HS-Esslingen/esp-firewall
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move certs into secret file

Browse source
This commit is contained in:
Florian Hoss 2022-04-24 18:28:41 +02:00
parent 80e1d1599d
commit 1b338ce065
10 changed files with 78 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ESPFirewall/.gitignore vendored
View file

@ -2,4 +2,5 @@
.vscode .vscode
lib/esp32_https_server/ lib/esp32_https_server/
include/theSecrets.h include/theSecrets.h
include/theCerts.h

59
ESPFirewall/include/theCerts-example.h Normal file
View file

@ -0,0 +1,59 @@
#ifndef THECERTS_H
#define THECERTS_H
#include "pgmspace.h"
const char serverCert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx
EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w
HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX
DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh
dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y
X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj
oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI
t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO
S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy
+O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM
E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb
fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC
JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m
+TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA
5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg==
-----END CERTIFICATE-----
)EOF";
const char serverKey[] PROGMEM = R"EOF(
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI
IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z
uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf
zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+
ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh
BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8
djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T
yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M
q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr
eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN
d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn
geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y
84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx
/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim
RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu
DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg
rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW
YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK
iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X
jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ
zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV
kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt
/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO
j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg
gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk=
-----END RSA PRIVATE KEY-----
)EOF";
#endif

4
ESPFirewall/include/theSecrets-example.h
View file

@ -3,7 +3,7 @@
const char *ssid = "Wifi"; const char *ssid = "Wifi";
const char *psk = "password"; const char *psk = "password";
const char *api_username = "username"; const char *username = "username";
const char *api_password = "password"; const char *password = "password";
#endif #endif

12
ESPFirewall/lib/Firewall/src/API.cpp
View file

@ -2,7 +2,7 @@
namespace fw namespace fw
{ {
API::API(const char *username, const char *password, const uint16_t port) API::API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port)
{ {
if (this->setup_auth(username, password) == ERROR) if (this->setup_auth(username, password) == ERROR)
endless_loop(); endless_loop();
@ -12,14 +12,16 @@ namespace fw
this->server = new ESP8266WebServerSecure(port); this->server = new ESP8266WebServerSecure(port);
this->serverCache = new ServerSessions(5); this->serverCache = new ServerSessions(5);
#endif #endif
this->setup_routing(); this->setup_routing(cert, key);
Serial.println("Starting server..."); Serial.printf("Starting server on port %i...\n", port);
this->server->begin(); this->server->begin();
} }
API::~API() API::~API()
{ {
this->server->stop();
} }
void API::handle_client() void API::handle_client()
{ {
this->server->handleClient(); this->server->handleClient();
@ -55,10 +57,10 @@ namespace fw
} }
} }
void API::setup_routing() void API::setup_routing(const char *cert, const char *key)
{ {
#ifdef ESP8266 #ifdef ESP8266
this->server->getServer().setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey)); this->server->getServer().setRSACert(new BearSSL::X509List(cert), new BearSSL::PrivateKey(key));
this->server->getServer().setCache(serverCache); this->server->getServer().setCache(serverCache);
#endif #endif
this->server->on(UriRegex("/api/v1/firewall/([0-9]+)"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this)); this->server->on(UriRegex("/api/v1/firewall/([0-9]+)"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this));

58
ESPFirewall/lib/Firewall/src/API.hpp
View file

@ -4,7 +4,6 @@
#ifdef ESP32 #ifdef ESP32
#include "WebServer.h" #include "WebServer.h"
#elif defined(ESP8266) #elif defined(ESP8266)
#include "ESP8266WebServer.h"
#include "ESP8266WebServerSecure.h" #include "ESP8266WebServerSecure.h"
#endif #endif
@ -13,59 +12,6 @@
#include "Rules.hpp" #include "Rules.hpp"
#include "Utils.hpp" #include "Utils.hpp"
static const char serverCert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx
EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w
HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX
DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh
dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y
X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj
oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI
t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO
S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy
+O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq
hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM
E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb
fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC
JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m
+TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA
5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg==
-----END CERTIFICATE-----
)EOF";
static const char serverKey[] PROGMEM = R"EOF(
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI
IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z
uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf
zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+
ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh
BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8
djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T
yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M
q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr
eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN
d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn
geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y
84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx
/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim
RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu
DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg
rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW
YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK
iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X
jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ
zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV
kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt
/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO
j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg
gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk=
-----END RSA PRIVATE KEY-----
)EOF";
namespace fw namespace fw
{ {
class API : public Rules class API : public Rules
@ -82,7 +28,7 @@ namespace fw
ok_t setup_auth(const char *, const char *); ok_t setup_auth(const char *, const char *);
auth_t check_auth(); auth_t check_auth();
void setup_routing(); void setup_routing(const char *, const char *);
void get_firewall_rule_handler(); void get_firewall_rule_handler();
void get_firewall_rules_handler(); void get_firewall_rules_handler();
void post_firewall_handler(); void post_firewall_handler();
@ -101,7 +47,7 @@ namespace fw
void handle_client(); void handle_client();
public: public:
API(const char *, const char *, const uint16_t); API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port);
~API(); ~API();
}; };
} }

5
ESPFirewall/lib/Firewall/src/Firewall.hpp
View file

@ -9,12 +9,13 @@ namespace fw
{ {
private: private:
public: public:
Firewall(const char *, const char *, const uint16_t = 8080); Firewall(const char *, const char *, const char *, const char *, const uint16_t = 8080);
~Firewall(); ~Firewall();
void handle_api_client(); void handle_api_client();
}; };
Firewall::Firewall(const char *api_username, const char *api_password, const uint16_t port) : API(api_username, api_password, port) {} Firewall::Firewall(const char *cert, const char *key, const char *username, const char *password, const uint16_t port)
: API(cert, key, username, password, port) {}
Firewall::~Firewall() {} Firewall::~Firewall() {}
void Firewall::handle_api_client() void Firewall::handle_api_client()
{ {

2
ESPFirewall/lib/Firewall/src/Rules.cpp
View file

@ -5,7 +5,7 @@ namespace fw
Rules::Rules() Rules::Rules()
{ {
this->amount_of_rules = retrieve_settings_value("amount_of_rules"); this->amount_of_rules = retrieve_settings_value("amount_of_rules");
Serial.print("Firewall Rules: "); Serial.print("Available Firewall Rules: ");
Serial.println(amount_of_rules); Serial.println(amount_of_rules);
for (uint8_t i = 1; i <= this->amount_of_rules; i++) for (uint8_t i = 1; i <= this->amount_of_rules; i++)
{ {

63
ESPFirewall/lib/Firewall/src/Storage.cpp
View file

@ -171,67 +171,4 @@ namespace fw
EEPROM.commit(); EEPROM.commit();
#endif #endif
} }
// httpsserver::SSLCert *Storage::retrieve_certificate()
// {
// File keyFile = SPIFFS.open("/key.der");
// File certFile = SPIFFS.open("/cert.der");
// if (!keyFile || !certFile || keyFile.size() == 0 || certFile.size() == 0)
// {
// log_e("No server-certificate found in SPIFFS");
// return NULL;
// }
// size_t keySize = keyFile.size();
// size_t certSize = certFile.size();
// uint8_t *keyBuffer = new uint8_t[keySize];
// if (keyBuffer == NULL)
// {
// log_w("Not enough memory to load private key");
// return NULL;
// }
// uint8_t *certBuffer = new uint8_t[certSize];
// if (certBuffer == NULL)
// {
// delete[] keyBuffer;
// log_w("Not enough memory to load server-certificate");
// return NULL;
// }
// keyFile.read(keyBuffer, keySize);
// certFile.read(certBuffer, certSize);
// keyFile.close();
// certFile.close();
// return new httpsserver::SSLCert(certBuffer, certSize, keyBuffer, keySize);
// }
// void Storage::store_certificate(httpsserver::SSLCert *certificate)
// {
// File keyFile = SPIFFS.open("/key.der");
// File certFile = SPIFFS.open("/cert.der");
// bool failure = false;
// keyFile = SPIFFS.open("/key.der", FILE_WRITE);
// if (!keyFile || !keyFile.write(certificate->getPKData(), certificate->getPKLength()))
// {
// log_w("Cannot write /key.der");
// failure = true;
// }
// if (keyFile)
// keyFile.close();
// certFile = SPIFFS.open("/cert.der", FILE_WRITE);
// if (!certFile || !certFile.write(certificate->getCertData(), certificate->getCertLength()))
// {
// log_w("Cannot write /cert.der");
// failure = true;
// }
// if (certFile)
// certFile.close();
// if (failure)
// {
// log_w("Server-certificate could not be stored permanently, generating new certificate on reboot...");
// }
// }
} }

3
ESPFirewall/lib/Firewall/src/Storage.hpp
View file

@ -39,9 +39,6 @@ namespace fw
void store_all_firewall_rules(firewall_rule_t *); void store_all_firewall_rules(firewall_rule_t *);
void store_firewall_rule(firewall_rule_t *); void store_firewall_rule(firewall_rule_t *);
// httpsserver::SSLCert *retrieve_certificate();
// void store_certificate(httpsserver::SSLCert *);
public: public:
Storage(); Storage();
~Storage(); ~Storage();

3
ESPFirewall/src/main.cpp
View file

@ -1,4 +1,5 @@
#include "theSecrets.h" #include "theSecrets.h"
#include "theCerts.h"
#ifdef ESP32 #ifdef ESP32
#include "WiFi.h" #include "WiFi.h"
@ -29,7 +30,7 @@ void setup_wifi()
void setup() void setup()
{ {
setup_wifi(); setup_wifi();
firewall = new fw::Firewall(api_username, api_password, 8080); firewall = new fw::Firewall(cert, key, username, password, 8080);
} }
void loop() void loop()