http

Committer:
reeml3
Date:
Mon Apr 15 18:12:24 2019 +0000
Revision:
1:ce6ccd14af4c
Parent:
0:a49e37a83a7a
http

Who changed what in which revision?

UserRevisionLine numberNew contents of line
DuaaAbusharkh 0:a49e37a83a7a 1 /*
DuaaAbusharkh 0:a49e37a83a7a 2 * PackageLicenseDeclared: Apache-2.0
DuaaAbusharkh 0:a49e37a83a7a 3 * Copyright (c) 2017 ARM Limited
DuaaAbusharkh 0:a49e37a83a7a 4 *
DuaaAbusharkh 0:a49e37a83a7a 5 * Licensed under the Apache License, Version 2.0 (the "License");
DuaaAbusharkh 0:a49e37a83a7a 6 * you may not use this file except in compliance with the License.
DuaaAbusharkh 0:a49e37a83a7a 7 * You may obtain a copy of the License at
DuaaAbusharkh 0:a49e37a83a7a 8 *
DuaaAbusharkh 0:a49e37a83a7a 9 * http://www.apache.org/licenses/LICENSE-2.0
DuaaAbusharkh 0:a49e37a83a7a 10 *
DuaaAbusharkh 0:a49e37a83a7a 11 * Unless required by applicable law or agreed to in writing, software
DuaaAbusharkh 0:a49e37a83a7a 12 * distributed under the License is distributed on an "AS IS" BASIS,
DuaaAbusharkh 0:a49e37a83a7a 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
DuaaAbusharkh 0:a49e37a83a7a 14 * See the License for the specific language governing permissions and
DuaaAbusharkh 0:a49e37a83a7a 15 * limitations under the License.
DuaaAbusharkh 0:a49e37a83a7a 16 */
DuaaAbusharkh 0:a49e37a83a7a 17
DuaaAbusharkh 0:a49e37a83a7a 18 #ifndef _MBED_HTTPS_TLS_SOCKET_H_
DuaaAbusharkh 0:a49e37a83a7a 19 #define _MBED_HTTPS_TLS_SOCKET_H_
DuaaAbusharkh 0:a49e37a83a7a 20
DuaaAbusharkh 0:a49e37a83a7a 21 /* Change to a number between 1 and 4 to debug the TLS connection */
DuaaAbusharkh 0:a49e37a83a7a 22 #define DEBUG_LEVEL 0
DuaaAbusharkh 0:a49e37a83a7a 23
DuaaAbusharkh 0:a49e37a83a7a 24 #include <string>
DuaaAbusharkh 0:a49e37a83a7a 25 #include <vector>
DuaaAbusharkh 0:a49e37a83a7a 26 #include <map>
DuaaAbusharkh 0:a49e37a83a7a 27 #include "http_parser.h"
DuaaAbusharkh 0:a49e37a83a7a 28 #include "http_response.h"
DuaaAbusharkh 0:a49e37a83a7a 29 #include "http_request_builder.h"
DuaaAbusharkh 0:a49e37a83a7a 30 #include "http_request_parser.h"
DuaaAbusharkh 0:a49e37a83a7a 31 #include "http_parsed_url.h"
DuaaAbusharkh 0:a49e37a83a7a 32
DuaaAbusharkh 0:a49e37a83a7a 33 #include "mbedtls/platform.h"
DuaaAbusharkh 0:a49e37a83a7a 34 #include "mbedtls/ssl.h"
DuaaAbusharkh 0:a49e37a83a7a 35 #include "mbedtls/entropy.h"
DuaaAbusharkh 0:a49e37a83a7a 36 #include "mbedtls/ctr_drbg.h"
DuaaAbusharkh 0:a49e37a83a7a 37 #include "mbedtls/error.h"
DuaaAbusharkh 0:a49e37a83a7a 38
DuaaAbusharkh 0:a49e37a83a7a 39 #if DEBUG_LEVEL > 0
DuaaAbusharkh 0:a49e37a83a7a 40 #include "mbedtls/debug.h"
DuaaAbusharkh 0:a49e37a83a7a 41 #endif
DuaaAbusharkh 0:a49e37a83a7a 42
DuaaAbusharkh 0:a49e37a83a7a 43 /**
DuaaAbusharkh 0:a49e37a83a7a 44 * \brief TLSSocket a wrapper around TCPSocket for interacting with TLS servers
DuaaAbusharkh 0:a49e37a83a7a 45 */
DuaaAbusharkh 0:a49e37a83a7a 46 class TLSSocket {
DuaaAbusharkh 0:a49e37a83a7a 47 public:
DuaaAbusharkh 0:a49e37a83a7a 48 TLSSocket(NetworkInterface* net_iface, const char* hostname, uint16_t port, const char* ssl_ca_pem) {
DuaaAbusharkh 0:a49e37a83a7a 49 _tcpsocket = new TCPSocket(net_iface);
DuaaAbusharkh 0:a49e37a83a7a 50 _ssl_ca_pem = ssl_ca_pem;
DuaaAbusharkh 0:a49e37a83a7a 51 _is_connected = false;
DuaaAbusharkh 0:a49e37a83a7a 52 _debug = false;
DuaaAbusharkh 0:a49e37a83a7a 53 _hostname = hostname;
DuaaAbusharkh 0:a49e37a83a7a 54 _port = port;
DuaaAbusharkh 0:a49e37a83a7a 55 _error = 0;
DuaaAbusharkh 0:a49e37a83a7a 56
DuaaAbusharkh 0:a49e37a83a7a 57 DRBG_PERS = "mbed TLS helloword client";
DuaaAbusharkh 0:a49e37a83a7a 58
DuaaAbusharkh 0:a49e37a83a7a 59 mbedtls_entropy_init(&_entropy);
DuaaAbusharkh 0:a49e37a83a7a 60 mbedtls_ctr_drbg_init(&_ctr_drbg);
DuaaAbusharkh 0:a49e37a83a7a 61 mbedtls_x509_crt_init(&_cacert);
DuaaAbusharkh 0:a49e37a83a7a 62 mbedtls_ssl_init(&_ssl);
DuaaAbusharkh 0:a49e37a83a7a 63 mbedtls_ssl_config_init(&_ssl_conf);
DuaaAbusharkh 0:a49e37a83a7a 64 }
DuaaAbusharkh 0:a49e37a83a7a 65
DuaaAbusharkh 0:a49e37a83a7a 66 ~TLSSocket() {
DuaaAbusharkh 0:a49e37a83a7a 67 mbedtls_entropy_free(&_entropy);
DuaaAbusharkh 0:a49e37a83a7a 68 mbedtls_ctr_drbg_free(&_ctr_drbg);
DuaaAbusharkh 0:a49e37a83a7a 69 mbedtls_x509_crt_free(&_cacert);
DuaaAbusharkh 0:a49e37a83a7a 70 mbedtls_ssl_free(&_ssl);
DuaaAbusharkh 0:a49e37a83a7a 71 mbedtls_ssl_config_free(&_ssl_conf);
DuaaAbusharkh 0:a49e37a83a7a 72
DuaaAbusharkh 0:a49e37a83a7a 73 if (_tcpsocket) {
DuaaAbusharkh 0:a49e37a83a7a 74 _tcpsocket->close();
DuaaAbusharkh 0:a49e37a83a7a 75 delete _tcpsocket;
DuaaAbusharkh 0:a49e37a83a7a 76 }
DuaaAbusharkh 0:a49e37a83a7a 77
DuaaAbusharkh 0:a49e37a83a7a 78 // @todo: free DRBG_PERS ?
DuaaAbusharkh 0:a49e37a83a7a 79 }
DuaaAbusharkh 0:a49e37a83a7a 80
DuaaAbusharkh 0:a49e37a83a7a 81 nsapi_error_t connect() {
DuaaAbusharkh 0:a49e37a83a7a 82 /* Initialize the flags */
DuaaAbusharkh 0:a49e37a83a7a 83 /*
DuaaAbusharkh 0:a49e37a83a7a 84 * Initialize TLS-related stuf.
DuaaAbusharkh 0:a49e37a83a7a 85 */
DuaaAbusharkh 0:a49e37a83a7a 86 int ret;
DuaaAbusharkh 0:a49e37a83a7a 87 if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
DuaaAbusharkh 0:a49e37a83a7a 88 (const unsigned char *) DRBG_PERS,
DuaaAbusharkh 0:a49e37a83a7a 89 sizeof (DRBG_PERS))) != 0) {
DuaaAbusharkh 0:a49e37a83a7a 90 print_mbedtls_error("mbedtls_crt_drbg_init", ret);
DuaaAbusharkh 0:a49e37a83a7a 91 _error = ret;
DuaaAbusharkh 0:a49e37a83a7a 92 return _error;
DuaaAbusharkh 0:a49e37a83a7a 93 }
DuaaAbusharkh 0:a49e37a83a7a 94
DuaaAbusharkh 0:a49e37a83a7a 95 if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
DuaaAbusharkh 0:a49e37a83a7a 96 strlen(_ssl_ca_pem) + 1)) != 0) {
DuaaAbusharkh 0:a49e37a83a7a 97 print_mbedtls_error("mbedtls_x509_crt_parse", ret);
DuaaAbusharkh 0:a49e37a83a7a 98 _error = ret;
DuaaAbusharkh 0:a49e37a83a7a 99 return _error;
DuaaAbusharkh 0:a49e37a83a7a 100 }
DuaaAbusharkh 0:a49e37a83a7a 101
DuaaAbusharkh 0:a49e37a83a7a 102 if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
DuaaAbusharkh 0:a49e37a83a7a 103 MBEDTLS_SSL_IS_CLIENT,
DuaaAbusharkh 0:a49e37a83a7a 104 MBEDTLS_SSL_TRANSPORT_STREAM,
DuaaAbusharkh 0:a49e37a83a7a 105 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
DuaaAbusharkh 0:a49e37a83a7a 106 print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
DuaaAbusharkh 0:a49e37a83a7a 107 _error = ret;
DuaaAbusharkh 0:a49e37a83a7a 108 return _error;
DuaaAbusharkh 0:a49e37a83a7a 109 }
DuaaAbusharkh 0:a49e37a83a7a 110
DuaaAbusharkh 0:a49e37a83a7a 111 mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
DuaaAbusharkh 0:a49e37a83a7a 112 mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
DuaaAbusharkh 0:a49e37a83a7a 113
DuaaAbusharkh 0:a49e37a83a7a 114 /* It is possible to disable authentication by passing
DuaaAbusharkh 0:a49e37a83a7a 115 * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
DuaaAbusharkh 0:a49e37a83a7a 116 */
DuaaAbusharkh 0:a49e37a83a7a 117 mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
DuaaAbusharkh 0:a49e37a83a7a 118
DuaaAbusharkh 0:a49e37a83a7a 119 #if DEBUG_LEVEL > 0
DuaaAbusharkh 0:a49e37a83a7a 120 mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
DuaaAbusharkh 0:a49e37a83a7a 121 mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
DuaaAbusharkh 0:a49e37a83a7a 122 mbedtls_debug_set_threshold(DEBUG_LEVEL);
DuaaAbusharkh 0:a49e37a83a7a 123 #endif
DuaaAbusharkh 0:a49e37a83a7a 124
DuaaAbusharkh 0:a49e37a83a7a 125 if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
DuaaAbusharkh 0:a49e37a83a7a 126 print_mbedtls_error("mbedtls_ssl_setup", ret);
DuaaAbusharkh 0:a49e37a83a7a 127 _error = ret;
DuaaAbusharkh 0:a49e37a83a7a 128 return _error;
DuaaAbusharkh 0:a49e37a83a7a 129 }
DuaaAbusharkh 0:a49e37a83a7a 130
DuaaAbusharkh 0:a49e37a83a7a 131 mbedtls_ssl_set_hostname(&_ssl, _hostname);
DuaaAbusharkh 0:a49e37a83a7a 132
DuaaAbusharkh 0:a49e37a83a7a 133 mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
DuaaAbusharkh 0:a49e37a83a7a 134 ssl_send, ssl_recv, NULL );
DuaaAbusharkh 0:a49e37a83a7a 135
DuaaAbusharkh 0:a49e37a83a7a 136 /* Connect to the server */
DuaaAbusharkh 0:a49e37a83a7a 137 if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _hostname, _port);
DuaaAbusharkh 0:a49e37a83a7a 138 ret = _tcpsocket->connect(_hostname, _port);
DuaaAbusharkh 0:a49e37a83a7a 139 if (ret != NSAPI_ERROR_OK) {
DuaaAbusharkh 0:a49e37a83a7a 140 if (_debug) mbedtls_printf("Failed to connect\r\n");
DuaaAbusharkh 0:a49e37a83a7a 141 onError(_tcpsocket, -1);
DuaaAbusharkh 0:a49e37a83a7a 142 return _error;
DuaaAbusharkh 0:a49e37a83a7a 143 }
DuaaAbusharkh 0:a49e37a83a7a 144
DuaaAbusharkh 0:a49e37a83a7a 145 /* Start the handshake, the rest will be done in onReceive() */
DuaaAbusharkh 0:a49e37a83a7a 146 if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
DuaaAbusharkh 0:a49e37a83a7a 147 ret = mbedtls_ssl_handshake(&_ssl);
DuaaAbusharkh 0:a49e37a83a7a 148 if (ret < 0) {
DuaaAbusharkh 0:a49e37a83a7a 149 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
DuaaAbusharkh 0:a49e37a83a7a 150 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
DuaaAbusharkh 0:a49e37a83a7a 151 print_mbedtls_error("mbedtls_ssl_handshake", ret);
DuaaAbusharkh 0:a49e37a83a7a 152 onError(_tcpsocket, -1);
DuaaAbusharkh 0:a49e37a83a7a 153 }
DuaaAbusharkh 0:a49e37a83a7a 154 else {
DuaaAbusharkh 0:a49e37a83a7a 155 _error = ret;
DuaaAbusharkh 0:a49e37a83a7a 156 }
DuaaAbusharkh 0:a49e37a83a7a 157 return _error;
DuaaAbusharkh 0:a49e37a83a7a 158 }
DuaaAbusharkh 0:a49e37a83a7a 159
DuaaAbusharkh 0:a49e37a83a7a 160 /* It also means the handshake is done, time to print info */
DuaaAbusharkh 0:a49e37a83a7a 161 if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _hostname, _port);
DuaaAbusharkh 0:a49e37a83a7a 162
DuaaAbusharkh 0:a49e37a83a7a 163 const uint32_t buf_size = 1024;
DuaaAbusharkh 0:a49e37a83a7a 164 char *buf = new char[buf_size];
DuaaAbusharkh 0:a49e37a83a7a 165 mbedtls_x509_crt_info(buf, buf_size, "\r ",
DuaaAbusharkh 0:a49e37a83a7a 166 mbedtls_ssl_get_peer_cert(&_ssl));
DuaaAbusharkh 0:a49e37a83a7a 167 if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
DuaaAbusharkh 0:a49e37a83a7a 168
DuaaAbusharkh 0:a49e37a83a7a 169 uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
DuaaAbusharkh 0:a49e37a83a7a 170 if( flags != 0 )
DuaaAbusharkh 0:a49e37a83a7a 171 {
DuaaAbusharkh 0:a49e37a83a7a 172 mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
DuaaAbusharkh 0:a49e37a83a7a 173 if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
DuaaAbusharkh 0:a49e37a83a7a 174 }
DuaaAbusharkh 0:a49e37a83a7a 175 else {
DuaaAbusharkh 0:a49e37a83a7a 176 if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
DuaaAbusharkh 0:a49e37a83a7a 177 }
DuaaAbusharkh 0:a49e37a83a7a 178
DuaaAbusharkh 0:a49e37a83a7a 179 _is_connected = true;
DuaaAbusharkh 0:a49e37a83a7a 180
DuaaAbusharkh 0:a49e37a83a7a 181 return 0;
DuaaAbusharkh 0:a49e37a83a7a 182 }
DuaaAbusharkh 0:a49e37a83a7a 183
DuaaAbusharkh 0:a49e37a83a7a 184 bool connected() {
DuaaAbusharkh 0:a49e37a83a7a 185 return _is_connected;
DuaaAbusharkh 0:a49e37a83a7a 186 }
DuaaAbusharkh 0:a49e37a83a7a 187
DuaaAbusharkh 0:a49e37a83a7a 188 nsapi_error_t error() {
DuaaAbusharkh 0:a49e37a83a7a 189 return _error;
DuaaAbusharkh 0:a49e37a83a7a 190 }
DuaaAbusharkh 0:a49e37a83a7a 191
DuaaAbusharkh 0:a49e37a83a7a 192 TCPSocket* get_tcp_socket() {
DuaaAbusharkh 0:a49e37a83a7a 193 return _tcpsocket;
DuaaAbusharkh 0:a49e37a83a7a 194 }
DuaaAbusharkh 0:a49e37a83a7a 195
DuaaAbusharkh 0:a49e37a83a7a 196 mbedtls_ssl_context* get_ssl_context() {
DuaaAbusharkh 0:a49e37a83a7a 197 return &_ssl;
DuaaAbusharkh 0:a49e37a83a7a 198 }
DuaaAbusharkh 0:a49e37a83a7a 199
DuaaAbusharkh 0:a49e37a83a7a 200 /**
DuaaAbusharkh 0:a49e37a83a7a 201 * Set the debug flag.
DuaaAbusharkh 0:a49e37a83a7a 202 *
DuaaAbusharkh 0:a49e37a83a7a 203 * If this flag is set, debug information from mbed TLS will be logged to stdout.
DuaaAbusharkh 0:a49e37a83a7a 204 */
DuaaAbusharkh 0:a49e37a83a7a 205 void set_debug(bool debug) {
DuaaAbusharkh 0:a49e37a83a7a 206 _debug = debug;
DuaaAbusharkh 0:a49e37a83a7a 207 }
DuaaAbusharkh 0:a49e37a83a7a 208
DuaaAbusharkh 0:a49e37a83a7a 209 protected:
DuaaAbusharkh 0:a49e37a83a7a 210 /**
DuaaAbusharkh 0:a49e37a83a7a 211 * Helper for pretty-printing mbed TLS error codes
DuaaAbusharkh 0:a49e37a83a7a 212 */
DuaaAbusharkh 0:a49e37a83a7a 213 static void print_mbedtls_error(const char *name, int err) {
DuaaAbusharkh 0:a49e37a83a7a 214 char buf[128];
DuaaAbusharkh 0:a49e37a83a7a 215 mbedtls_strerror(err, buf, sizeof (buf));
DuaaAbusharkh 0:a49e37a83a7a 216 mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf);
DuaaAbusharkh 0:a49e37a83a7a 217 }
DuaaAbusharkh 0:a49e37a83a7a 218
DuaaAbusharkh 0:a49e37a83a7a 219 #if DEBUG_LEVEL > 0
DuaaAbusharkh 0:a49e37a83a7a 220 /**
DuaaAbusharkh 0:a49e37a83a7a 221 * Debug callback for mbed TLS
DuaaAbusharkh 0:a49e37a83a7a 222 * Just prints on the USB serial port
DuaaAbusharkh 0:a49e37a83a7a 223 */
DuaaAbusharkh 0:a49e37a83a7a 224 static void my_debug(void *ctx, int level, const char *file, int line,
DuaaAbusharkh 0:a49e37a83a7a 225 const char *str)
DuaaAbusharkh 0:a49e37a83a7a 226 {
DuaaAbusharkh 0:a49e37a83a7a 227 const char *p, *basename;
DuaaAbusharkh 0:a49e37a83a7a 228 (void) ctx;
DuaaAbusharkh 0:a49e37a83a7a 229
DuaaAbusharkh 0:a49e37a83a7a 230 /* Extract basename from file */
DuaaAbusharkh 0:a49e37a83a7a 231 for(p = basename = file; *p != '\0'; p++) {
DuaaAbusharkh 0:a49e37a83a7a 232 if(*p == '/' || *p == '\\') {
DuaaAbusharkh 0:a49e37a83a7a 233 basename = p + 1;
DuaaAbusharkh 0:a49e37a83a7a 234 }
DuaaAbusharkh 0:a49e37a83a7a 235 }
DuaaAbusharkh 0:a49e37a83a7a 236
DuaaAbusharkh 0:a49e37a83a7a 237 if (_debug) {
DuaaAbusharkh 0:a49e37a83a7a 238 mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
DuaaAbusharkh 0:a49e37a83a7a 239 }
DuaaAbusharkh 0:a49e37a83a7a 240 }
DuaaAbusharkh 0:a49e37a83a7a 241
DuaaAbusharkh 0:a49e37a83a7a 242 /**
DuaaAbusharkh 0:a49e37a83a7a 243 * Certificate verification callback for mbed TLS
DuaaAbusharkh 0:a49e37a83a7a 244 * Here we only use it to display information on each cert in the chain
DuaaAbusharkh 0:a49e37a83a7a 245 */
DuaaAbusharkh 0:a49e37a83a7a 246 static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
DuaaAbusharkh 0:a49e37a83a7a 247 {
DuaaAbusharkh 0:a49e37a83a7a 248 const uint32_t buf_size = 1024;
DuaaAbusharkh 0:a49e37a83a7a 249 char *buf = new char[buf_size];
DuaaAbusharkh 0:a49e37a83a7a 250 (void) data;
DuaaAbusharkh 0:a49e37a83a7a 251
DuaaAbusharkh 0:a49e37a83a7a 252 if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
DuaaAbusharkh 0:a49e37a83a7a 253 mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
DuaaAbusharkh 0:a49e37a83a7a 254 if (_debug) mbedtls_printf("%s", buf);
DuaaAbusharkh 0:a49e37a83a7a 255
DuaaAbusharkh 0:a49e37a83a7a 256 if (*flags == 0)
DuaaAbusharkh 0:a49e37a83a7a 257 if (_debug) mbedtls_printf("No verification issue for this certificate\n");
DuaaAbusharkh 0:a49e37a83a7a 258 else
DuaaAbusharkh 0:a49e37a83a7a 259 {
DuaaAbusharkh 0:a49e37a83a7a 260 mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
DuaaAbusharkh 0:a49e37a83a7a 261 if (_debug) mbedtls_printf("%s\n", buf);
DuaaAbusharkh 0:a49e37a83a7a 262 }
DuaaAbusharkh 0:a49e37a83a7a 263
DuaaAbusharkh 0:a49e37a83a7a 264 delete[] buf;
DuaaAbusharkh 0:a49e37a83a7a 265 return 0;
DuaaAbusharkh 0:a49e37a83a7a 266 }
DuaaAbusharkh 0:a49e37a83a7a 267 #endif
DuaaAbusharkh 0:a49e37a83a7a 268
DuaaAbusharkh 0:a49e37a83a7a 269 /**
DuaaAbusharkh 0:a49e37a83a7a 270 * Receive callback for mbed TLS
DuaaAbusharkh 0:a49e37a83a7a 271 */
DuaaAbusharkh 0:a49e37a83a7a 272 static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
DuaaAbusharkh 0:a49e37a83a7a 273 int recv = -1;
DuaaAbusharkh 0:a49e37a83a7a 274 TCPSocket *socket = static_cast<TCPSocket *>(ctx);
DuaaAbusharkh 0:a49e37a83a7a 275 recv = socket->recv(buf, len);
DuaaAbusharkh 0:a49e37a83a7a 276
DuaaAbusharkh 0:a49e37a83a7a 277 if (NSAPI_ERROR_WOULD_BLOCK == recv) {
DuaaAbusharkh 0:a49e37a83a7a 278 return MBEDTLS_ERR_SSL_WANT_READ;
DuaaAbusharkh 0:a49e37a83a7a 279 }
DuaaAbusharkh 0:a49e37a83a7a 280 else if (recv < 0) {
DuaaAbusharkh 0:a49e37a83a7a 281 return -1;
DuaaAbusharkh 0:a49e37a83a7a 282 }
DuaaAbusharkh 0:a49e37a83a7a 283 else {
DuaaAbusharkh 0:a49e37a83a7a 284 return recv;
DuaaAbusharkh 0:a49e37a83a7a 285 }
DuaaAbusharkh 0:a49e37a83a7a 286 }
DuaaAbusharkh 0:a49e37a83a7a 287
DuaaAbusharkh 0:a49e37a83a7a 288 /**
DuaaAbusharkh 0:a49e37a83a7a 289 * Send callback for mbed TLS
DuaaAbusharkh 0:a49e37a83a7a 290 */
DuaaAbusharkh 0:a49e37a83a7a 291 static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
DuaaAbusharkh 0:a49e37a83a7a 292 int size = -1;
DuaaAbusharkh 0:a49e37a83a7a 293 TCPSocket *socket = static_cast<TCPSocket *>(ctx);
DuaaAbusharkh 0:a49e37a83a7a 294 size = socket->send(buf, len);
DuaaAbusharkh 0:a49e37a83a7a 295
DuaaAbusharkh 0:a49e37a83a7a 296 if(NSAPI_ERROR_WOULD_BLOCK == size) {
DuaaAbusharkh 0:a49e37a83a7a 297 return len;
DuaaAbusharkh 0:a49e37a83a7a 298 }
DuaaAbusharkh 0:a49e37a83a7a 299 else if (size < 0){
DuaaAbusharkh 0:a49e37a83a7a 300 return -1;
DuaaAbusharkh 0:a49e37a83a7a 301 }
DuaaAbusharkh 0:a49e37a83a7a 302 else {
DuaaAbusharkh 0:a49e37a83a7a 303 return size;
DuaaAbusharkh 0:a49e37a83a7a 304 }
DuaaAbusharkh 0:a49e37a83a7a 305 }
DuaaAbusharkh 0:a49e37a83a7a 306
DuaaAbusharkh 0:a49e37a83a7a 307 private:
DuaaAbusharkh 0:a49e37a83a7a 308 void onError(TCPSocket *s, int error) {
DuaaAbusharkh 0:a49e37a83a7a 309 s->close();
DuaaAbusharkh 0:a49e37a83a7a 310 _error = error;
DuaaAbusharkh 0:a49e37a83a7a 311 }
DuaaAbusharkh 0:a49e37a83a7a 312
DuaaAbusharkh 0:a49e37a83a7a 313 TCPSocket* _tcpsocket;
DuaaAbusharkh 0:a49e37a83a7a 314
DuaaAbusharkh 0:a49e37a83a7a 315 const char* DRBG_PERS;
DuaaAbusharkh 0:a49e37a83a7a 316 const char* _ssl_ca_pem;
DuaaAbusharkh 0:a49e37a83a7a 317 const char* _hostname;
DuaaAbusharkh 0:a49e37a83a7a 318 uint16_t _port;
DuaaAbusharkh 0:a49e37a83a7a 319
DuaaAbusharkh 0:a49e37a83a7a 320 bool _debug;
DuaaAbusharkh 0:a49e37a83a7a 321 bool _is_connected;
DuaaAbusharkh 0:a49e37a83a7a 322
DuaaAbusharkh 0:a49e37a83a7a 323 nsapi_error_t _error;
DuaaAbusharkh 0:a49e37a83a7a 324
DuaaAbusharkh 0:a49e37a83a7a 325 mbedtls_entropy_context _entropy;
DuaaAbusharkh 0:a49e37a83a7a 326 mbedtls_ctr_drbg_context _ctr_drbg;
DuaaAbusharkh 0:a49e37a83a7a 327 mbedtls_x509_crt _cacert;
DuaaAbusharkh 0:a49e37a83a7a 328 mbedtls_ssl_context _ssl;
DuaaAbusharkh 0:a49e37a83a7a 329 mbedtls_ssl_config _ssl_conf;
DuaaAbusharkh 0:a49e37a83a7a 330 };
DuaaAbusharkh 0:a49e37a83a7a 331
DuaaAbusharkh 0:a49e37a83a7a 332 #endif // _MBED_HTTPS_TLS_SOCKET_H_