From 6b2b284fc6f8e29d02e37888c0ee44ad6ea80a0b Mon Sep 17 00:00:00 2001 From: Vladyslav Heneraliuk Date: Mon, 16 Dec 2024 18:24:23 +0200 Subject: [PATCH] moving to secure connections --- firmware/src/Constants.h | 20 ++++++++++++++++++++ firmware/src/JaamFirmware.cpp | 16 +++++++++------- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/firmware/src/Constants.h b/firmware/src/Constants.h index 1ab67810..0ad562f5 100644 --- a/firmware/src/Constants.h +++ b/firmware/src/Constants.h @@ -277,3 +277,23 @@ static const char* LEGACY_OPTIONS[LEGACY_OPTIONS_COUNT] = { "Початок на Одещині", "Плата JAAM 2.x", }; + +static const char jaam_cert[] PROGMEM = R"""( +-----BEGIN CERTIFICATE----- +MIICnzCCAiWgAwIBAgIQf/MZd5csIkp2FV0TttaF4zAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQw +MDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZp +Y2VzMQwwCgYDVQQDEwNXRTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvzTr+ +Z1dHTCEDhUDCR127WEcPQMFcF4XGGTfn1XzthkubgdnXGhOlCgP4mMTG6J7/EFmP +LCaY9eYmJbsPAvpWo4H+MIH7MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU +kHeSNWfE/6jMqeZ72YB5e8yT+TgwHwYDVR0jBBgwFoAUgEzW63T/STaj1dj8tT7F +avCUHYwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAChhhodHRwOi8vaS5wa2ku +Z29vZy9yNC5jcnQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2MucGtpLmdvb2cv +ci9yNC5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwMDaAAwZQIx +AOcCq1HW90OVznX+0RGU1cxAQXomvtgM8zItPZCuFQ8jSBJSjz5keROv9aYsAm5V +sQIwJonMaAFi54mrfhfoFNZEfuNMSQ6/bIBiNLiyoX46FohQvKeIoJ99cx7sUkFN +7uJW +-----END CERTIFICATE----- +)"""; diff --git a/firmware/src/JaamFirmware.cpp b/firmware/src/JaamFirmware.cpp index fd920899..1d0bb9b3 100644 --- a/firmware/src/JaamFirmware.cpp +++ b/firmware/src/JaamFirmware.cpp @@ -45,9 +45,9 @@ struct Settings { char devicedescription[51] = "JAAM Informer"; char broadcastname[31] = "jaam"; char ntphost[31] = "pool.ntp.org"; - char serverhost[31] = "alerts.net.ua"; - int websocket_port = 38440; - int updateport = 8090; + char serverhost[31] = "jaam.net.ua"; + int websocket_port = 2053; + int updateport = 2096; char bin_name[51] = ""; char identifier[51] = "github"; int legacy = 1; @@ -168,7 +168,7 @@ using namespace websockets; Preferences preferences; WiFiManager wm; -WiFiClient client; +WiFiClientSecure client; WebsocketsClient client_websocket; AsyncWebServer webserver(80); NTPtime timeClient(2); @@ -820,12 +820,13 @@ void handleUpdateStatus(t_httpUpdate_return ret, bool isSpiffsUpdate) { } void downloadAndUpdateFw(const char* binFileName, bool isBeta) { + client.setCACert(jaam_cert); char spiffUrlChar[100]; char firmwareUrlChar[100]; Serial.println("Building spiffs url..."); - sprintf(spiffUrlChar, "http://%s:%d%s%s", settings.serverhost, settings.updateport, isBeta ? "/beta/spiffs/spiffs_" : "/spiffs/spiffs_", binFileName); + sprintf(spiffUrlChar, "https://%s:%d%s%s", settings.serverhost, settings.updateport, isBeta ? "/beta/spiffs/spiffs_" : "/spiffs/spiffs_", binFileName); Serial.println("Building firmware url..."); - sprintf(firmwareUrlChar, "http://%s:%d%s%s", settings.serverhost, settings.updateport, isBeta ? "/beta/" : "/", binFileName); + sprintf(firmwareUrlChar, "https://%s:%d%s%s", settings.serverhost, settings.updateport, isBeta ? "/beta/" : "/", binFileName); Serial.printf("Spiffs url: %s\n", spiffUrlChar); t_httpUpdate_return spiffsRet = httpUpdate.updateSpiffs(client, spiffUrlChar, VERSION); @@ -2589,8 +2590,9 @@ void socketConnect() { client_websocket.onEvent(onEventsCallback); long startTime = millis(); char webSocketUrl[100]; - sprintf(webSocketUrl, "ws://%s:%d/data_v2", settings.serverhost, settings.websocket_port); + sprintf(webSocketUrl, "wss://%s:%d/data_v2", settings.serverhost, settings.websocket_port); Serial.println(webSocketUrl); + client_websocket.setCACert(jaam_cert); client_websocket.connect(webSocketUrl); if (client_websocket.available()) { Serial.print("connection time - ");