Skip to content

Fix UNO R4 WiFi username password authentication #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 28, 2025
Merged

Fix UNO R4 WiFi username password authentication #524

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a3fd185
Add missing comment about nano rp2040
pennam Jan 27, 2025
da6b106
Add ArduinoIoTAuthenticationMode enum
pennam Jan 27, 2025
78f6a35
TLSClientMqtt: add ArduinoIoTAuthenticationMode parameter
pennam Jan 27, 2025
3a50cc6
TLSClientMqtt: force CA only if UNOR4 is using CERTIFICATE auth mode
pennam Jan 27, 2025
cfc895c
ArduinoIoTCloudTCP: configure ArduinoIoTAuthenticationMode during beg…
pennam Jan 27, 2025
1587be2
ArduinoIoTCloudTCP: reduce authMode variable scope
pennam Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions src/ArduinoIoTCloudTCP.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,20 +84,25 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
_connection = &connection;
_brokerAddress = brokerAddress;

ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE;
#if defined (BOARD_HAS_SECRET_KEY)
/* If board supports and sketch is configured for username and password login */
if(_password.length()) {
authMode = ArduinoIoTAuthenticationMode::PASSWORD;
}
#endif

/* Setup broker TLS client */
_brokerClient.begin(connection);
_brokerClient.begin(connection, authMode);

#if OTA_ENABLED
/* Setup OTA TLS client */
_otaClient.begin(connection);
#endif

#if defined (BOARD_HAS_SECRET_KEY)
/* If board is not configured for username and password login */
if(!_password.length())
/* If board is configured for certificate authentication and mTLS */
if(authMode == ArduinoIoTAuthenticationMode::CERTIFICATE)
{
#endif

#if defined(BOARD_HAS_SECURE_ELEMENT)
if (!_selement.begin())
{
Expand Down Expand Up @@ -130,14 +135,11 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
#endif
_brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? mqttPort() : brokerPort;
#endif

#if defined(BOARD_HAS_SECRET_KEY)
}
else
{
_brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? DEFAULT_BROKER_PORT_USER_PASS_AUTH : brokerPort;
}
#endif

/* Setup TimeService */
_time_service.begin(_connection);
Expand Down
1 change: 0 additions & 1 deletion src/ArduinoIoTCloudTCP.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,6 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
String _dataTopicOut;
String _dataTopicIn;


#if OTA_ENABLED
TLSClientOta _otaClient;
ArduinoCloudOTA _ota;
Expand Down
14 changes: 12 additions & 2 deletions src/tls/utility/TLSClientMqtt.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,23 +33,29 @@
}
#endif

void TLSClientMqtt::begin(ConnectionHandler & connection) {

void TLSClientMqtt::begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode) {

#if defined(BOARD_HAS_OFFLOADED_ECCX08)
/* Arduino Root CA is configured in nina-fw
* https://github.com/arduino/nina-fw/blob/master/arduino/libraries/ArduinoBearSSL/src/BearSSLTrustAnchors.h
*/
(void)authMode;
#elif defined(BOARD_HAS_ECCX08)
(void)authMode;
setClient(connection.getClient());
setProfile(aiotc_client_profile_init);
setTrustAnchors(ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM);
onGetTime(getTime);
#elif defined(ARDUINO_PORTENTA_C33)
(void)authMode;
setClient(connection.getClient());
setCACert(AIoTSSCert);
#elif defined(ARDUINO_NICLA_VISION)
(void)authMode;
appendCustomCACert(AIoTSSCert);
#elif defined(ARDUINO_EDGE_CONTROL)
(void)authMode;
appendCustomCACert(AIoTUPCert);
#elif defined(ARDUINO_UNOR4_WIFI)
/* Arduino Root CA is configured in uno-r4-wifi-usb-bridge fw >= 0.4.1
Expand All @@ -60,10 +66,14 @@ void TLSClientMqtt::begin(ConnectionHandler & connection) {
*/
(void)connection;
/* Temporary force CACert to add new CA without rebuilding firmware */
setCACert(AIoTSSCert);
if (authMode == ArduinoIoTAuthenticationMode::CERTIFICATE) {
setCACert(AIoTSSCert);
}
#elif defined(ARDUINO_ARCH_ESP32)
(void)authMode;
setCACert(AIoTUPCert);
#elif defined(ARDUINO_ARCH_ESP8266)
(void)authMode;
setInsecure();
#endif
}
Expand Down
9 changes: 8 additions & 1 deletion src/tls/utility/TLSClientMqtt.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@
#include <Arduino_ConnectionHandler.h>
#include <AIoTC_Config.h>

enum class ArduinoIoTAuthenticationMode
{
PASSWORD,
CERTIFICATE
};

#if defined(BOARD_HAS_OFFLOADED_ECCX08)
/*
* Arduino MKR WiFi1010 - WiFi
Expand All @@ -24,6 +30,7 @@
/*
* Arduino MKR GSM 1400
* Arduino MKR NB 1500
* Arduino NANO RP 2040
* Arduino Portenta H7
* Arduino Giga R1
* OPTA
Expand Down Expand Up @@ -64,6 +71,6 @@
#endif

public:
void begin(ConnectionHandler & connection);
void begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE);

};
1 change: 1 addition & 0 deletions src/tls/utility/TLSClientOta.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
/*
* Arduino MKR GSM 1400
* Arduino MKR NB 1500
* Arduino NANO RP 2040
* Arduino Portenta H7
* Arduino Giga R1
* OPTA
Expand Down
Loading