Skip to content

Fix UNO R4 WiFi username password authentication #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 28, 2025
+32 −13
Merged

Fix UNO R4 WiFi username password authentication #524

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a3fd185
Add missing comment about nano rp2040
pennam Jan 27, 2025
da6b106
Add ArduinoIoTAuthenticationMode enum
pennam Jan 27, 2025
78f6a35
TLSClientMqtt: add ArduinoIoTAuthenticationMode parameter
pennam Jan 27, 2025
3a50cc6
TLSClientMqtt: force CA only if UNOR4 is using CERTIFICATE auth mode
pennam Jan 27, 2025
cfc895c
ArduinoIoTCloudTCP: configure ArduinoIoTAuthenticationMode during beg…
pennam Jan 27, 2025
1587be2
ArduinoIoTCloudTCP: reduce authMode variable scope
pennam Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions src/ArduinoIoTCloudTCP.cpp
View file
Original file line number Diff line number Diff line change
@@ -84,20 +84,25 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
_connection = &connection;
_brokerAddress = brokerAddress;

ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE;
#if defined (BOARD_HAS_SECRET_KEY)
/* If board supports and sketch is configured for username and password login */
if(_password.length()) {
authMode = ArduinoIoTAuthenticationMode::PASSWORD;
}
#endif

/* Setup broker TLS client */
_brokerClient.begin(connection);
_brokerClient.begin(connection, authMode);

#if OTA_ENABLED
/* Setup OTA TLS client */
_otaClient.begin(connection);
#endif

#if defined (BOARD_HAS_SECRET_KEY)
/* If board is not configured for username and password login */
if(!_password.length())
/* If board is configured for certificate authentication and mTLS */
if(authMode == ArduinoIoTAuthenticationMode::CERTIFICATE)
{
#endif

#if defined(BOARD_HAS_SECURE_ELEMENT)
if (!_selement.begin())
{
@@ -130,14 +135,11 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_
#endif
_brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? mqttPort() : brokerPort;
#endif

#if defined(BOARD_HAS_SECRET_KEY)
}
else
{
_brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? DEFAULT_BROKER_PORT_USER_PASS_AUTH : brokerPort;
}
#endif

/* Setup TimeService */
_time_service.begin(_connection);
1 change: 0 additions & 1 deletion src/ArduinoIoTCloudTCP.h
View file
Original file line number Diff line number Diff line change
@@ -162,7 +162,6 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
String _dataTopicOut;
String _dataTopicIn;


#if OTA_ENABLED
TLSClientOta _otaClient;
ArduinoCloudOTA _ota;
14 changes: 12 additions & 2 deletions src/tls/utility/TLSClientMqtt.cpp
View file
Original file line number Diff line number Diff line change
@@ -33,23 +33,29 @@
}
#endif

void TLSClientMqtt::begin(ConnectionHandler & connection) {

void TLSClientMqtt::begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode) {

#if defined(BOARD_HAS_OFFLOADED_ECCX08)
/* Arduino Root CA is configured in nina-fw
* https://github.com/arduino/nina-fw/blob/master/arduino/libraries/ArduinoBearSSL/src/BearSSLTrustAnchors.h
*/
(void)authMode;
#elif defined(BOARD_HAS_ECCX08)
(void)authMode;
setClient(connection.getClient());
setProfile(aiotc_client_profile_init);
setTrustAnchors(ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM);
onGetTime(getTime);
#elif defined(ARDUINO_PORTENTA_C33)
(void)authMode;
setClient(connection.getClient());
setCACert(AIoTSSCert);
#elif defined(ARDUINO_NICLA_VISION)
(void)authMode;
appendCustomCACert(AIoTSSCert);
#elif defined(ARDUINO_EDGE_CONTROL)
(void)authMode;
appendCustomCACert(AIoTUPCert);
#elif defined(ARDUINO_UNOR4_WIFI)
/* Arduino Root CA is configured in uno-r4-wifi-usb-bridge fw >= 0.4.1
@@ -60,10 +66,14 @@ void TLSClientMqtt::begin(ConnectionHandler & connection) {
*/
(void)connection;
/* Temporary force CACert to add new CA without rebuilding firmware */
setCACert(AIoTSSCert);
if (authMode == ArduinoIoTAuthenticationMode::CERTIFICATE) {
setCACert(AIoTSSCert);
}
#elif defined(ARDUINO_ARCH_ESP32)
(void)authMode;
setCACert(AIoTUPCert);
#elif defined(ARDUINO_ARCH_ESP8266)
(void)authMode;
setInsecure();
#endif
}
9 changes: 8 additions & 1 deletion src/tls/utility/TLSClientMqtt.h
View file
Original file line number Diff line number Diff line change
@@ -13,6 +13,12 @@
#include <Arduino_ConnectionHandler.h>
#include <AIoTC_Config.h>

enum class ArduinoIoTAuthenticationMode
{
PASSWORD,
CERTIFICATE
};

#if defined(BOARD_HAS_OFFLOADED_ECCX08)
/*
* Arduino MKR WiFi1010 - WiFi
@@ -24,6 +30,7 @@
/*
* Arduino MKR GSM 1400
* Arduino MKR NB 1500
* Arduino NANO RP 2040
* Arduino Portenta H7
* Arduino Giga R1
* OPTA
@@ -64,6 +71,6 @@
#endif

public:
void begin(ConnectionHandler & connection);
void begin(ConnectionHandler & connection, ArduinoIoTAuthenticationMode authMode = ArduinoIoTAuthenticationMode::CERTIFICATE);

};
1 change: 1 addition & 0 deletions src/tls/utility/TLSClientOta.h
View file
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@
/*
* Arduino MKR GSM 1400
* Arduino MKR NB 1500
* Arduino NANO RP 2040
* Arduino Portenta H7
* Arduino Giga R1
* OPTA