Merge pull request #524 from pennam/fix-unor4-up

pennam · web-flow · commit 2934090bc273 · 2025-01-28T09:51:41.000+01:00
Fix UNO R4 WiFi username password authentication
diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp
@@ -84,20 +84,25 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
   _connection = &connection;
   _brokerAddress = brokerAddress;
 
+  ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE;
+#if defined (BOARD_HAS_SECRET_KEY)
+  /* If board supports and sketch is configured for username and password login */
+  if(_password.length()) {
+    authMode = ArduinoIoTAuthenticationMode::PASSWORD;
+  }
+#endif
+
   /* Setup broker TLS client */
-  _brokerClient.begin(connection);
+  _brokerClient.begin(connection, authMode);
 
 #if  OTA_ENABLED
   /* Setup OTA TLS client */
   _otaClient.begin(connection);
 #endif
 
-#if defined (BOARD_HAS_SECRET_KEY)
-  /* If board is not configured for username and password login */
-  if(!_password.length())
+  /* If board is configured for certificate authentication and mTLS */
+  if(authMode == ArduinoIoTAuthenticationMode::CERTIFICATE)
   {
-#endif
-
 #if defined(BOARD_HAS_SECURE_ELEMENT)
     if (!_selement.begin())
     {
@@ -130,14 +135,11 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
   #endif
     _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? mqttPort() : brokerPort;
 #endif
-
-#if defined(BOARD_HAS_SECRET_KEY)
   }
   else
   {
     _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? DEFAULT_BROKER_PORT_USER_PASS_AUTH : brokerPort;
   }
-#endif
 
   /* Setup TimeService */
   _time_service.begin(_connection);
diff --git a/src/ArduinoIoTCloudTCP.h b/src/ArduinoIoTCloudTCP.h
@@ -162,7 +162,6 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     String _dataTopicOut;
     String _dataTopicIn;
 
-
 #if OTA_ENABLED
     TLSClientOta _otaClient;
     ArduinoCloudOTA _ota;
diff --git a/src/tls/utility/TLSClientMqtt.cpp b/src/tls/utility/TLSClientMqtt.cpp
@@ -33,23 +33,29 @@
   }
 #endif
 
-void TLSClientMqtt::begin(ConnectionHandler & connection) {
+
+void TLSClientMqtt::begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode) {
 
 #if defined(BOARD_HAS_OFFLOADED_ECCX08)
   /* Arduino Root CA is configured in nina-fw
    * https://github.com/arduino/nina-fw/blob/master/arduino/libraries/ArduinoBearSSL/src/BearSSLTrustAnchors.h
    */
+  (void)authMode;
 #elif defined(BOARD_HAS_ECCX08)
+  (void)authMode;
   setClient(connection.getClient());
   setProfile(aiotc_client_profile_init);
   setTrustAnchors(ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM);
   onGetTime(getTime);
 #elif defined(ARDUINO_PORTENTA_C33)
+  (void)authMode;
   setClient(connection.getClient());
   setCACert(AIoTSSCert);
 #elif defined(ARDUINO_NICLA_VISION)
+  (void)authMode;
   appendCustomCACert(AIoTSSCert);
 #elif defined(ARDUINO_EDGE_CONTROL)
+  (void)authMode;
   appendCustomCACert(AIoTUPCert);
 #elif defined(ARDUINO_UNOR4_WIFI)
   /* Arduino Root CA is configured in uno-r4-wifi-usb-bridge fw >= 0.4.1
@@ -60,10 +66,14 @@ void TLSClientMqtt::begin(ConnectionHandler & connection) {
    */
   (void)connection;
   /* Temporary force CACert to add new CA without rebuilding firmware */
-  setCACert(AIoTSSCert);
+  if (authMode == ArduinoIoTAuthenticationMode::CERTIFICATE) {
+    setCACert(AIoTSSCert);
+  }
 #elif defined(ARDUINO_ARCH_ESP32)
+  (void)authMode;
   setCACert(AIoTUPCert);
 #elif defined(ARDUINO_ARCH_ESP8266)
+  (void)authMode;
   setInsecure();
 #endif
 }
diff --git a/src/tls/utility/TLSClientMqtt.h b/src/tls/utility/TLSClientMqtt.h
@@ -13,6 +13,12 @@
 #include <Arduino_ConnectionHandler.h>
 #include <AIoTC_Config.h>
 
+enum class ArduinoIoTAuthenticationMode
+{
+  PASSWORD,
+  CERTIFICATE
+};
+
 #if defined(BOARD_HAS_OFFLOADED_ECCX08)
   /*
    * Arduino MKR WiFi1010 - WiFi
@@ -24,6 +30,7 @@
   /*
    * Arduino MKR GSM 1400
    * Arduino MKR NB 1500
+   * Arduino NANO RP 2040
    * Arduino Portenta H7
    * Arduino Giga R1
    * OPTA
@@ -64,6 +71,6 @@
 #endif
 
 public:
-  void begin(ConnectionHandler & connection);
+  void begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE);
 
 };
diff --git a/src/tls/utility/TLSClientOta.h b/src/tls/utility/TLSClientOta.h
@@ -24,6 +24,7 @@
   /*
    * Arduino MKR GSM 1400
    * Arduino MKR NB 1500
+   * Arduino NANO RP 2040
    * Arduino Portenta H7
    * Arduino Giga R1
    * OPTA
