move certs into secret file
This commit is contained in:
parent
80e1d1599d
commit
1b338ce065
10 changed files with 78 additions and 134 deletions
1
ESPFirewall/.gitignore
vendored
1
ESPFirewall/.gitignore
vendored
|
|
@ -3,3 +3,4 @@
|
|||
|
||||
lib/esp32_https_server/
|
||||
include/theSecrets.h
|
||||
include/theCerts.h
|
||||
59
ESPFirewall/include/theCerts-example.h
Normal file
59
ESPFirewall/include/theCerts-example.h
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
#ifndef THECERTS_H
|
||||
#define THECERTS_H
|
||||
|
||||
#include "pgmspace.h"
|
||||
|
||||
const char serverCert[] PROGMEM = R"EOF(
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
|
||||
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx
|
||||
EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w
|
||||
HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX
|
||||
DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh
|
||||
dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y
|
||||
X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj
|
||||
oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI
|
||||
t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO
|
||||
S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy
|
||||
+O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM
|
||||
E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb
|
||||
fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC
|
||||
JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m
|
||||
+TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA
|
||||
5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg==
|
||||
-----END CERTIFICATE-----
|
||||
)EOF";
|
||||
|
||||
const char serverKey[] PROGMEM = R"EOF(
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI
|
||||
IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z
|
||||
uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf
|
||||
zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+
|
||||
ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh
|
||||
BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8
|
||||
djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T
|
||||
yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M
|
||||
q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr
|
||||
eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN
|
||||
d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn
|
||||
geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y
|
||||
84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx
|
||||
/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim
|
||||
RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu
|
||||
DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg
|
||||
rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW
|
||||
YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK
|
||||
iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X
|
||||
jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ
|
||||
zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV
|
||||
kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt
|
||||
/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO
|
||||
j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg
|
||||
gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
)EOF";
|
||||
|
||||
#endif
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
const char *ssid = "Wifi";
|
||||
const char *psk = "password";
|
||||
const char *api_username = "username";
|
||||
const char *api_password = "password";
|
||||
const char *username = "username";
|
||||
const char *password = "password";
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
namespace fw
|
||||
{
|
||||
API::API(const char *username, const char *password, const uint16_t port)
|
||||
API::API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port)
|
||||
{
|
||||
if (this->setup_auth(username, password) == ERROR)
|
||||
endless_loop();
|
||||
|
|
@ -12,14 +12,16 @@ namespace fw
|
|||
this->server = new ESP8266WebServerSecure(port);
|
||||
this->serverCache = new ServerSessions(5);
|
||||
#endif
|
||||
this->setup_routing();
|
||||
Serial.println("Starting server...");
|
||||
this->setup_routing(cert, key);
|
||||
Serial.printf("Starting server on port %i...\n", port);
|
||||
this->server->begin();
|
||||
}
|
||||
|
||||
API::~API()
|
||||
{
|
||||
this->server->stop();
|
||||
}
|
||||
|
||||
void API::handle_client()
|
||||
{
|
||||
this->server->handleClient();
|
||||
|
|
@ -55,10 +57,10 @@ namespace fw
|
|||
}
|
||||
}
|
||||
|
||||
void API::setup_routing()
|
||||
void API::setup_routing(const char *cert, const char *key)
|
||||
{
|
||||
#ifdef ESP8266
|
||||
this->server->getServer().setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey));
|
||||
this->server->getServer().setRSACert(new BearSSL::X509List(cert), new BearSSL::PrivateKey(key));
|
||||
this->server->getServer().setCache(serverCache);
|
||||
#endif
|
||||
this->server->on(UriRegex("/api/v1/firewall/([0-9]+)"), HTTP_GET, std::bind(&API::get_firewall_rule_handler, this));
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
#ifdef ESP32
|
||||
#include "WebServer.h"
|
||||
#elif defined(ESP8266)
|
||||
#include "ESP8266WebServer.h"
|
||||
#include "ESP8266WebServerSecure.h"
|
||||
#endif
|
||||
|
||||
|
|
@ -13,59 +12,6 @@
|
|||
#include "Rules.hpp"
|
||||
#include "Utils.hpp"
|
||||
|
||||
static const char serverCert[] PROGMEM = R"EOF(
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSzCCAjMCCQD2ahcfZAwXxDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC
|
||||
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU9yYW5nZSBDb3VudHkx
|
||||
EDAOBgNVBAoMB1ByaXZhZG8xGjAYBgNVBAMMEXNlcnZlci56bGFiZWwuY29tMR8w
|
||||
HQYJKoZIhvcNAQkBFhBlYXJsZUB6bGFiZWwuY29tMB4XDTE4MDMwNjA1NDg0NFoX
|
||||
DTE5MDMwNjA1NDg0NFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3Rh
|
||||
dGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAPVKBwbZ+KDSl40YCDkP6y8Sv4iNGvEOZg8Y
|
||||
X7sGvf/xZH7UiCBWPFIRpNmDSaZ3yjsmFqm6sLiYSGSdrBCFqdt9NTp2r7hga6Sj
|
||||
oASSZY4B9pf+GblDy5m10KDx90BFKXdPMCLT+o76Nx9PpCvw13A848wHNG3bpBgI
|
||||
t+w/vJCX3bkRn8yEYAU6GdMbYe7v446hX3kY5UmgeJFr9xz1kq6AzYrMt/UHhNzO
|
||||
S+QckJaY0OGWvmTNspY3xCbbFtIDkCdBS8CZAw+itnofvnWWKQEXlt6otPh5njwy
|
||||
+O1t/Q+Z7OMDYQaH02IQx3188/kW3FzOY32knER1uzjmRO+jhA8CAwEAATANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAnDrROGRETB0woIcI1+acY1yRq4yAcH2/hdq2MoM+DCyM
|
||||
E8CJaOznGR9ND0ImWpTZqomHOUkOBpvu7u315blQZcLbL1LfHJGRTCHVhvVrcyEb
|
||||
fWTnRtAQdlirUm/obwXIitoz64VSbIVzcqqfg9C6ZREB9JbEX98/9Wp2gVY+31oC
|
||||
JfUvYadSYxh3nblvA4OL+iEZiW8NE3hbW6WPXxvS7Euge0uWMPc4uEcnsE0ZVG3m
|
||||
+TGimzSdeWDvGBRWZHXczC2zD4aoE5vrl+GD2i++c6yjL/otHfYyUpzUfbI2hMAA
|
||||
5tAF1D5vAAwA8nfPysumlLsIjohJZo4lgnhB++AlOg==
|
||||
-----END CERTIFICATE-----
|
||||
)EOF";
|
||||
|
||||
static const char serverKey[] PROGMEM = R"EOF(
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA9UoHBtn4oNKXjRgIOQ/rLxK/iI0a8Q5mDxhfuwa9//FkftSI
|
||||
IFY8UhGk2YNJpnfKOyYWqbqwuJhIZJ2sEIWp2301OnavuGBrpKOgBJJljgH2l/4Z
|
||||
uUPLmbXQoPH3QEUpd08wItP6jvo3H0+kK/DXcDzjzAc0bdukGAi37D+8kJfduRGf
|
||||
zIRgBToZ0xth7u/jjqFfeRjlSaB4kWv3HPWSroDNisy39QeE3M5L5ByQlpjQ4Za+
|
||||
ZM2yljfEJtsW0gOQJ0FLwJkDD6K2eh++dZYpAReW3qi0+HmePDL47W39D5ns4wNh
|
||||
BofTYhDHfXzz+RbcXM5jfaScRHW7OOZE76OEDwIDAQABAoIBAQDKov5NFbNFQNR8
|
||||
djcM1O7Is6dRaqiwLeH4ZH1pZ3d9QnFwKanPdQ5eCj9yhfhJMrr5xEyCqT0nMn7T
|
||||
yEIGYDXjontfsf8WxWkH2TjvrfWBrHOIOx4LJEvFzyLsYxiMmtZXvy6YByD+Dw2M
|
||||
q2GH/24rRdI2klkozIOyazluTXU8yOsSGxHr/aOa9/sZISgLmaGOOuKI/3Zqjdhr
|
||||
eHeSqoQFt3xXa8jw01YubQUDw/4cv9rk2ytTdAoQUimiKtgtjsggpP1LTq4xcuqN
|
||||
d4jWhTcnorWpbD2cVLxrEbnSR3VuBCJEZv5axg5ZPxLEnlcId8vMtvTRb5nzzszn
|
||||
geYUWDPhAoGBAPyKVNqqwQl44oIeiuRM2FYenMt4voVaz3ExJX2JysrG0jtCPv+Y
|
||||
84R6Cv3nfITz3EZDWp5sW3OwoGr77lF7Tv9tD6BptEmgBeuca3SHIdhG2MR+tLyx
|
||||
/tkIAarxQcTGsZaSqra3gXOJCMz9h2P5dxpdU+0yeMmOEnAqgQ8qtNBfAoGBAPim
|
||||
RAtnrd0WSlCgqVGYFCvDh1kD5QTNbZc+1PcBHbVV45EmJ2fLXnlDeplIZJdYxmzu
|
||||
DMOxZBYgfeLY9exje00eZJNSj/csjJQqiRftrbvYY7m5njX1kM5K8x4HlynQTDkg
|
||||
rtKO0YZJxxmjRTbFGMegh1SLlFLRIMtehNhOgipRAoGBAPnEEpJGCS9GGLfaX0HW
|
||||
YqwiEK8Il12q57mqgsq7ag7NPwWOymHesxHV5mMh/Dw+NyBi4xAGWRh9mtrUmeqK
|
||||
iyICik773Gxo0RIqnPgd4jJWN3N3YWeynzulOIkJnSNx5BforOCTc3uCD2s2YB5X
|
||||
jx1LKoNQxLeLRN8cmpIWicf/AoGBANjRSsZTKwV9WWIDJoHyxav/vPb+8WYFp8lZ
|
||||
zaRxQbGM6nn4NiZI7OF62N3uhWB/1c7IqTK/bVHqFTuJCrCNcsgld3gLZ2QWYaMV
|
||||
kCPgaj1BjHw4AmB0+EcajfKilcqtSroJ6MfMJ6IclVOizkjbByeTsE4lxDmPCDSt
|
||||
/9MKanBxAoGAY9xo741Pn9WUxDyRplww606ccdNf/ksHWNc/Y2B5SPwxxSnIq8nO
|
||||
j01SmsCUYVFAgZVOTiiycakjYLzxlc6p8BxSVqy6LlJqn95N8OXoQ+bkwUux/ekg
|
||||
gz5JWYhbD6c38khSzJb0pNXCo3EuYAVa36kDM96k1BtWuhRS10Q1VXk=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
)EOF";
|
||||
|
||||
namespace fw
|
||||
{
|
||||
class API : public Rules
|
||||
|
|
@ -82,7 +28,7 @@ namespace fw
|
|||
ok_t setup_auth(const char *, const char *);
|
||||
auth_t check_auth();
|
||||
|
||||
void setup_routing();
|
||||
void setup_routing(const char *, const char *);
|
||||
void get_firewall_rule_handler();
|
||||
void get_firewall_rules_handler();
|
||||
void post_firewall_handler();
|
||||
|
|
@ -101,7 +47,7 @@ namespace fw
|
|||
void handle_client();
|
||||
|
||||
public:
|
||||
API(const char *, const char *, const uint16_t);
|
||||
API(const char *cert, const char *key, const char *username, const char *password, const uint16_t port);
|
||||
~API();
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,12 +9,13 @@ namespace fw
|
|||
{
|
||||
private:
|
||||
public:
|
||||
Firewall(const char *, const char *, const uint16_t = 8080);
|
||||
Firewall(const char *, const char *, const char *, const char *, const uint16_t = 8080);
|
||||
~Firewall();
|
||||
void handle_api_client();
|
||||
};
|
||||
|
||||
Firewall::Firewall(const char *api_username, const char *api_password, const uint16_t port) : API(api_username, api_password, port) {}
|
||||
Firewall::Firewall(const char *cert, const char *key, const char *username, const char *password, const uint16_t port)
|
||||
: API(cert, key, username, password, port) {}
|
||||
Firewall::~Firewall() {}
|
||||
void Firewall::handle_api_client()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ namespace fw
|
|||
Rules::Rules()
|
||||
{
|
||||
this->amount_of_rules = retrieve_settings_value("amount_of_rules");
|
||||
Serial.print("Firewall Rules: ");
|
||||
Serial.print("Available Firewall Rules: ");
|
||||
Serial.println(amount_of_rules);
|
||||
for (uint8_t i = 1; i <= this->amount_of_rules; i++)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -171,67 +171,4 @@ namespace fw
|
|||
EEPROM.commit();
|
||||
#endif
|
||||
}
|
||||
|
||||
// httpsserver::SSLCert *Storage::retrieve_certificate()
|
||||
// {
|
||||
// File keyFile = SPIFFS.open("/key.der");
|
||||
// File certFile = SPIFFS.open("/cert.der");
|
||||
// if (!keyFile || !certFile || keyFile.size() == 0 || certFile.size() == 0)
|
||||
// {
|
||||
// log_e("No server-certificate found in SPIFFS");
|
||||
// return NULL;
|
||||
// }
|
||||
// size_t keySize = keyFile.size();
|
||||
// size_t certSize = certFile.size();
|
||||
|
||||
// uint8_t *keyBuffer = new uint8_t[keySize];
|
||||
// if (keyBuffer == NULL)
|
||||
// {
|
||||
// log_w("Not enough memory to load private key");
|
||||
// return NULL;
|
||||
// }
|
||||
// uint8_t *certBuffer = new uint8_t[certSize];
|
||||
// if (certBuffer == NULL)
|
||||
// {
|
||||
// delete[] keyBuffer;
|
||||
// log_w("Not enough memory to load server-certificate");
|
||||
// return NULL;
|
||||
// }
|
||||
// keyFile.read(keyBuffer, keySize);
|
||||
// certFile.read(certBuffer, certSize);
|
||||
|
||||
// keyFile.close();
|
||||
// certFile.close();
|
||||
// return new httpsserver::SSLCert(certBuffer, certSize, keyBuffer, keySize);
|
||||
// }
|
||||
|
||||
// void Storage::store_certificate(httpsserver::SSLCert *certificate)
|
||||
// {
|
||||
// File keyFile = SPIFFS.open("/key.der");
|
||||
// File certFile = SPIFFS.open("/cert.der");
|
||||
// bool failure = false;
|
||||
|
||||
// keyFile = SPIFFS.open("/key.der", FILE_WRITE);
|
||||
// if (!keyFile || !keyFile.write(certificate->getPKData(), certificate->getPKLength()))
|
||||
// {
|
||||
// log_w("Cannot write /key.der");
|
||||
// failure = true;
|
||||
// }
|
||||
// if (keyFile)
|
||||
// keyFile.close();
|
||||
|
||||
// certFile = SPIFFS.open("/cert.der", FILE_WRITE);
|
||||
// if (!certFile || !certFile.write(certificate->getCertData(), certificate->getCertLength()))
|
||||
// {
|
||||
// log_w("Cannot write /cert.der");
|
||||
// failure = true;
|
||||
// }
|
||||
// if (certFile)
|
||||
// certFile.close();
|
||||
|
||||
// if (failure)
|
||||
// {
|
||||
// log_w("Server-certificate could not be stored permanently, generating new certificate on reboot...");
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,9 +39,6 @@ namespace fw
|
|||
void store_all_firewall_rules(firewall_rule_t *);
|
||||
void store_firewall_rule(firewall_rule_t *);
|
||||
|
||||
// httpsserver::SSLCert *retrieve_certificate();
|
||||
// void store_certificate(httpsserver::SSLCert *);
|
||||
|
||||
public:
|
||||
Storage();
|
||||
~Storage();
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
#include "theSecrets.h"
|
||||
#include "theCerts.h"
|
||||
|
||||
#ifdef ESP32
|
||||
#include "WiFi.h"
|
||||
|
|
@ -29,7 +30,7 @@ void setup_wifi()
|
|||
void setup()
|
||||
{
|
||||
setup_wifi();
|
||||
firewall = new fw::Firewall(api_username, api_password, 8080);
|
||||
firewall = new fw::Firewall(cert, key, username, password, 8080);
|
||||
}
|
||||
|
||||
void loop()
|
||||
|
|
|
|||
Reference in a new issue