giofranco
diff --git a/‎README.md
Lines changed: 34 additions & 2 deletions b/‎README.md
Lines changed: 34 additions & 2 deletions
diff --git a/‎examples/Self-Signed-Certificate/Self-Signed-Certificate.ino
Lines changed: 164 additions & 0 deletions b/‎examples/Self-Signed-Certificate/Self-Signed-Certificate.ino
Lines changed: 164 additions & 0 deletions
@@ -20,7 +20,7 @@ The library is self-contained and just needs the Arduino and ESP32 system librar
 
 Clone or download the content of this git repository into your Arduino/libraries folder and restart you IDE.
 
-To run the examples, you need to execute the script extras/create_cert.sh first. This script will create a simple CA to sign certificates that are used with the examples. Some notes on the usage can be found in the extras/README.md file.
+To run the examples (except for the _Self-Signed-Certificates_ example), you need to execute the script extras/create_cert.sh first. This script will create a simple CA to sign certificates that are used with the examples. Some notes on the usage can be found in the extras/README.md file.
 
 You then should be able to add the library to your project if you selected the ESP32 as architecture.
 
@@ -37,6 +37,7 @@ You will find several examples showing how you can use the library:
 - [Async-Server](examples/Async-Server/Async-Server.ino): Like the Static-Page example, but the server runs in a separate task on the ESP32, so you do not need to call the loop() function in your main sketch.
 - [Websocket-Chat](examples/Websocket-Chat/Websocket-Chat.ino): Provides a browser-based chat built on top of websockets. **Note:** Websockets are still under development!
 - [Parameter-Validation](examples/Parameter-Validation/Parameter-Validation.ino): Shows how you can integrate validator functions to do formal checks on parameters in your URL.
+- [Self-Signed-Certificate](examples/Self-Signed/Self-Signed.ino): Shows how to generate a self-signed certificate on the fly on the ESP when the sketch starts. You do not need to run `create_cert.sh` to use this example.
 
 If you encounter error messages that cert.h or private\_key.h are missing when running an example, make sure to run create\_cert.sh first (see Setup Instructions).
 
@@ -144,4 +145,35 @@ By default, you need to pass control to the server explicitly. This is done by c
 
 If you want to have the server running in the background (and not calling `loop()` by yourself every few milliseconds), you can make use of the ESP32's task feature and put the whole server in a separate task.
 
-See the Async-Server example to see how this can be done.
+See the Async-Server example to see how this can be done.
+
+## Advanced Configuration
+
+This section covers some advanced configuration options that allow you e.g. to customize the build process, but which might require more advanced programming skills and a more sophisticated IDE that just the default Arduino IDE.
+
+### Saving Space by Reducing Functionality
+
+To save program space on the microcontroller, there are some parts of the library that can be disabled during compilation and will then not be a part of your program.
+
+The following flags are currently available:
+
+| Flag                      | Effect
+| ------------------------- | ---------------------------
+| HTTPS_DISABLE_SELFSIGNING | Removes the code for generating a self-signed certificate at runtime. You will need to provide certificate and private key data from another data source to use the `HTTPSServer`.
+
+Setting these flags requires a build environment that gives you some control of the compiler, as libraries are usually compiled separately, so just doing a `#define HTTPS_SOMETHING` in your sketch will not work.
+
+
**Example: Configuration with Platform IO****Example: Configuration with Platform IO**
+
+To set these flags in Platform IO, you can modify your `platformio.ini`. To disable for example the self-signed-certificates part of the library, the file could look like this:
+
+```ini
+[env:esp32dev]
+platform = espressif32
+board = esp32dev
+framework = arduino
+build_flags =
+  -DHTTPS_DISABLE_SELFSIGNING
+```
+
+Note the `-D` in front of the actual flag name, that passes this flag as a definition to the preprocessor. Multiple flags can be added one per line.
@@ -0,0 +1,164 @@
+/**
+ * Example for the ESP32 HTTP(S) Webserver
+ *
+ * IMPORTANT NOTE:
+ * To run this script, you need to
+ *  1) Enter your WiFi SSID and PSK below this comment
+ *
+ * This script will install an HTTPS Server on your ESP32 with the following
+ * functionalities:
+ *  - Show simple page on web server root
+ *  - 404 for everything else
+ * 
+ * In contrast to the other examples, the certificate and the private key will be
+ * generated on the ESP32, so you do not need to provide them here.
+ * (this means no need to run create_cert.sh)
+ */
+
+// TODO: Configure your WiFi here
+#define WIFI_SSID "<your ssid goes here>"
+#define WIFI_PSK  "<your pre-shared key goes here>"
+
+// We will use wifi
+#include <WiFi.h>
+
+// Includes for the server
+#include <HTTPSServer.hpp>
+#include <SSLCert.hpp>
 #include <HTTPRequest.hpp>
+#include <HTTPResponse.hpp>
+
+// The HTTPS Server comes in a separate namespace. For easier use, include it here.
+using namespace httpsserver;
+
+SSLCert * cert;
+HTTPSServer * secureServer;
+
+// Declare some handler functions for the various URLs on the server
+void handleRoot(HTTPRequest * req, HTTPResponse * res);
+void handle404(HTTPRequest * req, HTTPResponse * res);
+
+void setup() {
+  // For logging
+  Serial.begin(115200);
+  delay(3000); // wait for the monitor to reconnect after uploading.
+
+  Serial.println("Creating a new self-signed certificate.");
+  Serial.println("This may take up to a minute, so be patient ;-)");
+
+  // First, we create an empty certificate:
+  cert = new SSLCert();
+
+  // Now, we use the function createSelfSignedCert to create private key and certificate.
+  // The function takes the following paramters:
+  // - Key size: 1024 or 2048 bit should be fine here, 4096 on the ESP might be "paranoid mode"
+  //   (in generel: shorter key = faster but less secure)
+  // - Distinguished name: The name of the host as used in certificates.
+  //   If you want to run your own DNS, the part after CN (Common Name) should match the DNS
+  //   entry pointing to your ESP32. You can try to insert an IP there, but that's not really good style.
+  int createCertResult = createSelfSignedCert(*cert, KEYSIZE_2048, "CN=myesp32.local,O=FancyCompany,C=DE");
+
+  // Now check if creating that worked
+  if (createCertResult != 0) {
+    Serial.printf("Cerating certificate failed. Error Code = 0x%02X, check SSLCert.hpp for details", createCertResult);
+    while(true) delay(500);
+  }
+  Serial.println("Creating the certificate was successful");
+
+  // If you're working on a serious project, this would be a good place to initialize some form of non-volatile storage
+  // and to put the certificate and the key there. This has the advantage that the certificate stays the same after a reboot
+  // so your client still trusts your server, additionally you increase the speed-up of your application.
+  // Some browsers like Firefox might even reject the second run for the same issuer name (the distinguished name defined above).
+  //
+  // Storing:
+
F438
  //   For the key:
+  //     cert->getPKLength() will return the length of the private key in byte
+  //     cert->getPKData() will return the actual private key (in DER-format, if that matters to you)
+  //   For the certificate:
+  //     cert->getCertLength() and ->getCertData() do the same for the actual certificate data.
+  // Restoring:
+  //   When your applications boots, check your non-volatile storage for an existing certificate, and if you find one
+  //   use the parameterized SSLCert constructor to re-create the certificate and pass it to the HTTPSServer.
+  //
+  // A short reminder on key security: If you're working on something professional, be aware that the storage of the ESP32 is
+  // not encrypted in any way. This means that if you just write it to the flash storage, it is easy to extract it if someone
+  // gets a hand on your hardware. You should decide if that's a relevant risk for you and apply countermeasures like flash
+  // encryption if neccessary
+
+  // We can now use the new certificate to setup our server as usual.
+	secureServer = new HTTPSServer(cert);
+
+  // Connect to WiFi
+  Serial.println("Setting up WiFi");
+  WiFi.begin(WIFI_SSID, WIFI_PSK);
+  while (WiFi.status() != WL_CONNECTED) {
+    Serial.print(".");
+    delay(500);
+  }
+  Serial.print("Connected. IP=");
+  Serial.println(WiFi.localIP());
+
+  // For every resource available on the server, we need to create a ResourceNode
+  // The ResourceNode links URL and HTTP method to a handler function
+  ResourceNode * nodeRoot    = new ResourceNode("/", "GET", &handleRoot);
+  ResourceNode * node404     = new ResourceNode("", "GET", &handle404);
+
+  // Add the root node to the server
+  secureServer->registerNode(nodeRoot);
+  // Add the 404 not found node to the server.
+  secureServer->setDefaultNode(node404);
+
+  Serial.println("Starting server...");
+  secureServer->start();
+  if (secureServer->isRunning()) {
+	  Serial.println("Server ready.");
+  }
+}
+
+void loop() {
+	// This call will let the server do its work
+	secureServer->loop();
+
+	// Other code would go here...
+	delay(1);
+}
+
+void handleRoot(HTTPRequest * req, HTTPResponse * res) {
+	// Status code is 200 OK by default.
+	// We want to deliver a simple HTML page, so we send a corresponding content type:
+	res->setHeader("Content-Type", "text/html");
+
+	// The response implements the Print interface, so you can use it just like
+	// you would write to Serial etc.
+	res->println("<!DOCTYPE html>");
+	res->println("<html>");
+	res->println("<head><title>Hello World!</title></head>");
+	res->println("<body>");
+	res->println("<h1>Hello World!</h1>");
+	res->print("<p>Your server is running for ");
+	// A bit of dynamic data: Show the uptime
+	res->print((int)(millis()/1000), DEC);
+	res->println(" seconds.</p>");
+	res->println("</body>");
+	res->println("</html>");
+}
+
+void handle404(HTTPRequest * req, HTTPResponse * res) {
+	// Discard request body, if we received any
+	// We do this, as this is the default node and may also server POST/PUT requests
+	req->discardRequestBody();
+
+	// Set the response status
+	res->setStatusCode(404);
+	res->setStatusText("Not Found");
+
+	// Set content type of the response
+	res->setHeader("Content-Type", "text/html");
+
+	// Write a tiny HTTP page
+	res->println("<!DOCTYPE html>");
+	res->println("<html>");
+	res->println("<head><title>Not Found</title></head>");
+	res->println("<body><h1>404 Not Found</h1><p>The requested resource was not found on this server.</p></body>");
+	res->println("</html>");
+}