KBF-41 make SSL certificates configurable in http::Server

include/kbf/http/server.h

@@ -89,10 +89,16 @@ namespace kbf::http {
         /**
          * @brief Starts the server in SSL (HTTPS) mode.
          *
+         * @param cert_start start of the certificate
+         * @param cert_end end of the certificate
+         * @param key_start start of the private key
+         * @param key_end end of the private key
          * @param port TCP port, default is 443
          * @return *this (to enable builder-like syntax)
          */
-        Server &startSSL(int port = 443);
+        Server &startSSL(const unsigned char *cert_start, const unsigned char *cert_end,
+                         const unsigned char *key_start, const unsigned char *key_end,
+                         int port = 443);
 
         /**
          * @brief Stops the HTTP server.

src/http/server.cpp

@@ -33,8 +33,10 @@ http::Server &http::Server::start(int port) {
     return *this;
 }
 
-http::Server &http::Server::startSSL(int port) {
-    ESP_LOGI(TAG, "startSSL(%d)", port);
+http::Server &http::Server::startSSL(const unsigned char *cert_start, const unsigned char *cert_end,
+                                     const unsigned char *key_start, const unsigned char *key_end,
+                                     int port) {
+    ESP_LOGI(TAG, "%s(%d)", __func__, port);
     if (running) {
         ESP_LOGE(TAG, "server already running");
         ABORT("fix me");
@@ -42,16 +44,10 @@ http::Server &http::Server::startSSL(int port) {
 
     handle = nullptr;
     httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT();
-
-    extern const unsigned char cacert_pem_start[] asm("_binary_cert_pem_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_cert_pem_end");
-    conf.cacert_pem = cacert_pem_start;
-    conf.cacert_len = cacert_pem_end - cacert_pem_start;
-
-    extern const unsigned char prvtkey_pem_start[] asm("_binary_key_pem_start");
-    extern const unsigned char prvtkey_pem_end[]   asm("_binary_key_pem_end");
-    conf.prvtkey_pem = prvtkey_pem_start;
-    conf.prvtkey_len = prvtkey_pem_end - prvtkey_pem_start;
+    conf.cacert_pem  = cert_start;
+    conf.cacert_len  = cert_end - cert_start;
+    conf.prvtkey_pem = key_start;
+    conf.prvtkey_len = key_end - key_start;
 
     CHECK(httpd_ssl_start(&handle, &conf));
 
@@ -62,7 +58,7 @@ http::Server &http::Server::startSSL(int port) {
 }
 
 void http::Server::registerUriHandlers() {
-    ESP_LOGI(TAG, "registering URI handlers");
+    ESP_LOGD(TAG, "%s()", __func__);
     for (auto &route : routes) {
         ESP_LOGI(TAG, "  method: %d; uri: %s", static_cast<int>(route.method), route.uri.c_str());
         httpd_uri_t uriHandler = {
@@ -76,6 +72,7 @@ void http::Server::registerUriHandlers() {
 }
 
 void http::Server::stop() {
+    ESP_LOGI(TAG, "%s()", __func__);
     CHECK(httpd_stop(handle));
     running = false;
 }
@@ -91,7 +88,7 @@ static string getDefaultStatusText(int status) {
 
 esp_err_t http::Server::handleHttpRequest(httpd_req_t *httpdRequest) {
     auto route = static_cast<Route *>(httpdRequest->user_ctx);
-    ESP_LOGD(TAG, "handleHttpRequest; method: %d, path: \"%s\"", httpdRequest->method, route->uri.c_str());
+    ESP_LOGD(TAG, "%s; method: %d, path: \"%s\"", __func__, httpdRequest->method, route->uri.c_str());
 
     auto request  = Request(httpdRequest);
     auto response = route->handler(request, route->data);

test/test_https.cpp

@@ -17,6 +17,8 @@ extern const unsigned char cert_pem_start[] asm("_binary_cert_pem_start");
 extern const unsigned char cert_pem_end[]   asm("_binary_cert_pem_end");
 extern const unsigned char cert_wrong_pem_start[] asm("_binary_wrong_cert_pem_start");
 extern const unsigned char cert_wrong_pem_end[]   asm("_binary_wrong_cert_pem_end");
+extern const unsigned char key_pem_start[] asm("_binary_key_pem_start");
+extern const unsigned char key_pem_end[]   asm("_binary_key_pem_end");
 
 static void assert_fail(http::Client &client, const string &message) {
     bool caught = false;
@@ -45,7 +47,7 @@ TEST_CASE("HTTPS GET", "[kbf_http]") {
         return http::Response("OK");
     }};
     server.route({http::GET, "/get-me", handleGet, nullptr});
-    server.startSSL();
+    server.startSSL(cert_pem_start, cert_pem_end, key_pem_start, key_pem_end);
     TEST_ASSERT_TRUE(server.isRunning())
 
     auto client = http::Client();
@@ -86,7 +88,7 @@ TEST_CASE("HTTPS async", "[broken]") {
     }};
     auto server = http::Server()
             .route({http::GET, "/", handleRequest, nullptr})
-            .startSSL();
+            .startSSL(cert_pem_start, cert_pem_end, key_pem_start, key_pem_end);
 
     auto client = http::Client(true);
     client.onSuccess = {[](http::Client &client, const http::Response &response) {

test_app/main/CMakeLists.txt

@@ -3,8 +3,6 @@ idf_component_register(
         INCLUDE_DIRS "."
 
         EMBED_TXTFILES
-        "certs/cacert.pem"
-        "certs/prvtkey.pem"
         "certs/cert.pem"
         "certs/key.pem"
         "certs/wrong_cert.pem"

test_app/main/certs/cacert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDzCCAfegAwIBAgIUDdzYo6ANlTi9J0HbGea7tpGXnacwDQYJKoZIhvcNAQEL
-BQAwFzEVMBMGA1UEAwwMS0JGIFNTTCB0ZXN0MB4XDTIxMDQyNzA4NTE1NFoXDTMx
-MDQyNTA4NTE1NFowFzEVMBMGA1UEAwwMS0JGIFNTTCB0ZXN0MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLHIG2k+Y7mZ/Uq9hR1eDkCv8dS7ceuK0X/S
-R3Dkq8PAGIEm+xH3MRcxT3CyhA06P0RhZMke9NZqA7E51qpT0e7REENto5LrYUuX
-HtU5jAGE9da6kwDa4ZbeJQeib4ppTZICjkiTzMZMy7xNL/xF6jWjMbwXSJaRcutB
-OusQ3pQOnCfXDLsas+zY+j6uydPl6AMCP6ZIXpr7Vt//H6CkJNENUdNnPgFIV1rm
-belvuw/YaIcOTdpm9YnIoeTvwoTb4hSfl8dDVjGrd3bzbvEzxwBypx2UgN3JvxpP
-/DQLbUGiDnvFUhrs4p2nGkyYK14H0hbdUmtRgDNCDofVL948KQIDAQABo1MwUTAd
-BgNVHQ4EFgQUwvXLD/DTPrgU6VjoAnpgTPRmjbEwHwYDVR0jBBgwFoAUwvXLD/DT
-PrgU6VjoAnpgTPRmjbEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
-AQEAhMOsfKWVKrs1uZt6AjM4PVW23TN0qb0/80lnkLIPKTz5eJmI8ZJJPZaSfNfj
-lDrdvx1wGzp5QpHt0utYw6pqm+TOqCjUB9fejHGbdZ/jVBFwDX/UHAsi8bG56znw
-OSXd/80vf+tuS1m5aLaG838L3RCjUxGcJF8FDk8eiYAfWvHiX7u3wcvRjgI22tIl
-b04XeqIuBMqHvW++PTrHVIPkjO3lmAYMF1dSnZw0RyB2rSCDXXMzrhEHiDiDvzgC
-uH9jWM5VbuQk6CQjSmYhbOT9mAZ84zeigzFE/ZldskMzyxJ5dmRO51lz1mzcWS4f
-YVG3Yq1mWyBCfKe6TBap0e3i+g==
------END CERTIFICATE-----

test_app/main/certs/prvtkey.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDMscgbaT5juZn9
-Sr2FHV4OQK/x1Ltx64rRf9JHcOSrw8AYgSb7EfcxFzFPcLKEDTo/RGFkyR701moD
-sTnWqlPR7tEQQ22jkuthS5ce1TmMAYT11rqTANrhlt4lB6JvimlNkgKOSJPMxkzL
-vE0v/EXqNaMxvBdIlpFy60E66xDelA6cJ9cMuxqz7Nj6Pq7J0+XoAwI/pkhemvtW
-3/8foKQk0Q1R02c+AUhXWuZt6W+7D9hohw5N2mb1icih5O/ChNviFJ+Xx0NWMat3
-dvNu8TPHAHKnHZSA3cm/Gk/8NAttQaIOe8VSGuzinacaTJgrXgfSFt1Sa1GAM0IO
-h9Uv3jwpAgMBAAECggEAeT3sSuAhhiwPG8pDSy9D4KlMDa91f1qGlORjBtHFgD+n
-7lvBXQEdK0STfnxAIJs9HvA/x9Sgs2C01o8ItS+aCkSsLDfkHvkM1kpRrn+ZYGYd
-/Qc854mgG/Kijchh3DNdgAa14NT4RlhGcH6OMZf5SWqPyQuhtusIJ8tUjbNiAJMe
-FuB97oL/lQDkFGUkosQtdZRP8kW3GFQuTi+y3uucTAao/7TYUdLRm6XKc4yhkPNE
-QgPgKePh4mfQjCNg/leAZgZqzzq1Ulcm3HntVXa64MO+nM7M+pDWOEcUgYoJML5e
-dgrCvfxZdl15e+oLRuRMnivkOaQg6kGnB0vAzoF3AQKBgQDyvvFWre7cLzedaUEa
-obmngYhVNiLEA4HyObqHGNvImtvf4QKh/fc+9QYy65kjznl4P9ytz1hqveLiky07
-8jUvhHRYCghl/g/BHKUMAnYKES/Ivu6LENouqYYcCqPDyT4fcTzEFlctPYDGQCfN
-4Si7iUV0idyQQoF9rZpQETZvWQKBgQDX3vaa3KX66F3bSS1spAcyPa9OYjQyr0DT
-LbMRLovNyMz0hkNZicaPxX7UIbRppLlfjo43MtZ69LPlwSLLtyRTrlDOQ1UGwNED
-xh0Iu15eEE5QPUZU1ZpR6dHmQHluLQ7l8Y9nhz4PlVhJNqjndZ5UzUrlxcxz7uvi
-ybcckBXpUQKBgQCsrK0KZsHB+QiLveKk6iQhhqAPVWoXmxMl1nDcRw+YvKfpsqrn
-xrvJGg0lzbfq46Y+ptb5AMS5cYfieqUzvlCdE5CbS8+7laVpTlINn/aNpLokB8Wy
-QPOjO839RohF7nJ1dVyvc+Dhep2O6PYnmqIZ/UTd6G9wYw6v8v0RNZ1OSQKBgQDM
-FDBlBTYxN14LwmmcLJHVEHXcD4EzbXVGcAy6sJtgp3YDsa6YRmUeZGJbn6WUvjK1
-wOp4CqqzwQUVrvn7Rx+jsMcZyJPod37iJ3gpWiGDoby3pMYJy4pB6GAUYl2qKBTO
-lAizoiqsxs6ZIICbmRlfKFmnUdDQxU3hsDtZWGoukQKBgQDGejnc+whsG7wO3F9r
-DTFJerOxR3r67IDF2UPMQFgfoN9qpEqXuMBcZIGtlouxI4ziZicrNFk+o5QB6ODr
-7wcEOhinSnMC1iRkCFDeCnIh1pJXlnNXglnqmbx2AC74K5Q7Ij8lyzDXNuLOpkg8
-QOc+7JvkDM65Vq7tTTzaV0QQYw==
------END PRIVATE KEY-----