ESP8266-Arduino网络编程实例-HTTPS客户端数据请求

HTTPS客户端数据请求

超文本传输协议安全 (HTTPS) 是 HTTP的安全版本，HTTP 是用于在 Web 浏览器和网站之间发送数据的主要协议。HTTPS 经过加密，以提高数据传输的安全性。当用户传输敏感数据（例如通过登录银行账户、电子邮件服务或健康保险提供商）时，这一点尤其重要。

从技术上来讲，HTTPS 并不是独立于 HTTP 的协议。它只是在 HTTP 协议的基础上使用 TLS/SSL 加密。HTTPS 基于 TLS/SSL 证书的传输而发生，该证书验证特定提供商就是他们声称的身份。

当用户连接网页时，该网页将通过其 SSL 证书发送，证书包含启动安全会话所需的公钥。然后，两台计算机（客户端和服务器）将经历一个称为 SSL/TLS 握手的过程，即用于建立安全连接的一系列来回通信。

本文将演示如何创建一个HTTPS客户端并发起数据请求。

1、HTTPS客户端证书创建

ESP8266的Arduino工具库中，提供了一个用于指定服务器地址的HTTPS证书的生成。其位置为：

https://github.com/esp8266/Arduino/blob/master/tools/cert.py

在Windows下运行该Python脚本的命令如下（以QQ为例）：

python cert.py -s www.qq.com -n qq> qq_cert.h

生成的结果如下：

// this file is autogenerated - any modification will be overwritten
// unused symbols will not be linked in the final binary
// generated on 2022-10-07 10:15:54
// by ['d:\\Arduino\\tools\\cert.py', '-s', 'www.qq.com', '-n', 'qq']

#pragma once


// certificate chain for www.qq.com:443

const char\* qq_host = "www.qq.com";
const uint16\_t qq_port = 443;

// CN: may29-2022-1.ias.qq.com => name: may29\_2022\_1\_ias\_qq\_com
// not valid before: 2022-05-28 00:00:00
// not valid after: 2023-05-30 23:59:59
const char fingerprint_may29_2022_1_ias_qq_com [] PROGMEM = "c9:ca:a1:55:bb:29:48:09:0d:a3:7f:bc:da:7e:63:3d:c4:bc:19:62";
const char pubkey_may29_2022_1_ias_qq_com [] PROGMEM = R"PUBKEY(
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6JeIvRccRiIg/hgRM2NO
75wmD9h9owsKYp58NaJv+Ztu+svSqZY7vgBv/LQjGNGDWNpYFhqHk+ui0nggBhdz
NFej0l/avRmpsVEgw1naCmgD0Nw5Yweah56YIrvu5K5Dq5UogL/nLjWlEGWjjRej
In7k3Z8MaPyXIWYkwlZy29UNveOI+4ybzRwSm4KvFcLu1JwBVZjCHUKb0wwnS8fz
NlxyDQ5sIfWQfkq/EMUQErhRcHxyxmOd5OtBg24lTwVtCjtAK5U/ENG3slKMSciE
XAPd6y7CoQIx4vwzsOx6l14nM1KjnrcL7eioYN8j2ythhz9t7Cp/7dQq/dnjpQ3y
swIDAQAB
-----END PUBLIC KEY-----
)PUBKEY";

// http://cacerts.digicert.cn/DigiCertSecureSiteCNCAG3.crt
// CN: DigiCert Secure Site CN CA G3 => name: DigiCert\_Secure\_Site\_CN\_CA\_G3
// not valid before: 2020-03-13 12:00:00
// not valid after: 2030-03-13 12:00:00
const char cert_DigiCert_Secure_Site_CN_CA_G3 [] PROGMEM = R"CERT(
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIQBsk1GubwrG6wBvsMKqcyQTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMDAzMTMxMjAwMDBaFw0zMDAzMTMxMjAwMDBaMEwxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJjAkBgNVBAMTHURpZ2lDZXJ0IFNlY3Vy
ZSBTaXRlIENOIENBIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
8FvLH8zXOPwMrB5ZEdaUtfupXVj3ADIIt9uabxZnmnOJVeER4gBDBmuZ/5zvatiK
LqzE05lw03rvSXjiWjAwGSZQWbxz4qUIxGxOpvypsW5tbvcnKkPG9vs2tj+u+KSK
CCMA792c4rroXOBHjlQHl+ET+xnWc3nxobw7yL1vThEcBkCsLiu4BE5eETMzEplu
Z5hVT31EISTkU+L2qoVPqvl2vCLKmb4iKJYHpGIm1qVGRgf54kxfhRl9rEu4k2rQ
eUaJh4r5dKz1y0TFBwLIAM4nwGVc61H5S874Mt1Zw5i2kxnRymMNg5FFuCkQFIrj
UlFvlDohMoBNRvbtzHQAHQIDAQABo4IBzzCCAcswHQYDVR0OBBYEFETZyEozjtNS
jaeSlGEfmsilt+zLMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4G
A1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYD
VR0TAQH/BAgwBgEB/wIBADAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9j
cmwuZGlnaWNlcnQuY24vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMIHOBgNVHSAE
gcYwgcMwgcAGBFUdIAAwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0
aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBh
cnR5IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9ycGEtdWEwDQYJKoZIhvcNAQELBQADggEBAIEbzergTPhY7dFwqeIB+fRlzYgI
fo40x1uqb+sH3imvCC5V57mSVVPXwEe2hDHCpo2+zGGqot60EkVtLF0+bUpCXffc
3mzVx6ti7GX+znUK5Vh41aoNy1AUara/iWQbcUXo32BrRPmXE+kMzt3VWxQE6ybP
r/l4SAcusEOmuwCTzzkTRttvWCa9VLgY5SsZ0jIj+/eRvQJRxv8x24/HrTI95OMo
+cTFs6iaigj+k85GmxtbpYEJJ4M8E6AtrBQ/i6/jhVY5RssEcxn0sUEvl8Lpxnlr
vyedD9l6digYDmB5jATBq8i8aaLiD7gyah3GHeziwuKmebv3CeTy44o+ORM=
-----END CERTIFICATE-----
)CERT";

// end of certificate chain for www.qq.com:443

脚本生成三个数据：

证书指纹
公钥
证书

在下面的演示中，将使用到证书指纹。

2、HTTPS客户创建及数据请求

1）导入依赖头文件

#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <ESP8266HTTPClient.h>
#include <WiFiClientSecureBearSSL.h>

2）创建证书指纹

根据前面创建指定Web服务器证书的方法创建证书指纹

1
2
3

const uint8\_t fingerprint[20] = 
  {0xc9,0xca,0xa1,0x55,0xbb,0x29,0x48,0x09,0x0d,0xa3,0x7f,0xbc,0xda,0x7e,0x63,0x3d,0xc4,0xbc,0x19,0x62};

3）连接WiFi

在setup函数中连接WiFi

WiFi.begin("SSID", "SSID\_PWD");

   Serial.print("Connecting");
   while (WiFi.status() != WL_CONNECTED)
   {
     delay(500);
     Serial.print(".");
   }
   Serial.println();

   Serial.print("Connected\r\nIP address: ");
   Serial.println(WiFi.localIP());
   Serial.print("macAddress:");
   Serial.println(WiFi.macAddress());
   Serial.print("subnetMask:");
   Serial.println(WiFi.subnetMask());
   Serial.print("gatewayIP:");
   Serial.println(WiFi.gatewayIP());

4）创建安全客户端

1
2
3

std::unique_ptr<BearSSL::WiFiClientSecure>client(new BearSSL::WiFiClientSecure);
client->setFingerprint(fingerprint);

5）发起HTTPS请求

 HTTPClient https;
    const char\* url = "https://www.qq.com";
    Serial.print("[HTTPS] begin...\n");
    if (https.begin(\*client, url)){
       
      https.addHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36");
     // 查询HTTPS请求的响应状态
      int httpResponseCode = https.GET();
      
      if (httpResponseCode>0) {
        Serial.print("HTTP Response code: ");
        Serial.println(httpResponseCode);
        String payload = https.getString();
        Serial.println(payload);
      }
      else {
// Serial.print("Error code: ");
// Serial.println(httpResponseCode);
        Serial.printf("[HTTPS] GET... failed, error: %s\n", https.errorToString(httpResponseCode).c\_str());
      }
      // 释放HTTPS请求
      https.end();
    }