af2530e | 201 | |
lorevee | 4:4af40af2530e | 202 | uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); |
lorevee | 4:4af40af2530e | 203 | if( flags != 0 ) |
lorevee | 4:4af40af2530e | 204 | { |
lorevee | 4:4af40af2530e | 205 | mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags); |
lorevee | 4:4af40af2530e | 206 | printf("Certificate verification failed:\n%s\n", buf); |
lorevee | 4:4af40af2530e | 207 | } |
lorevee | 4:4af40af2530e | 208 | else |
lorevee | 4:4af40af2530e | 209 | printf("Certificate verification passed\n\n"); |
lorevee | 4:4af40af2530e | 210 | */ |
lorevee | 4:4af40af2530e | 211 | _is_tcpsocket_connected = 1; |
lorevee | 4:4af40af2530e | 212 | return ret; |
lorevee | 4:4af40af2530e | 213 | |
lorevee | 4:4af40af2530e | 214 | } else { // tls off |
lorevee | 4:4af40af2530e | 215 | printf ("\r\n--->TLS is OFF\n"); |
lorevee | 4:4af40af2530e | 216 | _tcpsocket->open(_network); |
lorevee | 4:4af40af2530e | 217 | int ret = _tcpsocket->connect(hostname, port); |
lorevee | 4:4af40af2530e | 218 | if (ret != NSAPI_ERROR_OK) { |
lorevee | 4:4af40af2530e | 219 | mbedtls_printf("\r\nFailed to connect\n"); |
lorevee | 4:4af40af2530e | 220 | printf("\r\nMBED: Socket Error: %d\n", ret); |
lorevee | 4:4af40af2530e | 221 | _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 222 | return ret; |
lorevee | 4:4af40af2530e | 223 | } |
lorevee | 4:4af40af2530e | 224 | printf ("\r\n--->TCP Connected\n"); |
lorevee | 4:4af40af2530e | 225 | _is_tcpsocket_connected = 1; |
lorevee | 4:4af40af2530e | 226 | return ret; |
lorevee | 4:4af40af2530e | 227 | } |
lorevee | 4:4af40af2530e | 228 | } |
lorevee | 4:4af40af2530e | 229 | |
lorevee | 4:4af40af2530e | 230 | int disconnect() { |
lorevee | 4:4af40af2530e | 231 | if (_is_tcpsocket_connected && _tls == TLS_ON) { |
lorevee | 4:4af40af2530e | 232 | mbedtls_ssl_session_reset( &_ssl ); |
lorevee | 4:4af40af2530e | 233 | mbedtls_entropy_free(&_entropy); |
lorevee | 4:4af40af2530e | 234 | mbedtls_ctr_drbg_free(&_ctr_drbg); |
lorevee | 4:4af40af2530e | 235 | mbedtls_x509_crt_free(&_cacert); |
lorevee | 4:4af40af2530e | 236 | mbedtls_ssl_free(&_ssl); |
lorevee | 4:4af40af2530e | 237 | mbedtls_ssl_config_free(&_ssl_conf); |
lorevee | 4:4af40af2530e | 238 | } |
lorevee | 4:4af40af2530e | 239 | _is_tcpsocket_connected = 0; |
lorevee | 4:4af40af2530e | 240 | return _tcpsocket->close(); |
lorevee | 4:4af40af2530e | 241 | } |
lorevee | 4:4af40af2530e | 242 | |
lorevee | 4:4af40af2530e | 243 | bool isConnected () { return _is_tcpsocket_connected; } |
lorevee | 4:4af40af2530e | 244 | |
lorevee | 4:4af40af2530e | 245 | private: |
lorevee | 4:4af40af2530e | 246 | NetworkInterface* _network; |
lorevee | 4:4af40af2530e | 247 | unsigned int _is_tcpsocket_connected; |
lorevee | 4:4af40af2530e | 248 | |
lorevee | 4:4af40af2530e | 249 | protected: |
lorevee | 4:4af40af2530e | 250 | /** |
lorevee | 4:4af40af2530e | 251 | * Helper for pretty-printing mbed TLS error codes |
lorevee | 4:4af40af2530e | 252 | */ |
lorevee | 4:4af40af2530e | 253 | static void print_mbedtls_error(const char *name, int err) { |
lorevee | 4:4af40af2530e | 254 | char buf[128]; |
lorevee | 4:4af40af2530e | 255 | mbedtls_strerror(err, buf, sizeof (buf)); |
lorevee | 4:4af40af2530e | 256 | mbedtls_printf("%s() failed: -0x%04x (%d): %s\n", name, -err, err, buf); |
lorevee | 4:4af40af2530e | 257 | } |
lorevee | 4:4af40af2530e | 258 | |
lorevee | 4:4af40af2530e | 259 | #if DEBUG_LEVEL > 0 |
lorevee | 4:4af40af2530e | 260 | /** |
lorevee | 4:4af40af2530e | 261 | * Debug callback for Mbed TLS |
lorevee | 4:4af40af2530e | 262 | * Just prints on the USB serial port |
lorevee | 4:4af40af2530e | 263 | */ |
lorevee | 4:4af40af2530e | 264 | static void my_debug(void *ctx, int level, const char *file, int line, |
lorevee | 4:4af40af2530e | 265 | const char *str) |
lorevee | 4:4af40af2530e | 266 | { |
lorevee | 4:4af40af2530e | 267 | const char *p, *basename; |
lorevee | 4:4af40af2530e | 268 | (void) ctx; |
lorevee | 4:4af40af2530e | 269 | |
lorevee | 4:4af40af2530e | 270 | /* Extract basename from file */ |
lorevee | 4:4af40af2530e | 271 | for(p = basename = file; *p != '\0'; p++) { |
lorevee | 4:4af40af2530e | 272 | if(*p == '/' || *p == '\\') { |
lorevee | 4:4af40af2530e | 273 | basename = p + 1; |
lorevee | 4:4af40af2530e | 274 | } |
lorevee | 4:4af40af2530e | 275 | } |
lorevee | 4:4af40af2530e | 276 | |
lorevee | 4:4af40af2530e | 277 | mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); |
lorevee | 4:4af40af2530e | 278 | } |
lorevee | 4:4af40af2530e | 279 | |
lorevee | 4:4af40af2530e | 280 | /** |
lorevee | 4:4af40af2530e | 281 | * Certificate verification callback for Mbed TLS |
lorevee | 4:4af40af2530e | 282 | * Here we only use it to display information on each cert in the chain |
lorevee | 4:4af40af2530e | 283 | */ |
lorevee | 4:4af40af2530e | 284 | static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) |
lorevee | 4:4af40af2530e | 285 | { |
lorevee | 4:4af40af2530e | 286 | const uint32_t buf_size = 1024; |
lorevee | 4:4af40af2530e | 287 | char *buf = new char[buf_size]; |
lorevee | 4:4af40af2530e | 288 | (void) data; |
lorevee | 4:4af40af2530e | 289 | |
lorevee | 4:4af40af2530e | 290 | mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); |
lorevee | 4:4af40af2530e | 291 | mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); |
lorevee | 4:4af40af2530e | 292 | mbedtls_printf("%s", buf); |
lorevee | 4:4af40af2530e | 293 | |
lorevee | 4:4af40af2530e | 294 | if (*flags == 0) |
lorevee | 4:4af40af2530e | 295 | mbedtls_printf("No verification issue for this certificate\n"); |
lorevee | 4:4af40af2530e | 296 | else |
lorevee | 4:4af40af2530e | 297 | { |
lorevee | 4:4af40af2530e | 298 | mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); |
lorevee | 4:4af40af2530e | 299 | mbedtls_printf("%s\n", buf); |
lorevee | 4:4af40af2530e | 300 | } |
lorevee | 4:4af40af2530e | 301 | |
lorevee | 4:4af40af2530e | 302 | delete[] buf; |
lorevee | 4:4af40af2530e | 303 | return 0; |
lorevee | 4:4af40af2530e | 304 | } |
lorevee | 4:4af40af2530e | 305 | #endif |
lorevee | 4:4af40af2530e | 306 | |
lorevee | 4:4af40af2530e | 307 | /** |
lorevee | 4:4af40af2530e | 308 | * Receive callback for Mbed TLS |
lorevee | 4:4af40af2530e | 309 | */ |
lorevee | 4:4af40af2530e | 310 | static int ssl_recv(void *ctx, unsigned char *buf, size_t len) { |
lorevee | 4:4af40af2530e | 311 | int recv = -1; |
lorevee | 4:4af40af2530e | 312 | TCPSocket *socket = static_cast<TCPSocket *>(ctx); |
lorevee | 4:4af40af2530e | 313 | recv = socket->recv(buf, len); |
lorevee | 4:4af40af2530e | 314 | |
lorevee | 4:4af40af2530e | 315 | if(NSAPI_ERROR_WOULD_BLOCK == recv){ |
lorevee | 4:4af40af2530e | 316 | return MBEDTLS_ERR_SSL_WANT_READ; |
lorevee | 4:4af40af2530e | 317 | }else if(recv < 0){ |
lorevee | 4:4af40af2530e | 318 | mbedtls_printf("Socket recv error %d\n", recv); |
lorevee | 4:4af40af2530e | 319 | return -1; |
lorevee | 4:4af40af2530e | 320 | }else{ |
lorevee | 4:4af40af2530e | 321 | return recv; |
lorevee | 4:4af40af2530e | 322 | } |
lorevee | 4:4af40af2530e | 323 | } |
lorevee | 4:4af40af2530e | 324 | |
lorevee | 4:4af40af2530e | 325 | /** |
lorevee | 4:4af40af2530e | 326 | * Send callback for Mbed TLS |
lorevee | 4:4af40af2530e | 327 | */ |
lorevee | 4:4af40af2530e | 328 | static int ssl_send(void *ctx, const unsigned char *buf, size_t len) { |
lorevee | 4:4af40af2530e | 329 | int size = -1; |
lorevee | 4:4af40af2530e | 330 | TCPSocket *socket = static_cast<TCPSocket *>(ctx); |
lorevee | 4:4af40af2530e | 331 | size = socket->send(buf, len); |
lorevee | 4:4af40af2530e | 332 | |
lorevee | 4:4af40af2530e | 333 | if(NSAPI_ERROR_WOULD_BLOCK == size){ |
lorevee | 4:4af40af2530e | 334 | return MBEDTLS_ERR_SSL_WANT_WRITE; |
lorevee | 4:4af40af2530e | 335 | }else if(size < 0){ |
lorevee | 4:4af40af2530e | 336 | mbedtls_printf("Socket send error %d\n", size); |
lorevee | 4:4af40af2530e | 337 | return -1; |
lorevee | 4:4af40af2530e | 338 | }else{ |
lorevee | 4:4af40af2530e | 339 | return size; |
lorevee | 4:4af40af2530e | 340 | } |
lorevee | 4:4af40af2530e | 341 | } |
lorevee | 4:4af40af2530e | 342 | |
lorevee | 4:4af40af2530e | 343 | TCPSocket* _tcpsocket; |
lorevee | 4:4af40af2530e | 344 | volatile bool _disconnected; |
lorevee | 4:4af40af2530e | 345 | unsigned int _tls; |
lorevee | 4:4af40af2530e | 346 | }; |
lorevee | 4:4af40af2530e | 347 | |
lorevee | 4:4af40af2530e | 348 | |
lorevee | 4:4af40af2530e | 349 | #endif // _MQTTNETWORK_H_ |