diff --git a/ESPFirewall/.gitignore b/ESPFirewall/.gitignore index 854df6a..5571465 100644 --- a/ESPFirewall/.gitignore +++ b/ESPFirewall/.gitignore @@ -2,4 +2,5 @@ .vscode lib/esp32_https_server/ -include/theSecrets.h \ No newline at end of file +include/theSecrets.h +include/theCerts.h \ No newline at end of file diff --git a/ESPFirewall/include/theCerts-example.h b/ESPFirewall/include/theCerts-example.h new file mode 100644 index 0000000..7103257 --- /dev/null +++ b/ESPFirewall/include/theCerts-example.h @@ -0,0 +1,59 @@ +#ifndef THECERTS_H +#define THECERTS_H + +#include "pgmspace.h" + +const char serverCert[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx +EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w +HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX +DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh +dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y +X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj +oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI +t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO +S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy ++O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM +E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb +fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC +JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m ++TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA +5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg== +-----END CERTIFICATE----- +)EOF"; + +const char serverKey[] PROGMEM = R"EOF( +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI +IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z +uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf +zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+ +ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh +BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8 +djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T +yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M +q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr +eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN +d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn +geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y +84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx +/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim +RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu +DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg +rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW +YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK +iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X +jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ +zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV +kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt +/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO +j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg +gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk= +-----END RSA PRIVATE KEY----- +)EOF"; + +#endif diff --git a/ESPFirewall/include/theSecrets-example.h b/ESPFirewall/include/theSecrets-example.h index 1746311..9ae7cdd 100644 --- a/ESPFirewall/include/theSecrets-example.h +++ b/ESPFirewall/include/theSecrets-example.h @@ -3,7 +3,7 @@ const char *ssid = "Wifi"; const char *psk = "password"; -const char *api_username = "username"; -const char *api_password = "password"; +const char *username = "username"; +const char *password = "password"; #endif diff --git a/ESPFirewall/lib/Firewall/src/API.cpp b/ESPFirewall/lib/Firewall/src/API.cpp index 1510dcc..33abe6e 100644 --- a/ESPFirewall/lib/Firewall/src/API.cpp +++ b/ESPFirewall/lib/Firewall/src/API.cpp @@ -2,7 +2,7 @@ namespace fw { - API::API(const char *username, const char *password, const uint16_t port) + API::API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port) { if (this->setup_auth(username, password) == ERROR) endless_loop(); @@ -12,14 +12,16 @@ namespace fw this->server = new ESP8266WebServerSecure(port); this->serverCache = new ServerSessions(5); #endif - this->setup_routing(); - Serial.println("Starting server..."); + this->setup_routing(cert, key); + Serial.printf("Starting server on port %i...\n", port); this->server->begin(); } API::~API() { + this->server->stop(); } + void API::handle_client() { this->server->handleClient(); @@ -55,10 +57,10 @@ namespace fw } } - void API::setup_routing() + void API::setup_routing(const char *cert, const char *key) { #ifdef ESP8266 - this->server->getServer().setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey)); + this->server->getServer().setRSACert(new BearSSL::X509List(cert), new BearSSL::PrivateKey(key)); this->server->getServer().setCache(serverCache); #endif this->server->on(UriRegex("/api/v1/firewall/([0-9]+)"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this)); diff --git a/ESPFirewall/lib/Firewall/src/API.hpp b/ESPFirewall/lib/Firewall/src/API.hpp index b9d066f..caf3394 100644 --- a/ESPFirewall/lib/Firewall/src/API.hpp +++ b/ESPFirewall/lib/Firewall/src/API.hpp @@ -4,7 +4,6 @@ #ifdef ESP32 #include "WebServer.h" #elif defined(ESP8266) -#include "ESP8266WebServer.h" #include "ESP8266WebServerSecure.h" #endif @@ -13,59 +12,6 @@ #include "Rules.hpp" #include "Utils.hpp" -static const char serverCert[] PROGMEM = R"EOF( ------BEGIN CERTIFICATE----- -MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx -EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w -HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX -DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh -dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y -X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj -oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI -t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO -S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy -+O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq -hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM -E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb -fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC -JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m -+TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA -5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg== ------END CERTIFICATE----- -)EOF"; - -static const char serverKey[] PROGMEM = R"EOF( ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI -IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z -uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf -zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+ -ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh -BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8 -djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T -yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M -q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr -eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN -d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn -geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y -84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx -/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim -RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu -DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg -rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW -YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK -iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X -jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ -zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV -kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt -/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO -j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg -gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk= ------END RSA PRIVATE KEY----- -)EOF"; - namespace fw { class API : public Rules @@ -82,7 +28,7 @@ namespace fw ok_t setup_auth(const char *, const char *); auth_t check_auth(); - void setup_routing(); + void setup_routing(const char *, const char *); void get_firewall_rule_handler(); void get_firewall_rules_handler(); void post_firewall_handler(); @@ -101,7 +47,7 @@ namespace fw void handle_client(); public: - API(const char *, const char *, const uint16_t); + API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port); ~API(); }; } diff --git a/ESPFirewall/lib/Firewall/src/Firewall.hpp b/ESPFirewall/lib/Firewall/src/Firewall.hpp index 99e3174..7a4bbe6 100644 --- a/ESPFirewall/lib/Firewall/src/Firewall.hpp +++ b/ESPFirewall/lib/Firewall/src/Firewall.hpp @@ -9,12 +9,13 @@ namespace fw { private: public: - Firewall(const char *, const char *, const uint16_t = 8080); + Firewall(const char *, const char *, const char *, const char *, const uint16_t = 8080); ~Firewall(); void handle_api_client(); }; - Firewall::Firewall(const char *api_username, const char *api_password, const uint16_t port) : API(api_username, api_password, port) {} + Firewall::Firewall(const char *cert, const char *key, const char *username, const char *password, const uint16_t port) + : API(cert, key, username, password, port) {} Firewall::~Firewall() {} void Firewall::handle_api_client() { diff --git a/ESPFirewall/lib/Firewall/src/Rules.cpp b/ESPFirewall/lib/Firewall/src/Rules.cpp index 4e80232..c292d9c 100644 --- a/ESPFirewall/lib/Firewall/src/Rules.cpp +++ b/ESPFirewall/lib/Firewall/src/Rules.cpp @@ -5,7 +5,7 @@ namespace fw Rules::Rules() { this->amount_of_rules = retrieve_settings_value("amount_of_rules"); - Serial.print("Firewall Rules: "); + Serial.print("Available Firewall Rules: "); Serial.println(amount_of_rules); for (uint8_t i = 1; i <= this->amount_of_rules; i++) { diff --git a/ESPFirewall/lib/Firewall/src/Storage.cpp b/ESPFirewall/lib/Firewall/src/Storage.cpp index 0ab5c6e..71ac0d0 100644 --- a/ESPFirewall/lib/Firewall/src/Storage.cpp +++ b/ESPFirewall/lib/Firewall/src/Storage.cpp @@ -171,67 +171,4 @@ namespace fw EEPROM.commit(); #endif } - - // httpsserver::SSLCert *Storage::retrieve_certificate() - // { - // File keyFile = SPIFFS.open("/key.der"); - // File certFile = SPIFFS.open("/cert.der"); - // if (!keyFile || !certFile || keyFile.size() == 0 || certFile.size() == 0) - // { - // log_e("No server-certificate found in SPIFFS"); - // return NULL; - // } - // size_t keySize = keyFile.size(); - // size_t certSize = certFile.size(); - - // uint8_t *keyBuffer = new uint8_t[keySize]; - // if (keyBuffer == NULL) - // { - // log_w("Not enough memory to load private key"); - // return NULL; - // } - // uint8_t *certBuffer = new uint8_t[certSize]; - // if (certBuffer == NULL) - // { - // delete[] keyBuffer; - // log_w("Not enough memory to load server-certificate"); - // return NULL; - // } - // keyFile.read(keyBuffer, keySize); - // certFile.read(certBuffer, certSize); - - // keyFile.close(); - // certFile.close(); - // return new httpsserver::SSLCert(certBuffer, certSize, keyBuffer, keySize); - // } - - // void Storage::store_certificate(httpsserver::SSLCert *certificate) - // { - // File keyFile = SPIFFS.open("/key.der"); - // File certFile = SPIFFS.open("/cert.der"); - // bool failure = false; - - // keyFile = SPIFFS.open("/key.der", FILE_WRITE); - // if (!keyFile || !keyFile.write(certificate->getPKData(), certificate->getPKLength())) - // { - // log_w("Cannot write /key.der"); - // failure = true; - // } - // if (keyFile) - // keyFile.close(); - - // certFile = SPIFFS.open("/cert.der", FILE_WRITE); - // if (!certFile || !certFile.write(certificate->getCertData(), certificate->getCertLength())) - // { - // log_w("Cannot write /cert.der"); - // failure = true; - // } - // if (certFile) - // certFile.close(); - - // if (failure) - // { - // log_w("Server-certificate could not be stored permanently, generating new certificate on reboot..."); - // } - // } } diff --git a/ESPFirewall/lib/Firewall/src/Storage.hpp b/ESPFirewall/lib/Firewall/src/Storage.hpp index 85e1532..e5996ab 100644 --- a/ESPFirewall/lib/Firewall/src/Storage.hpp +++ b/ESPFirewall/lib/Firewall/src/Storage.hpp @@ -39,9 +39,6 @@ namespace fw void store_all_firewall_rules(firewall_rule_t *); void store_firewall_rule(firewall_rule_t *); - // httpsserver::SSLCert *retrieve_certificate(); - // void store_certificate(httpsserver::SSLCert *); - public: Storage(); ~Storage(); diff --git a/ESPFirewall/src/main.cpp b/ESPFirewall/src/main.cpp index 9494cff..f387983 100644 --- a/ESPFirewall/src/main.cpp +++ b/ESPFirewall/src/main.cpp @@ -1,4 +1,5 @@ #include "theSecrets.h" +#include "theCerts.h" #ifdef ESP32 #include "WiFi.h" @@ -29,7 +30,7 @@ void setup_wifi() void setup() { setup_wifi(); - firewall = new fw::Firewall(api_username, api_password, 8080); + firewall = new fw::Firewall(cert, key, username, password, 8080); } void loop()