Move BearSSLHelpers into BearSSL namespace

BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created.  Move them to the proper
namespace with the following mapping:
    BearSSLX509List => BearSSL::X509List
    BearSSLSession => BearSSL::Session
    BearSSLPublicKey => BearSSL::PublicKey
    BearSSLPrivateKey => BearSSL::PrivateKey

Author: Earle F. Philhower, III

libraries/ESP8266HTTPUpdateServer/examples/SecureBearSSLUpdater/SecureBearSSLUpdater.ino

@@ -101,7 +101,7 @@ void setup()
 
   MDNS.begin(host);
 
-  httpServer.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey));
+  httpServer.setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey));
   httpUpdater.setup(&httpServer, update_path, update_username, update_password);
   httpServer.begin();
 

libraries/ESP8266WebServer/examples/HelloServerBearSSL/HelloServerBearSSL.ino

@@ -123,7 +123,7 @@ void setup(void){
     Serial.println("MDNS responder started");
   }
 
-  server.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey));
+  server.setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey));
 
   server.on("/", handleRoot);
 

libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.cpp

@@ -46,12 +46,12 @@ ESP8266WebServerSecure::ESP8266WebServerSecure(int port)
 {
 }
 
-void ESP8266WebServerSecure::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk)
+void ESP8266WebServerSecure::setRSACert(const X509List *chain, const PrivateKey *sk)
 {
   _serverSecure.setRSACert(chain, sk);
 }
 
-void ESP8266WebServerSecure::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk)
+void ESP8266WebServerSecure::setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk)
 {
   _serverSecure.setECCert(chain, cert_issuer_key_type, sk);
 }
@@ -83,7 +83,7 @@ void ESP8266WebServerSecure::begin() {
 
 void ESP8266WebServerSecure::handleClient() {
   if (_currentStatus == HC_NONE) {
-    BearSSL::WiFiClientSecure client = _serverSecure.available();
+    WiFiClientSecure client = _serverSecure.available();
     if (!client) {
       return;
     }
@@ -136,7 +136,7 @@ void ESP8266WebServerSecure::handleClient() {
   }
 
   if (!keepCurrentClient) {
-    _currentClientSecure = BearSSL::WiFiClientSecure();
+    _currentClientSecure = WiFiClientSecure();
     _currentStatus = HC_NONE;
     _currentUpload.reset();
   }

libraries/ESP8266WebServer/src/ESP8266WebServerSecureBearSSL.h

@@ -37,8 +37,8 @@ class ESP8266WebServerSecure : public ESP8266WebServer
   virtual ~ESP8266WebServerSecure();
 
   void setBufferSizes(int recv, int xmit);
-  void setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk);
-  void setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk);
+  void setRSACert(const X509List *chain, const PrivateKey *sk);
+  void setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk);
 
   WiFiClient client() override { return _currentClientSecure; }
 
@@ -61,8 +61,8 @@ class ESP8266WebServerSecure : public ESP8266WebServer
   size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); }
 
 protected:
-  BearSSL::WiFiServerSecure _serverSecure;
-  BearSSL::WiFiClientSecure _currentClientSecure;
+  WiFiServerSecure _serverSecure;
+  WiFiClientSecure _currentClientSecure;
 };
 
 };

libraries/ESP8266WiFi/examples/BearSSL_Server/BearSSL_Server.ino

@@ -121,8 +121,8 @@ void setup() {
   Serial.println(WiFi.localIP());
 
   // Attach the server private cert/key combo
-  BearSSLX509List *serverCertList = new BearSSLX509List(server_cert);
-  BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key);
+  BearSSL::X509List *serverCertList = new BearSSL::X509List(server_cert);
+  BearSSL::PrivateKey *serverPrivKey = new BearSSL::PrivateKey(server_private_key);
   server.setRSACert(serverCertList, serverPrivKey);
 
   // Actually start accepting connections

libraries/ESP8266WiFi/examples/BearSSL_ServerClientCert/BearSSL_ServerClientCert.ino

@@ -197,12 +197,12 @@ void setup() {
   setClock(); // Required for X.509 validation
 
   // Attach the server private cert/key combo
-  BearSSLX509List *serverCertList = new BearSSLX509List(server_cert);
-  BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key);
+  BearSSL::X509List *serverCertList = new BearSSL::X509List(server_cert);
+  BearSSL::PrivateKey *serverPrivKey = new BearSSL::PrivateKey(server_private_key);
   server.setRSACert(serverCertList, serverPrivKey);
 
   // Require a certificate validated by the trusted CA
-  BearSSLX509List *serverTrustedCA = new BearSSLX509List(ca_cert);
+  BearSSL::X509List *serverTrustedCA = new BearSSL::X509List(ca_cert);
   server.setClientTrustAnchor(serverTrustedCA);
 
   // Actually start accepting connections

libraries/ESP8266WiFi/examples/BearSSL_Sessions/BearSSL_Sessions.ino

@@ -119,7 +119,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
 )EOF";
   uint32_t start, finish;
   BearSSL::WiFiClientSecure client;
-  BearSSLX509List cert(digicert);
+  BearSSL::X509List cert(digicert);
 
   Serial.printf("Connecting without sessions...");
   start = millis();
@@ -128,7 +128,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
   finish = millis();
   Serial.printf("Total time: %dms\n", finish - start);
 
-  BearSSLSession session;
+  BearSSL::Session session;
   client.setSession(&session);
   Serial.printf("Connecting with an unitialized session...");
   start = millis();

libraries/ESP8266WiFi/examples/BearSSL_Validation/BearSSL_Validation.ino

@@ -144,7 +144,7 @@ wQIDAQAB
 -----END PUBLIC KEY-----
 )KEY";
   BearSSL::WiFiClientSecure client;
-  BearSSLPublicKey key(pubkey);
+  BearSSL::PublicKey key(pubkey);
   client.setKnownKey(&key);
   fetchURL(&client, host, port, path);
 }
@@ -186,7 +186,7 @@ BearSSL does verify the notValidBefore/After fields.
 )EOF");
 
   BearSSL::WiFiClientSecure client;
-  BearSSLX509List cert(digicert);
+  BearSSL::X509List cert(digicert);
   client.setTrustAnchors(&cert);
   Serial.printf("Try validating without setting the time (should fail)\n");
   fetchURL(&client, host, port, path);

libraries/ESP8266WiFi/keywords.txt

@@ -19,11 +19,14 @@ WiFiServerSecure	KEYWORD1
 WiFiUDP	KEYWORD1
 WiFiClientSecure	KEYWORD1
 ESP8266WiFiMulti	KEYWORD1
-BearSSLX509List	KEYWORD1
-BearSSLPrivateKey	KEYWORD1
-BearSSLPublicKey	KEYWORD1
+BearSSL	KEYWORD1
+X509List	KEYWORD1
+PrivateKey	KEYWORD1
+PublicKey	KEYWORD1
 CertStoreSPIFFSBearSSL	KEYWORD1
 CertStoreSDBearSSL	KEYWORD1
+Session	KEYWORD1
+
 
 #######################################
 # Methods and Functions (KEYWORD2)

libraries/ESP8266WiFi/src/BearSSLHelpers.cpp

@@ -622,33 +622,36 @@ namespace brssl {
 };
 
 
+namespace BearSSL {
+
+
 // ----- Public Key -----
 
-BearSSLPublicKey::BearSSLPublicKey() {
+PublicKey::PublicKey() {
   _key = nullptr;
 }
 
-BearSSLPublicKey::BearSSLPublicKey(const char *pemKey) {
+PublicKey::PublicKey(const char *pemKey) {
   _key = nullptr;
   parse(pemKey);
 }
 
-BearSSLPublicKey::BearSSLPublicKey(const uint8_t *derKey, size_t derLen) {
+PublicKey::PublicKey(const uint8_t *derKey, size_t derLen) {
   _key = nullptr;
   parse(derKey, derLen);
 }
 
-BearSSLPublicKey::~BearSSLPublicKey() {
+PublicKey::~PublicKey() {
   if (_key) {
     brssl::free_public_key(_key);
   }
 }
 
-bool BearSSLPublicKey::parse(const char *pemKey) {
+bool PublicKey::parse(const char *pemKey) {
   return parse((const uint8_t *)pemKey, strlen_P(pemKey));
 }
 
-bool BearSSLPublicKey::parse(const uint8_t *derKey, size_t derLen) {
+bool PublicKey::parse(const uint8_t *derKey, size_t derLen) {
   if (_key) {
     brssl::free_public_key(_key);
     _key = nullptr;
@@ -657,28 +660,28 @@ bool BearSSLPublicKey::parse(const uint8_t *derKey, size_t derLen) {
   return _key ? true : false;
 }
 
-bool BearSSLPublicKey::isRSA() const {
+bool PublicKey::isRSA() const {
   if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
     return false;
   }
   return true;
 }
 
-bool BearSSLPublicKey::isEC() const {
+bool PublicKey::isEC() const {
   if (!_key || _key->key_type != BR_KEYTYPE_EC) {
     return false;
   }
   return true;
 }
 
-const br_rsa_public_key *BearSSLPublicKey::getRSA() const {
+const br_rsa_public_key *PublicKey::getRSA() const {
   if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
     return nullptr;
   }
   return &_key->key.rsa;
 }
 
-const br_ec_public_key *BearSSLPublicKey::getEC() const {
+const br_ec_public_key *PublicKey::getEC() const {
   if (!_key || _key->key_type != BR_KEYTYPE_EC) {
     return nullptr;
   }
@@ -687,31 +690,31 @@ const br_ec_public_key *BearSSLPublicKey::getEC() const {
 
 // ----- Private Key -----
 
-BearSSLPrivateKey::BearSSLPrivateKey() {
+PrivateKey::PrivateKey() {
   _key = nullptr;
 }
 
-BearSSLPrivateKey::BearSSLPrivateKey(const char *pemKey) {
+PrivateKey::PrivateKey(const char *pemKey) {
   _key = nullptr;
   parse(pemKey);
 }
 
-BearSSLPrivateKey::BearSSLPrivateKey(const uint8_t *derKey, size_t derLen) {
+PrivateKey::PrivateKey(const uint8_t *derKey, size_t derLen) {
   _key = nullptr;
   parse(derKey, derLen);
 }
 
-BearSSLPrivateKey::~BearSSLPrivateKey() {
+PrivateKey::~PrivateKey() {
   if (_key) {
     brssl::free_private_key(_key);
   }
 }
 
-bool BearSSLPrivateKey::parse(const char *pemKey) {
+bool PrivateKey::parse(const char *pemKey) {
   return parse((const uint8_t *)pemKey, strlen_P(pemKey));
 }
 
-bool BearSSLPrivateKey::parse(const uint8_t *derKey, size_t derLen) {
+bool PrivateKey::parse(const uint8_t *derKey, size_t derLen) {
   if (_key) {
     brssl::free_private_key(_key);
     _key = nullptr;
@@ -720,68 +723,70 @@ bool BearSSLPrivateKey::parse(const uint8_t *derKey, size_t derLen) {
   return _key ? true : false;
 }
 
-bool BearSSLPrivateKey::isRSA() const {
+bool PrivateKey::isRSA() const {
   if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
     return false;
   }
   return true;
 }
 
-bool BearSSLPrivateKey::isEC() const {
+bool PrivateKey::isEC() const {
   if (!_key || _key->key_type != BR_KEYTYPE_EC) {
     return false;
   }
   return true;
 }
 
-const br_rsa_private_key *BearSSLPrivateKey::getRSA() const {
+const br_rsa_private_key *PrivateKey::getRSA() const {
   if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
     return nullptr;
   }
   return &_key->key.rsa;
 }
 
-const br_ec_private_key *BearSSLPrivateKey::getEC() const {
+const br_ec_private_key *PrivateKey::getEC() const {
   if (!_key || _key->key_type != BR_KEYTYPE_EC) {
     return nullptr;
   }
   return &_key->key.ec;
 }
 
-BearSSLX509List::BearSSLX509List() {
+// ----- Certificate Lists -----
+
+X509List::X509List() {
   _count = 0;
   _cert = nullptr;
   _ta = nullptr;
 }
 
-BearSSLX509List::BearSSLX509List(const char *pemCert) {
+X509List::X509List(const char *pemCert) {
   _count = 0;
   _cert = nullptr;
   _ta = nullptr;
   append(pemCert);
 }
 
 
-BearSSLX509List::BearSSLX509List(const uint8_t *derCert, size_t derLen) {
+X509List::X509List(const uint8_t *derCert, size_t derLen) {
   _count = 0;
   _cert = nullptr;
   _ta = nullptr;
   append(derCert, derLen);
 }
 
-BearSSLX509List::~BearSSLX509List() {
+X509List::~X509List() {
   brssl::free_certificates(_cert, _count); // also frees cert
   for (size_t i = 0; i < _count; i++) {
     brssl::free_ta_contents(&_ta[i]);
   }
   free(_ta);
 }
 
-bool BearSSLX509List::append(const char *pemCert) {
+bool X509List::append(const char *pemCert) {
   return append((const uint8_t *)pemCert, strlen_P(pemCert));
 }
 
-bool BearSSLX509List::append(const uint8_t *derCert, size_t derLen) {
+bool X509List::append(const uint8_t *derCert, size_t derLen) {
   size_t numCerts;
   br_x509_certificate *newCerts = brssl::read_certificates((const char *)derCert, derLen, &numCerts);
   if (!newCerts) {
@@ -819,3 +824,6 @@ bool BearSSLX509List::append(const uint8_t *derCert, size_t derLen) {
 
   return true;
 }
+
+};
+