v1.4.5 to Sync with SSLClient v1.6.11

### Releases v1.4.5 1. Sync with [SSLClient v1.6.11](https://github.com/OPEnSLab-OSU/SSLClient/releases/tag/v1.6.11). Check [Pull in OPEnSLab-OSU's SSLClient v1.6.11 #17](khoih-prog/EthernetWebServer_SSL#17) 2. Add example [AWS_IoT](examples/AWS_IoT)
khoih-prog · Mar 29, 2022 · 4cf3c14 · 4cf3c14
1 parent 3ece79e
commit 4cf3c14
Show file tree

Hide file tree

Showing 14 changed files with 461 additions and 46 deletions.
diff --git a/examples/AWS_IoT/AWS_IoT.ino b/examples/AWS_IoT/AWS_IoT.ino
@@ -0,0 +1,196 @@
+/****************************************************************************************************************************
+  AWS IoT.ino - Dead simple SSL MQTT Client for Ethernet shields
+
+  For STM32F/L/H/G/WB/MP1 with built-in Ethernet LAN8742A (Nucleo-144, DISCOVERY, etc) or W5x00/ENC28J60 shield/module
+  
+  EthernetWebServer_SSL_STM32 is a library for STM32 using the Ethernet shields to run WebServer and Client with/without SSL
+
+  Use SSLClient Library code from https://github.com/OPEnSLab-OSU/SSLClient
+  
+  Built by Khoi Hoang https://github.com/khoih-prog/EthernetWebServer_SSL_STM32
+ *****************************************************************************************************************************/
+
+/*
+  Connect to AWS IOT using SSLClient and Wiz850io Ethernet Mdoule
+   AWS_Root_CA.h is the trust anchor created using the Root CA from:
+   https://www.amazontrust.com/repository/AmazonRootCA1.pem
+   You can re-create it again using the python file present
+   in SSLClient/tools/pycert_bearssl/pycert_bearssl.py
+   python pycert_bearssl.py convert --no-search <certificate PEM file>
+   refer: https://github.com/OPEnSLab-OSU/SSLClient/issues/17#issuecomment-700143405
+
+  created 10 October 2020
+  by Ram Rohit Gannavarapu
+*/
+
+#include "defines.h"
+
+#include <PubSubClient.h>
+
+#include "AWS_Root_CA.h" // This file is created using AmazonRootCA1.pem from https://www.amazontrust.com/repository/AmazonRootCA1.pem
+
+#define THING_NAME          "<Thing_Name>"
+#define MQTT_PACKET_SIZE    1024
+
+void MQTTPublish(const char *topic, char *payload);
+void updateThing();
+
+const char my_cert[] =
+  "-----BEGIN CERTIFICATE-----\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "-----END CERTIFICATE-----\n";
+
+const char my_key[] =
+  "-----BEGIN RSA PRIVATE KEY-----\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" \
+  "-----END RSA PRIVATE KEY-----\n";
+
+SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof my_cert, my_key, sizeof my_key);
+
+const char* mqttServer = "xxxxxxxxxxxx-ats.iot.us-east-1.amazonaws.com";
+const char publishShadowUpdate[] = "$aws/things/" THING_NAME "/shadow/update";
+char publishPayload[MQTT_PACKET_SIZE];
+
+const char *subscribeTopic[5] =
+{
+  String("$aws/things/" THING_NAME "/shadow/update/accepted").c_str(),
+  String("$aws/things/" THING_NAME "/shadow/update/rejected").c_str(),
+  String("$aws/things/" THING_NAME "/shadow/update/delta").c_str(),
+  String("$aws/things/" THING_NAME "/shadow/get/accepted").c_str(),
+  String("$aws/things/" THING_NAME "/shadow/get/rejected").c_str()
+};
+
+void callback(char* topic, byte* payload, unsigned int length)
+{
+  Serial.print("Message arrived [");
+  Serial.print(topic);
+  Serial.print("] ");
+
+  for ( uint16_t i = 0; i < length; i++)
+  {
+    Serial.print((char)payload[i]);
+  }
+
+  Serial.println();
+}
+
+
+EthernetClient ethClient;
+EthernetSSLClient ethClientSSL(ethClient, TAs, (size_t)TAs_NUM, 1);
+PubSubClient mqtt(mqttServer, 8883, callback, ethClientSSL);
+
+void reconnect()
+{
+  while (!mqtt.connected())
+  {
+    Serial.print("Attempting MQTT connection...");
+
+    if (mqtt.connect("arduinoClient"))
+    {
+      Serial.println("connected");
+
+      for (int i = 0; i < 5; i++)
+      {
+        //Serial.println(subscribeTopic[i]);
+        mqtt.subscribe(subscribeTopic[i]);
+      }
+
+      Serial.println("Started updateThing ");
+      updateThing();
+      Serial.println("Done updateThing ");
+    }
+    else
+    {
+      Serial.print("failed, rc=");
+      Serial.print(mqtt.state());
+      Serial.println(" try again in 5 seconds");
+      delay(5000);
+    }
+  }
+}
+
+void updateThing()
+{
+  strcpy(publishPayload, "{\"state\": {\"reported\": {\"powerState\":\"ON\"}}}");
+  MQTTPublish(publishShadowUpdate, publishPayload);
+}
+
+void MQTTPublish(const char *topic, char *payload)
+{
+  mqtt.publish(topic, payload);
+  Serial.print("Published [");
+  Serial.print(topic);
+  Serial.print("] ");
+  Serial.println(payload);
+}
+
+void setup()
+{
+  // Open serial communications and wait for port to open:
+  Serial.begin(115200);
+  while (!Serial);
+
+  Serial.print("\nStart AWS_IoT on "); Serial.print(BOARD_NAME);
+  Serial.print(" with "); Serial.println(SHIELD_TYPE);
+  Serial.println(ETHERNET_WEBSERVER_SSL_STM32_VERSION);
+
+  // Enable mutual TLS with SSLClient
+  ethClientSSL.setMutualAuthParams(mTLS);
+
+  ET_LOGWARN3(F("Board :"), BOARD_NAME, F(", setCsPin:"), USE_THIS_SS_PIN);
+
+  ET_LOGWARN(F("Default SPI pinout:"));
+  ET_LOGWARN1(F("MOSI:"), MOSI);
+  ET_LOGWARN1(F("MISO:"), MISO);
+  ET_LOGWARN1(F("SCK:"),  SCK);
+  ET_LOGWARN1(F("SS:"),   SS);
+  ET_LOGWARN(F("========================="));
+
+  #if !(USE_BUILTIN_ETHERNET || USE_UIP_ETHERNET)
+    // For other boards, to change if necessary
+    #if ( USE_ETHERNET || USE_ETHERNET_LARGE || USE_ETHERNET2  || USE_ETHERNET_ENC )
+      // Must use library patch for Ethernet, Ethernet2, EthernetLarge libraries
+      Ethernet.init (USE_THIS_SS_PIN);
+
+    #elif USE_ETHERNET3
+      // Use  MAX_SOCK_NUM = 4 for 4K, 2 for 8K, 1 for 16K RX/TX buffer
+      #ifndef ETHERNET3_MAX_SOCK_NUM
+        #define ETHERNET3_MAX_SOCK_NUM      4
+      #endif
+
+      Ethernet.setCsPin (USE_THIS_SS_PIN);
+      Ethernet.init (ETHERNET3_MAX_SOCK_NUM);
+
+    #elif USE_CUSTOM_ETHERNET
+      // You have to add initialization for your Custom Ethernet here
+      // This is just an example to setCSPin to USE_THIS_SS_PIN, and can be not correct and enough
+      //Ethernet.init(USE_THIS_SS_PIN);
+
+    #endif  //( ( USE_ETHERNET || USE_ETHERNET_LARGE || USE_ETHERNET2  || USE_ETHERNET_ENC )
+  #endif
+
+  // start the ethernet connection and the server:
+  // Use DHCP dynamic IP and random mac
+  uint16_t index = millis() % NUMBER_OF_MAC;
+  // Use Static IP
+  //Ethernet.begin(mac[index], ip);
+  Ethernet.begin(mac[index]);
+
+  // you're connected now, so print out the data
+  Serial.print(F("You're connected to the network, IP = "));
+  Serial.println(Ethernet.localIP());
+}
+
+void loop()
+{
+  if (!mqtt.connected())
+  {
+    reconnect();
+  }
+
+  mqtt.loop();
+}
diff --git a/examples/AWS_IoT/AWS_Root_CA.h b/examples/AWS_IoT/AWS_Root_CA.h
@@ -0,0 +1,80 @@
+#ifndef _CERTIFICATES_H_
+#define _CERTIFICATES_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/* This file is auto-generated by the pycert_bearssl tool.  Do not change it manually.
+   Certificates are BearSSL br_x509_trust_anchor format.  Included certs:
+
+   Index:    0
+   Label:    Amazon Root CA 1
+   Subject:  CN=Amazon Root CA 1,O=Amazon,C=US
+*/
+
+#define TAs_NUM 1
+
+static const unsigned char TA_DN0[] =
+{
+  0x30, 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+  0x02, 0x55, 0x53, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a,
+  0x13, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x19, 0x30, 0x17,
+  0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x41, 0x6d, 0x61, 0x7a, 0x6f,
+  0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x31,
+};
+
+static const unsigned char TA_RSA_N0[] =
+{
+  0xb2, 0x78, 0x80, 0x71, 0xca, 0x78, 0xd5, 0xe3, 0x71, 0xaf, 0x47, 0x80,
+  0x50, 0x74, 0x7d, 0x6e, 0xd8, 0xd7, 0x88, 0x76, 0xf4, 0x99, 0x68, 0xf7,
+  0x58, 0x21, 0x60, 0xf9, 0x74, 0x84, 0x01, 0x2f, 0xac, 0x02, 0x2d, 0x86,
+  0xd3, 0xa0, 0x43, 0x7a, 0x4e, 0xb2, 0xa4, 0xd0, 0x36, 0xba, 0x01, 0xbe,
+  0x8d, 0xdb, 0x48, 0xc8, 0x07, 0x17, 0x36, 0x4c, 0xf4, 0xee, 0x88, 0x23,
+  0xc7, 0x3e, 0xeb, 0x37, 0xf5, 0xb5, 0x19, 0xf8, 0x49, 0x68, 0xb0, 0xde,
+  0xd7, 0xb9, 0x76, 0x38, 0x1d, 0x61, 0x9e, 0xa4, 0xfe, 0x82, 0x36, 0xa5,
+  0xe5, 0x4a, 0x56, 0xe4, 0x45, 0xe1, 0xf9, 0xfd, 0xb4, 0x16, 0xfa, 0x74,
+  0xda, 0x9c, 0x9b, 0x35, 0x39, 0x2f, 0xfa, 0xb0, 0x20, 0x50, 0x06, 0x6c,
+  0x7a, 0xd0, 0x80, 0xb2, 0xa6, 0xf9, 0xaf, 0xec, 0x47, 0x19, 0x8f, 0x50,
+  0x38, 0x07, 0xdc, 0xa2, 0x87, 0x39, 0x58, 0xf8, 0xba, 0xd5, 0xa9, 0xf9,
+  0x48, 0x67, 0x30, 0x96, 0xee, 0x94, 0x78, 0x5e, 0x6f, 0x89, 0xa3, 0x51,
+  0xc0, 0x30, 0x86, 0x66, 0xa1, 0x45, 0x66, 0xba, 0x54, 0xeb, 0xa3, 0xc3,
+  0x91, 0xf9, 0x48, 0xdc, 0xff, 0xd1, 0xe8, 0x30, 0x2d, 0x7d, 0x2d, 0x74,
+  0x70, 0x35, 0xd7, 0x88, 0x24, 0xf7, 0x9e, 0xc4, 0x59, 0x6e, 0xbb, 0x73,
+  0x87, 0x17, 0xf2, 0x32, 0x46, 0x28, 0xb8, 0x43, 0xfa, 0xb7, 0x1d, 0xaa,
+  0xca, 0xb4, 0xf2, 0x9f, 0x24, 0x0e, 0x2d, 0x4b, 0xf7, 0x71, 0x5c, 0x5e,
+  0x69, 0xff, 0xea, 0x95, 0x02, 0xcb, 0x38, 0x8a, 0xae, 0x50, 0x38, 0x6f,
+  0xdb, 0xfb, 0x2d, 0x62, 0x1b, 0xc5, 0xc7, 0x1e, 0x54, 0xe1, 0x77, 0xe0,
+  0x67, 0xc8, 0x0f, 0x9c, 0x87, 0x23, 0xd6, 0x3f, 0x40, 0x20, 0x7f, 0x20,
+  0x80, 0xc4, 0x80, 0x4c, 0x3e, 0x3b, 0x24, 0x26, 0x8e, 0x04, 0xae, 0x6c,
+  0x9a, 0xc8, 0xaa, 0x0d,
+};
+
+static const unsigned char TA_RSA_E0[] =
+{
+  0x01, 0x00, 0x01,
+};
+
+static const br_x509_trust_anchor TAs[] =
+{
+  {
+    { (unsigned char *)TA_DN0, sizeof TA_DN0 },
+    BR_X509_TA_CA,
+    {
+      BR_KEYTYPE_RSA,
+      { .rsa =
+        {
+          (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
+          (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
+        }
+      }
+    }
+  },
+};
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* ifndef _CERTIFICATES_H_ */