Arduino UNO R4 WiFi: allow both username/password and mTLS authentication

Author: pennam

src/AIoTC_Config.h

@@ -158,6 +158,7 @@
 
 #if defined(ARDUINO_UNOR4_WIFI)
   #define BOARD_HAS_SOFTSE
+  #define BOARD_HAS_SECRET_KEY
   #define HAS_TCP
 #endif
 

src/ArduinoIoTCloudTCP.cpp

@@ -24,7 +24,7 @@
 #ifdef HAS_TCP
 #include <ArduinoIoTCloudTCP.h>
 
-#ifdef BOARD_HAS_SECRET_KEY
+#if defined(BOARD_HAS_SECRET_KEY)
   #include "tls/AIoTCUPCert.h"
 #endif
 
@@ -114,8 +114,13 @@ ArduinoIoTCloudTCP::ArduinoIoTCloudTCP()
 int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_watchdog, String brokerAddress, uint16_t brokerPort)
 {
   _connection = &connection;
+#ifdef BOARD_HAS_SECRET_KEY
+  _brokerAddress = _password.length() ? DEFAULT_BROKER_ADDRESS_USER_PASS_AUTH : brokerAddress;
+  _brokerPort = _password.length() ? DEFAULT_BROKER_PORT_USER_PASS_AUTH : brokerPort;
+#else
   _brokerAddress = brokerAddress;
   _brokerPort = brokerPort;
+#endif
   _time_service.begin(&connection);
   return begin(enable_watchdog, _brokerAddress, _brokerPort);
 }
@@ -130,55 +135,60 @@ int ArduinoIoTCloudTCP::begin(bool const enable_watchdog, String brokerAddress,
   DEBUG_VERBOSE("SHA256: HASH(%d) = %s", strlen(_ota_img_sha256.c_str()), _ota_img_sha256.c_str());
 #endif /* OTA_ENABLED */
 
-#if !defined(BOARD_HAS_SECRET_KEY)
-  if (!_crypto.begin())
-  {
-    DEBUG_ERROR("_crypto.begin() failed.");
-    return 0;
-  }
-  if (!SElementArduinoCloudDeviceId::read(_crypto, getDeviceId(), SElementArduinoCloudSlot::DeviceId))
+#if defined(BOARD_HAS_SECRET_KEY)
+  /* If board is not configured for username and password login */
+  if(!_password.length())
   {
-    DEBUG_ERROR("_crypto.readDeviceId(...) failed.");
-    return 0;
-  }
 #endif
-
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_SE050) || defined(BOARD_HAS_SOFTSE)
-  if (!SElementArduinoCloudCertificate::read(_crypto, _cert, SElementArduinoCloudSlot::CompressedCertificate))
-  {
-    DEBUG_ERROR("Cryptography certificate reconstruction failure.");
-    return 0;
+#if defined(BOARD_HAS_SECURE_ELEMENT)
+    if (!_crypto.begin())
+    {
+      DEBUG_ERROR("_crypto.begin() failed.");
+      return 0;
+    }
+    if (!SElementArduinoCloudDeviceId::read(_crypto, getDeviceId(), SElementArduinoCloudSlot::DeviceId))
+    {
+      DEBUG_ERROR("_crypto.readDeviceId(...) failed.");
+      return 0;
+    }
+  #if !defined(BOARD_HAS_OFFLOADED_ECCX08)
+    if (!SElementArduinoCloudCertificate::read(_crypto, _cert, SElementArduinoCloudSlot::CompressedCertificate))
+    {
+      DEBUG_ERROR("Cryptography certificate reconstruction failure.");
+      return 0;
+    }
+  #endif
+#endif
+#if defined(BOARD_HAS_SECRET_KEY)
   }
-  _sslClient.setEccSlot(static_cast<int>(SElementArduinoCloudSlot::Key), _cert.bytes(), _cert.length());
 #endif
 
+#if defined(BOARD_HAS_OFFLOADED_ECCX08)
 
-#if defined(BOARD_HAS_SECRET_KEY)
-  #if defined(ARDUINO_EDGE_CONTROL)
-  _sslClient.appendCustomCACert(AIoTUPCert);
-  #elif defined(ARDUINO_ARCH_ESP32)
-  _sslClient.setCACertBundle(x509_crt_bundle);
-  #else
-  _sslClient.setInsecure();
-  #endif
-#else
-  #if defined(BOARD_HAS_ECCX08)
+#elif defined(BOARD_HAS_ECCX08)
   _sslClient.setClient(_connection->getClient());
-  #elif defined(BOARD_HAS_SE050)
-    #if defined(ARDUINO_PORTENTA_C33)
+  _sslClient.setEccSlot(static_cast<int>(SElementArduinoCloudSlot::Key), _cert.bytes(), _cert.length());
+#elif defined(ARDUINO_PORTENTA_C33)
   _sslClient.setClient(_connection->getClient());
   _sslClient.setCACert(AIoTSSCert);
-    #else
+#elif defined(NICLA_VISION)
   _sslClient.appendCustomCACert(AIoTSSCert);
-    #endif
-  #elif defined(BOARD_HAS_SOFTSE)
-  _sslClient.setCACert(AIoTSSCert, strlen(AIoTSSCert));
-  #endif
+#elif defined(ARDUINO_EDGE_CONTROL)
+  _sslClient.appendCustomCACert(AIoTUPCert);
+#elif defined(ARDUINO_UNOR4_WIFI)
+
+#elif defined(ARDUINO_ARCH_ESP32)
+  _sslClient.setCACertBundle(x509_crt_bundle);
+#elif defined(ARDUINO_ARCH_ESP8266)
+  _sslClient.setInsecure();
 #endif
 
   _mqttClient.setClient(_sslClient);
 #ifdef BOARD_HAS_SECRET_KEY
-  _mqttClient.setUsernamePassword(getDeviceId(), _password);
+  if(_password.length())
+  {
+    _mqttClient.setUsernamePassword(getDeviceId(), _password);
+  }
 #endif
   _mqttClient.onMessage(ArduinoIoTCloudTCP::onMessage);
   _mqttClient.setKeepAliveInterval(30 * 1000);

src/ArduinoIoTCloudTCP.h

@@ -26,42 +26,42 @@
 #include <ArduinoIoTCloud.h>
 #include <ArduinoMqttClient.h>
 
-#if defined(BOARD_HAS_SECRET_KEY)
-  #if defined(BOARD_ESP)
-    #include <WiFiClientSecure.h>
-  #elif defined(ARDUINO_EDGE_CONTROL)
-    #include <GSMSSLClient.h>
-  #endif
-#else
+#if defined(BOARD_HAS_SECURE_ELEMENT)
   #include <Arduino_SecureElement.h>
   #include <utility/SElementArduinoCloudDeviceId.h>
-  #if defined(BOARD_HAS_OFFLOADED_ECCX08)
-  #else
+  #if !defined(BOARD_HAS_OFFLOADED_ECCX08)
     #include <utility/SElementArduinoCloudCertificate.h>
-    #ifdef BOARD_HAS_ECCX08
-      #include "tls/BearSSLClient.h"
-    #elif defined(BOARD_HAS_OFFLOADED_ECCX08)
-      #include <WiFiSSLClient.h>
-    #elif defined(BOARD_HAS_SE050)
-      #if defined(ARDUINO_PORTENTA_C33)
-        #include <SSLClient.h>
-      #else
-        #include <WiFiSSLSE050Client.h>
-      #endif
-    #elif defined(BOARD_HAS_SOFTSE)
-      #include <WiFiSSLClient.h>
-    #endif
   #endif
 #endif
 
+#if defined(BOARD_HAS_OFFLOADED_ECCX08)
+  #include "WiFiSSLClient.h"
+#elif defined(BOARD_HAS_ECCX08)
+  #include "tls/BearSSLClient.h"
+#elif defined(ARDUINO_PORTENTA_C33)
+  #include <SSLClient.h>
+#elif defined(NICLA_VISION)
+  #include <WiFiSSLSE050Client.h>
+#elif defined(ARDUINO_EDGE_CONTROL)
+  #include <GSMSSLClient.h>
+#elif defined(ARDUINO_UNOR4_WIFI)
+  #include <WiFiSSLClient.h>
+#elif defined(BOARD_ESP)
+  #include <WiFiClientSecure.h>
+#endif
+
 /******************************************************************************
    CONSTANTS
  ******************************************************************************/
-
+#if defined(BOARD_HAS_SECURE_ELEMENT)
 static char const DEFAULT_BROKER_ADDRESS_SECURE_AUTH[] = "mqtts-sa.iot.arduino.cc";
 static uint16_t const DEFAULT_BROKER_PORT_SECURE_AUTH = 8883;
+#endif
+
+#if defined(BOARD_HAS_SECRET_KEY)
 static char const DEFAULT_BROKER_ADDRESS_USER_PASS_AUTH[] = "mqtts-up.iot.arduino.cc";
 static uint16_t const DEFAULT_BROKER_PORT_USER_PASS_AUTH = 8884;
+#endif
 
 /******************************************************************************
  * TYPEDEF
@@ -85,11 +85,7 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     virtual int  connected     () override;
     virtual void printDebugInfo() override;
 
-    #if !defined(BOARD_HAS_SECRET_KEY)
     int begin(ConnectionHandler & connection, bool const enable_watchdog = true, String brokerAddress = DEFAULT_BROKER_ADDRESS_SECURE_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_SECURE_AUTH);
-    #else
-    int begin(ConnectionHandler & connection, bool const enable_watchdog = true, String brokerAddress = DEFAULT_BROKER_ADDRESS_USER_PASS_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_USER_PASS_AUTH);
-    #endif
     int begin(bool const enable_watchdog = true, String brokerAddress = DEFAULT_BROKER_ADDRESS_SECURE_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_SECURE_AUTH);
 
     #ifdef BOARD_HAS_SECRET_KEY
@@ -148,29 +144,29 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
 
 #if defined(BOARD_HAS_SECRET_KEY)
     String _password;
-  #if defined(BOARD_ESP)
-    WiFiClientSecure _sslClient;
-  #elif defined(ARDUINO_EDGE_CONTROL)
-    GSMSSLClient _sslClient;
-  #endif
-#else
+#endif
+
+#if defined(BOARD_HAS_SECURE_ELEMENT)
     SecureElement _crypto;
-  #if defined(BOARD_HAS_OFFLOADED_ECCX08)
-    WiFiBearSSLClient _sslClient;
-  #else
-    ECP256Certificate _cert;
-    #if defined(BOARD_HAS_ECCX08)
+  #if !defined(BOARD_HAS_OFFLOADED_ECCX08)
+     ECP256Certificate _cert;
+  #endif
+#endif
+
+#if defined(BOARD_HAS_OFFLOADED_ECCX08)
+    WiFiSSLClient _sslClient;
+#elif defined(BOARD_HAS_ECCX08)
     BearSSLClient _sslClient;
-    #elif defined(BOARD_HAS_SE050)
-      #if defined(ARDUINO_PORTENTA_C33)
+#elif defined(ARDUINO_PORTENTA_C33)
     SSLClient _sslClient;
-      #else
+#elif defined(NICLA_VISION)
     WiFiSSLSE050Client _sslClient;
-      #endif
-    #elif defined(BOARD_HAS_SOFTSE)
+#elif defined(ARDUINO_EDGE_CONTROL)
+    GSMSSLClient _sslClient;
+#elif defined(ARDUINO_UNOR4_WIFI)
     WiFiSSLClient _sslClient;
-    #endif
-  #endif
+#elif defined(BOARD_ESP)
+    WiFiClientSecure _sslClient;
 #endif
 
     MqttClient _mqttClient;

src/tls/AIoTCUPCert.h

@@ -24,7 +24,7 @@
  ******************************************************************************/
 
 #include <AIoTC_Config.h>
-#ifdef ARDUINO_ARCH_ESP32
+#if defined(ARDUINO_ARCH_ESP32) || defined(ARDUINO_UNOR4_WIFI)
 
 /******************************************************************************
  * CONSTANTS