Add WPA2 Enterprise support for ESP8266 and ESP32 platforms

[d235j]

Scope of changes: This PR adds support for WPA2 Enterprise authentication using username/password, as is very common at universities. As some universities don't provide PSK-based wireless authentication, this is critical to make AdafruitIO usable in such environments.

Known limitations: Only ESP8266 and ESP32 platforms are supported. It does not appear that the other platforms that AdafruitIO supports have exposed methods to enable WPA2 Enterprise authentication.

It does not appear that CA certificate validation is functioning correctly in either the ESP8266 or the ESP32 stack, but it is possible I am passing the wrong certificate.

Testing: No changes have been made to the existing non-Enterprise WiFi code. This has been tested on both ESP8266 and ESP32 hardware.

Only one of the examples has been modified. If this PR is satisfactory, all the examples can be modified as needed.

[d235j]

Cleaned up some unnecessary commented-out code.

[brentru]

@d235j Travis is failing on this build, but it is due to incompatibility with ESP8266 board support package 2.5.0, your code compiles on my board running 2.4.2.

I'd like to pull this in and release as v2.8.0. It seems you have tested this on an Eduroam university network? I may be able to test this with my university's Eduroam subnet later this week.

Could you please add an example of using WPA2 Enterprise to this pull request? A modified example from /examples would be perfect!

[d235j]

@brentru Yes I tested this! Check the commit — I added this to the adafruitio_00_publish example. Feel free to copy it to all the other examples if you'd like!

[brentru]

@d235j Great! Could you break that out into a separate example, only setting it up for WPA2 Enterprise in the config.h for the example. Something like adafruitio_00_publish_wpa2ent would work.

We added WPA2 Enterprise to CircuitPython_ESP32_SPI, used by Adafruit IO CircuitPython. I'd like to mirror that PR's setup: https://github.com/adafruit/Adafruit_CircuitPython_ESP32SPI/blob/master/examples/esp32spi_wpa2ent_simpletest.py

[d235j]

@brentru is there a good reason for that? CircuitPython_ESP32_SPI does the lower-level calls directly while Adafruit_IO_Arduino handles them internally, so it made the most sense to treat the WPA2 Enterprise support as another type of networking client. Which means it would make the most sense to me to put that block, commented out, in all the examples.

[brentru]

@d235j The main reason would be for linking people to a ready-to-run example. I see your point, we'll leave it as-is.

Could you comment out the following lines? Including AdafruitIO_WiFi_Enterprise should be optional.

https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L38 thru https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L45

And can you remove the following lines (I'll add them in release notes, they do not need to be in the code itself)

https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L36 https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L42

[d235j]

@brentru Sounds good, looks like I missed commenting those out. Would you like me to copy the block into all the examples as well?

[brentru]

@d235j Could we look at the 00 example for now, and we'll see what it looks like with everything commented out first? If we're going to be doing that, let's make sure it's perfect in that configuration before we apply this file universally :)

Add a space before the * after Enterprise: https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L25

Change to "CA Certificate validation does not work, disabled by default." https://github.com/adafruit/Adafruit_IO_Arduino/blob/ac43fa0b79b48d31db5e91f83be771a541fe74db/examples/adafruitio_00_publish/config.h#L42

Want to move the WPA2Ent configuration underneath the ethernet shield if we're applying across all config.h files?

[d235j]

Sounds good, I'll make those edits and comment things out.

I put WPA2 Enterprise next to regular wifi, but it can go after Ethernet just as well. Let me know what you'd like.

[brentru]

@d235j Great, I'd like it to be after ethernet.

[d235j]

Thanks! Let me know if any further changes need to be made.

[brentru]

Looks a lot better, thanks!

Can you remove this line: https://github.com/adafruit/Adafruit_IO_Arduino/blob/0cf3ea5c405e244d142788db3e157e1c1590d699/examples/adafruitio_00_publish/config.h#L55

Change SSID to "your_ssid" Change user to "your_username" Change password to "your_password" https://github.com/adafruit/Adafruit_IO_Arduino/blob/0cf3ea5c405e244d142788db3e157e1c1590d699/examples/adafruitio_00_publish/config.h#L61

[brentru]

@d235j Heya - I got v3 of this library out earlier this month and want to slate WPA2Ent for a V3.x.

I made AdafruitIO_WiFi compatible with the ATWINC1500 (fixed some preset pins) and our new WiFiNINA AirLift boards, feel free to take a look. There's been a bunch done there.

Instead of a separate section in the config.h, we should have an #include similar to how we include airlift, but for selecting AdafruitIO_WiFi_Enterprise.

[brentru]

@d235j Something like the following would work great and would also be stylistically compatible with how the config.h works.

However: I'm not sure if importing _WIFI.h and _WIFI_ENT.h would cause a collision though; I don't think so because the AdafruitIO_WiFi and AdafruitIO_WiFi_ENT are separate.

```/******************************* WIFI **************************************/

// the AdafruitIO_WiFi client will work with the following boards:
//   - HUZZAH ESP8266 Breakout -> https://www.adafruit.com/products/2471
//   - Feather HUZZAH ESP8266 -> https://www.adafruit.com/products/2821
//   - Feather HUZZAH ESP32 -> https://www.adafruit.com/product/3405
//   - Feather M0 WiFi -> https://www.adafruit.com/products/3010
//   - Feather WICED -> https://www.adafruit.com/products/3056
//   - Adafruit PyPortal -> https://www.adafruit.com/product/4116
//   - Adafruit Metro M4 Express AirLift Lite -> https://www.adafruit.com/product/4000
//   - Adafruit AirLift Breakout -> https://www.adafruit.com/product/4201

#define WIFI_SSID   "your_ssid"
#define WIFI_PASS   "your_pass"

// uncomment the following line if you are using airlift
// #define USE_AIRLIFT

// uncomment the following line if you are using winc1500
// #define USE_WINC1500

// uncomment the following line if you are using wpa2-enterprise
// #define USE_ENTERPRISE_WPA2

// comment out the following lines if you are using fona or ethernet
#include "AdafruitIO_WiFi.h"

#if defined(USE_AIRLIFT) || defined(ADAFRUIT_METRO_M4_AIRLIFT_LITE)
  // Configure the pins used for the ESP32 connection
  #if !defined(SPIWIFI_SS) // if the wifi definition isnt in the board variant
    // Don't change the names of these #define's! they match the variant ones
    #define SPIWIFI SPI
    #define SPIWIFI_SS 10  // Chip select pin
    #define SPIWIFI_ACK 9  // a.k.a BUSY or READY pin
    #define ESP32_RESETN 6 // Reset pin
    #define ESP32_GPIO0 -1 // Not connected
  #endif
  AdafruitIO_WiFi io(IO_USERNAME, IO_KEY, WIFI_SSID, WIFI_PASS, SPIWIFI_SS, SPIWIFI_ACK, ESP32_RESETN, ESP32_GPIO0, &SPIWIFI);
# if defined(USE_ENTERPRISE_WPA2)
  #include "AdafruitIO_WiFi_Enterprise.h"
  #define WIFI_ENT_SSID  "eduroam"
  #define WIFI_ENT_IDENT "user"
  #define WIFI_ENT_PASS  "password"
  #define WIFI_CACERT NULL // passing NULL disables CA certificate validation, which does not appear to work
  AdafruitIO_WiFi_Enterprise io(IO_USERNAME, IO_KEY, WIFI_ENT_SSID, WIFI_ENT_IDENT, WIFI_ENT_PASS, WIFI_CACERT);
#else
  AdafruitIO_WiFi io(IO_USERNAME, IO_KEY, WIFI_SSID, WIFI_PASS);
#endif

[brentru]

Closing for now, will re-open if this is requested again.

[d235j]

@brentru I'll probably get back to this in the next few weeks. Real life is keeping me busy.

[brentru]

@d235j Awesome, no rush! Let me know when you are ready and we'll get this rolling again.