Added ESP32 support and fixed server verification

Author: snorklerjoe

server.cpp

@@ -12,13 +12,26 @@ WiFiClientSecure client;
 HTTPClient http;
 
 int CubeServer::_begin_client(String path) {
+#ifdef ARDUINO_ARCH_ESP32  // ESP32 version only (8266 automatically verifies)--
+  client.setInsecure(); // Not an issue since we'll manually verify the certificate:
+#else   // ESP8266 version only  (BearSSL)--
+  //client.allowSelfSignedCerts();
+  client.setX509Time(this->_timestamp);
+  client.setFingerprint(this->_server_fingerprint);
+#endif
   int connStatus = client.connect(this->_conf.API_HOST, this->_conf.API_PORT);
-  if(connStatus >= 0) {
-    //if(client.verify(server_fingerprint, this->_conf.API_HOST)) {
-      http.begin(client, this->_conf.API_HOST + ':' + this->_conf.API_PORT + path);
+#ifdef ARDUINO_ARCH_ESP8266
+  ++connStatus;
+#endif
+  if(connStatus > 0) {
+#ifdef ARDUINO_ARCH_ESP32  // ESP32 version only (8266 automatically verifies)--
+    if(!client.verify(this->_server_fingerprint, this->_conf.API_CN))
+      return VERIFICATION_FAILED;
+#endif
+      // TODO: Make this more efficient by avoiding Strings:
+      http.begin(client, String(this->_conf.API_HOST) + ':' + this->_conf.API_PORT + path);
       http.setAuthorization(this->_team_name, this->_team_secret);
       return VERIFICATION_OK;
-    //} return VERIFICATION_FAILED;
   }
   return connStatus;
 }
@@ -28,8 +41,8 @@ CubeServer::CubeServer(const char * team_name, const char * team_secret, const c
   this->_team_name = team_name;
   this->_team_secret = team_secret;
   this->_conf = conf;
-  client.setX509Time(timestamp);  // Use the build timestamp since we don't have NTP access
-  client.setFingerprint(server_fingerprint);
+  this->_server_fingerprint = server_fingerprint;
+  this->_timestamp = timestamp;
 }
 
 int CubeServer::connect(bool (*connection_wait_loop)()) {
@@ -38,6 +51,7 @@ int CubeServer::connect(bool (*connection_wait_loop)()) {
   while(WiFi.status() != WL_CONNECTED) {
     if(!connection_wait_loop()) return false;
   }
+
   return client.connect(this->_conf.API_HOST, this->_conf.API_PORT);
 }
 
@@ -58,6 +72,7 @@ int CubeServer::get_status(GameStatus* stats_var) {
       StaticJsonDocument<512> doc;
       DeserializationError error = deserializeJson(doc, http.getStream());
       if(error) {
+        http.end();
         return -1;
       }
       stats_var->unix_time = doc["unix_time"];
@@ -77,8 +92,8 @@ int CubeServer::post(char *json) {
   if(verification_status == VERIFICATION_OK) {
     http.addHeader("Content-Type", "application/x-www-form-urlencoded", false, true);
     int httpCode = http.POST(String("data=") + json + '&');
-    return httpCode;
     http.end();
+    return httpCode;
   }
   http.end();
   return verification_status;

server.h

@@ -6,50 +6,49 @@
  * 
  */
 
-
 #ifndef CUBESERVER_SERVER_H
 #define CUBESERVER_SERVER_H
 
 #include <Arduino.h>
 
-#include <ArduinoJson.h>
-
 #ifdef ARDUINO_ARCH_ESP8266  // ESP8266 version--
 # include <ESP8266WiFi.h>
 # include <ESP8266HTTPClient.h>
-#include <WiFiClientSecure.h>
-
-# include <WiFiClient.h>
 #elif ARDUINO_ARCH_ESP32  // ESP32 version--
-# error "ESP32 is not *yet* supported by this library"
+#include <WiFi.h>
+#include <HTTPClient.h>
 #else
 # error "Unsupported Architecture."
 #endif
 
+#include <ArduinoJson.h>
+#include <WiFiClientSecure.h>
+
 #include "server_options.h"
 
 #include "compile_time.h"
 
 
 #define VERIFICATION_OK 1
-#define VERIFICATION_FAILED -16
+#define VERIFICATION_FAILED -1
 
 
 
 extern WiFiClientSecure client;
 extern HTTPClient http;
-extern uint8_t server_fingerprint[32];
 
 typedef struct CubeServerConfig {
-  String AP_SSID;
-  String API_HOST;
+  const char *AP_SSID;
+  const char *API_CN;
+  const char *API_HOST;
   int API_PORT;
 } CubeServerConfig;
 
 
 const CubeServerConfig CUBESERVER_DEFAULT_CONFIG = {
   "CubeServer-API",
-  "https://192.168.252.1",
+  "api.local",
+  "https://api.local",
   8081
 };
 
@@ -65,6 +64,9 @@ class CubeServer {
     const char * _team_name;
     const char * _team_secret;
     CubeServerConfig _conf;
+    const char *_server_fingerprint;
+    unsigned int _timestamp;
+
 
     int _begin_client(String path);
 
@@ -74,7 +76,11 @@ class CubeServer {
     CubeServer(const char * team_name, const char * team_secret, const char * server_fingerprint) : CubeServer(team_name, team_secret, server_fingerprint, CUBESERVER_DEFAULT_CONFIG) {};
 
 #ifdef CLIENT_CONF_H
-    CubeServer() : CubeServer(TEAM_NAME, TEAM_SECRET, SERVER_FINGERPRINT) {};
+#ifdef ARDUINO_ARCH_ESP32  // Only ESP32 can handle the sha256 fingerprint:
+  CubeServer() : CubeServer(TEAM_NAME, TEAM_SECRET, SERVER_FINGERPRINT_SHA256) {};
+#else
+  CubeServer() : CubeServer(TEAM_NAME, TEAM_SECRET, SERVER_FINGERPRINT) {};
+#endif
 #endif
 
     // connect to the wifi access point: