Catie fork
Dependencies: SDFileSystem X_NUCLEO_IKS01A1
Fork of ATT_AWS_IoT_demo by
main.cpp
- Committer:
- mbed_official
- Date:
- 2016-09-06
- Revision:
- 9:1ac74f2d7bda
- Parent:
- 0:fc70c47eecb4
- Child:
- 12:1ae41c231014
File content as of revision 9:1ac74f2d7bda:
/* * Hello world example of a TLS client: fetch an HTTPS page * * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) */ /** \file main.cpp * \brief An example TLS Client application * This application sends an HTTPS request to developer.mbed.org and searches for a string in * the result. * * This example is implemented as a logic class (HelloHTTPS) wrapping a TCP socket. * The logic class handles all events, leaving the main loop to just check if the process * has finished. */ /* Change to a number between 1 and 4 to debug the TLS connection */ #define DEBUG_LEVEL 0 /* Change to 1 to skip certificate verification (UNSAFE, for debug only!) */ #define UNSAFE 0 #include "mbed.h" #include "NetworkStack.h" #include "EthernetInterface.h" #include "TCPSocket.h" #include "mbedtls/platform.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" #if DEBUG_LEVEL > 0 #include "mbedtls/debug.h" #endif namespace { const char *HTTPS_SERVER_NAME = "developer.mbed.org"; const int HTTPS_SERVER_PORT = 443; const int RECV_BUFFER_SIZE = 600; const char HTTPS_PATH[] = "/media/uploads/mbed_official/hello.txt"; const size_t HTTPS_PATH_LEN = sizeof(HTTPS_PATH) - 1; /* Test related data */ const char *HTTPS_OK_STR = "200 OK"; const char *HTTPS_HELLO_STR = "Hello world!"; /* personalization string for the drbg */ const char *DRBG_PERS = "mbed TLS helloword client"; /* List of trusted root CA certificates * currently only GlobalSign, the CA for developer.mbed.org * * To add more than one root, just concatenate them. */ const char SSL_CA_PEM[] = /* GlobalSign Root certificate */ "-----BEGIN CERTIFICATE-----\n" "MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG\n" "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n" "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw\n" "MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n" "YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW\n" "YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" "DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc\n" "C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj\n" "SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj\n" "mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt\n" "Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl\n" "2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B\n" "Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT\n" "HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0\n" "dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow\n" "KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB\n" "BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv\n" "bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI\n" "hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s\n" "32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy\n" "XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3\n" "30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA\n" "SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G\n" "K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=\n" "-----END CERTIFICATE-----\n"; #if OLD_CERTIFICATE /* GlobalSign Root R1 SHA1/RSA/2048 * Serial no. 04 00 00 00 00 01 15 4b 5a c3 94 */ "-----BEGIN CERTIFICATE-----\n" "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n" "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n" "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n" "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n" "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n" "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n" "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n" "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n" "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n" "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n" "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n" "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n" "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n" "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n" "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n" "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n" "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n" "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n" "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n" "-----END CERTIFICATE-----\n"; #endif } /** * \brief HelloHTTPS implements the logic for fetching a file from a webserver * using a TCP socket and parsing the result. */ class HelloHTTPS { public: /** * HelloHTTPS Constructor * Initializes the TCP socket, sets up event handlers and flags. * * @param[in] domain The domain name to fetch from * @param[in] port The port of the HTTPS server */ HelloHTTPS(const char * domain, const uint16_t port, NetworkInterface *net_iface) : _domain(domain), _port(port) { _error = false; _gothello = false; _got200 = false; _bpos = 0; _request_sent = 0; _tcpsocket = new TCPSocket(net_iface); mbedtls_entropy_init(&_entropy); mbedtls_ctr_drbg_init(&_ctr_drbg); mbedtls_x509_crt_init(&_cacert); mbedtls_ssl_init(&_ssl); mbedtls_ssl_config_init(&_ssl_conf); } /** * HelloHTTPS Desctructor */ ~HelloHTTPS() { mbedtls_entropy_free(&_entropy); mbedtls_ctr_drbg_free(&_ctr_drbg); mbedtls_x509_crt_free(&_cacert); mbedtls_ssl_free(&_ssl); mbedtls_ssl_config_free(&_ssl_conf); } /** * Start the test. * * Starts by clearing test flags, then resolves the address with DNS. * * @param[in] path The path of the file to fetch from the HTTPS server * @return SOCKET_ERROR_NONE on success, or an error code on failure */ void startTest(const char *path) { /* Initialize the flags */ _got200 = false; _gothello = false; _error = false; _disconnected = false; _request_sent = false; /* Fill the request buffer */ _bpos = snprintf(_buffer, sizeof(_buffer) - 1, "GET %s HTTP/1.1\nHost: %s\n\n", path, HTTPS_SERVER_NAME); /* * Initialize TLS-related stuf. */ int ret; if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy, (const unsigned char *) DRBG_PERS, sizeof (DRBG_PERS))) != 0) { print_mbedtls_error("mbedtls_crt_drbg_init", ret); _error = true; return; } if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) SSL_CA_PEM, sizeof (SSL_CA_PEM))) != 0) { print_mbedtls_error("mbedtls_x509_crt_parse", ret); _error = true; return; } if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { print_mbedtls_error("mbedtls_ssl_config_defaults", ret); _error = true; return; } mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL); mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg); #if UNSAFE mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL); #endif #if DEBUG_LEVEL > 0 mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL); mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL); mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) { print_mbedtls_error("mbedtls_ssl_setup", ret); _error = true; return; } mbedtls_ssl_set_hostname(&_ssl, HTTPS_SERVER_NAME); mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket), ssl_send, ssl_recv, NULL ); /* Connect to the server */ mbedtls_printf("Connecting with %s\r\n", _domain); _tcpsocket->connect( _domain, _port ); /* Start the handshake, the rest will be done in onReceive() */ mbedtls_printf("Starting the TLS handshake...\r\n"); ret = mbedtls_ssl_handshake(&_ssl); if (ret < 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { print_mbedtls_error("mbedtls_ssl_handshake", ret); onError(_tcpsocket, -1 ); } return; } ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) _buffer, _bpos); if (ret < 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { print_mbedtls_error("mbedtls_ssl_write", ret); onError(_tcpsocket, -1 ); } return; } /* It also means the handshake is done, time to print info */ printf("TLS connection to %s established\r\n", HTTPS_SERVER_NAME); const uint32_t buf_size = 1024; char *buf = new char[buf_size]; mbedtls_x509_crt_info(buf, buf_size, "\r ", mbedtls_ssl_get_peer_cert(&_ssl)); mbedtls_printf("Server certificate:\r\n%s\r", buf); #if defined(UNSAFE) uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); if( flags != 0 ) { mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags); printf("Certificate verification failed:\r\n%s\r\r\n", buf); } else #endif printf("Certificate verification passed\r\n\r\n"); /* Read data out of the socket */ ret = mbedtls_ssl_read(&_ssl, (unsigned char *) _buffer, sizeof(_buffer)); if (ret < 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { print_mbedtls_error("mbedtls_ssl_read", ret); onError(_tcpsocket, -1 ); } delete[] buf; return; } _bpos = static_cast<size_t>(ret); _buffer[_bpos] = 0; /* Check each of the flags */ _got200 = _got200 || strstr(_buffer, HTTPS_OK_STR) != NULL; _gothello = _gothello || strstr(_buffer, HTTPS_HELLO_STR) != NULL; /* Print status messages */ mbedtls_printf("HTTPS: Received %d chars from server\r\n", _bpos); mbedtls_printf("HTTPS: Received 200 OK status ... %s\r\n", _got200 ? "[OK]" : "[FAIL]"); mbedtls_printf("HTTPS: Received '%s' status ... %s\r\n", HTTPS_HELLO_STR, _gothello ? "[OK]" : "[FAIL]"); mbedtls_printf("HTTPS: Received message:\r\n\r\n"); mbedtls_printf("%s", _buffer); _error = !(_got200 && _gothello); _tcpsocket->close(); delete[] buf; } /** * Check if the test has completed. * @return Returns true if done, false otherwise. */ bool done() { return _error || (_got200 && _gothello); } /** * Check if there was an error * @return Returns true if there was an error, false otherwise. */ bool error() { return _error; } /** * Closes the TCP socket */ void close() { _tcpsocket->close(); while (!_disconnected) __WFI(); } protected: /** * Helper for pretty-printing mbed TLS error codes */ static void print_mbedtls_error(const char *name, int err) { char buf[128]; mbedtls_strerror(err, buf, sizeof (buf)); mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf); } #if DEBUG_LEVEL > 0 /** * Debug callback for mbed TLS * Just prints on the USB serial port */ static void my_debug(void *ctx, int level, const char *file, int line, const char *str) { const char *p, *basename; (void) ctx; /* Extract basename from file */ for(p = basename = file; *p != '\0'; p++) { if(*p == '/' || *p == '\\') { basename = p + 1; } } mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); } /** * Certificate verification callback for mbed TLS * Here we only use it to display information on each cert in the chain */ static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) { const uint32_t buf_size = 1024; char *buf = new char[buf_size]; (void) data; mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); mbedtls_printf("%s", buf); if (*flags == 0) mbedtls_printf("No verification issue for this certificate\n"); else { mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); mbedtls_printf("%s\n", buf); } delete[] buf; return 0; } #endif /** * Receive callback for mbed TLS */ static int ssl_recv(void *ctx, unsigned char *buf, size_t len) { int recv = -1; TCPSocket *socket = static_cast<TCPSocket *>(ctx); recv = socket->recv(buf, len); if(NSAPI_ERROR_WOULD_BLOCK == recv){ return MBEDTLS_ERR_SSL_WANT_READ; }else if(recv < 0){ return -1; }else{ return recv; } } /** * Send callback for mbed TLS */ static int ssl_send(void *ctx, const unsigned char *buf, size_t len) { int size = -1; TCPSocket *socket = static_cast<TCPSocket *>(ctx); size = socket->send(buf, len); if(NSAPI_ERROR_WOULD_BLOCK == size){ return len; }else if(size < 0){ return -1; }else{ return size; } } void onError(TCPSocket *s, int error) { printf("MBED: Socket Error: %d\r\n", error); s->close(); _error = true; } protected: TCPSocket* _tcpsocket; const char *_domain; /**< The domain name of the HTTPS server */ const uint16_t _port; /**< The HTTPS server port */ char _buffer[RECV_BUFFER_SIZE]; /**< The response buffer */ size_t _bpos; /**< The current offset in the response buffer */ volatile bool _got200; /**< Status flag for HTTPS 200 */ volatile bool _gothello; /**< Status flag for finding the test string */ volatile bool _error; /**< Status flag for an error */ volatile bool _disconnected; volatile bool _request_sent; mbedtls_entropy_context _entropy; mbedtls_ctr_drbg_context _ctr_drbg; mbedtls_x509_crt _cacert; mbedtls_ssl_context _ssl; mbedtls_ssl_config _ssl_conf; }; /** * The main loop of the HTTPS Hello World test */ int main() { /* The default 9600 bps is too slow to print full TLS debug info and could * cause the other party to time out. */ /* Inititalise with DHCP, connect, and start up the stack */ EthernetInterface eth_iface; eth_iface.connect(); mbedtls_printf("Using Ethernet LWIP\r\n"); const char *ip_addr = eth_iface.get_ip_address(); if (ip_addr) { mbedtls_printf("Client IP Address is %s\r\n", ip_addr); } else { mbedtls_printf("No Client IP Address\r\n"); } HelloHTTPS *hello = new HelloHTTPS(HTTPS_SERVER_NAME, HTTPS_SERVER_PORT, ð_iface); hello->startTest(HTTPS_PATH); delete hello; }