From bbd040a322d89376f021543d2c3dbcaab2f1a356 Mon Sep 17 00:00:00 2001 From: Daniel Rosengarten Date: Sat, 21 Jan 2023 22:37:20 +0100 Subject: [PATCH] Add support for SSL/TLS Answer to issue #32. Signed-off-by: Daniel Rosengarten --- src/EspMQTTClient.cpp | 81 +++++++++++++++++++++++++++++++++++++++---- src/EspMQTTClient.h | 56 ++++++++++++++++++++++++------ 2 files changed, 120 insertions(+), 17 deletions(-) diff --git a/src/EspMQTTClient.cpp b/src/EspMQTTClient.cpp index 3bcd5b0..68d314f 100644 --- a/src/EspMQTTClient.cpp +++ b/src/EspMQTTClient.cpp @@ -16,47 +16,86 @@ EspMQTTClient::EspMQTTClient( const char* mqttServerIp, const uint16_t mqttServerPort, const char* mqttClientName) : - EspMQTTClient(NULL, NULL, mqttServerIp, NULL, NULL, mqttClientName, mqttServerPort) + EspMQTTClient(NULL, NULL, mqttServerIp, NULL, NULL, NULL, NULL, NULL, mqttClientName, mqttServerPort, false) { } +/// Wifi + MQTT with no MQTT authentification +EspMQTTClient::EspMQTTClient( + const char* wifiSsid, + const char* wifiPassword, + const char* mqttServerIp, + const char* mqttClientName, + const uint16_t mqttServerPort) : + EspMQTTClient(wifiSsid, wifiPassword, mqttServerIp, NULL, NULL, NULL, NULL, NULL, mqttClientName, mqttServerPort, false) + +{ +} + +/// Only MQTT handling (no wifi), with MQTT authentification EspMQTTClient::EspMQTTClient( const char* mqttServerIp, const uint16_t mqttServerPort, const char* mqttUsername, const char* mqttPassword, const char* mqttClientName) : - EspMQTTClient(NULL, NULL, mqttServerIp, mqttUsername, mqttPassword, mqttClientName, mqttServerPort) + EspMQTTClient(NULL, NULL, mqttServerIp, mqttUsername, mqttPassword, NULL, NULL, NULL, mqttClientName, mqttServerPort, false) { } -// Wifi and MQTT handling +/// Wifi + MQTT(S) (SSL unsecure) with MQTT authentification EspMQTTClient::EspMQTTClient( const char* wifiSsid, const char* wifiPassword, const char* mqttServerIp, + const char* mqttUsername, + const char* mqttPassword, const char* mqttClientName, - const uint16_t mqttServerPort) : - EspMQTTClient(wifiSsid, wifiPassword, mqttServerIp, NULL, NULL, mqttClientName, mqttServerPort) + const uint16_t mqttServerPort, + bool mqttSecure) : + EspMQTTClient(NULL, NULL, mqttServerIp, mqttUsername, mqttPassword, NULL, NULL, NULL, mqttClientName, mqttServerPort, mqttSecure) { } +/// Wifi + MQTT(S) (SSL with CA certificate) with MQTT authentification EspMQTTClient::EspMQTTClient( const char* wifiSsid, const char* wifiPassword, const char* mqttServerIp, const char* mqttUsername, const char* mqttPassword, + const char* mqttRootCA, const char* mqttClientName, - const uint16_t mqttServerPort) : + const uint16_t mqttServerPort, + bool mqttSecure) : + EspMQTTClient(NULL, NULL, mqttServerIp, mqttUsername, mqttPassword, mqttRootCA, NULL, NULL, mqttClientName, mqttServerPort, mqttSecure) +{ +} + +/// Wifi + MQTT(S) (with client certificate) with MQTT authentification +EspMQTTClient::EspMQTTClient( + const char* wifiSsid, + const char* wifiPassword, + const char* mqttServerIp, + const char* mqttUsername, + const char* mqttPassword, + const char* mqttRootCA, + const char* mqttClientCertificate, + const char* mqttClientKey, + const char* mqttClientName, + const uint16_t mqttServerPort, + bool mqttSecure) : _wifiSsid(wifiSsid), _wifiPassword(wifiPassword), _mqttServerIp(mqttServerIp), _mqttUsername(mqttUsername), _mqttPassword(mqttPassword), + _mqttRootCA(mqttRootCA), + _mqttClientCertificate(mqttClientCertificate), + _mqttClientKey(mqttClientKey), _mqttClientName(mqttClientName), _mqttServerPort(mqttServerPort), - _mqttClient(mqttServerIp, mqttServerPort, _wifiClient) + _mqttSecure(mqttSecure) { // WiFi connection _handleWiFi = (wifiSsid != NULL); @@ -67,6 +106,34 @@ EspMQTTClient::EspMQTTClient( _wifiReconnectionAttemptDelay = 60 * 1000; // MQTT client + if(!_mqttSecure) + // MQTT unsecure + { + _mqttClient.setServer(_mqttServerIp, _mqttServerPort); + _mqttClient.setClient(_wifiClient); + } + else + // MQTT with SSL + { + if(_mqttRootCA != NULL) + { + _wifiClientSecure.setCACert(_mqttRootCA); // Set CA certificate to validate MQTT server + + if(_mqttClientCertificate != NULL && _mqttClientKey != NULL) + { + _wifiClientSecure.setCertificate(_mqttClientCertificate); // Set MQTT client SSL certificate + _wifiClientSecure.setPrivateKey(_mqttClientKey); // Set MQTT client SSL key + } + } + else + { + _wifiClientSecure.setInsecure(); // Don't check CA certificate just use the SSL channel + } + _mqttClient.setServer(_mqttServerIp, _mqttServerPort); + _mqttClient.setClient(_wifiClientSecure); + } + + _mqttConnected = false; _nextMqttConnectionAttemptMillis = 0; _mqttReconnectionAttemptDelay = 15 * 1000; // 15 seconds of waiting between each mqtt reconnection attempts by default diff --git a/src/EspMQTTClient.h b/src/EspMQTTClient.h index 5511bf5..5b84308 100644 --- a/src/EspMQTTClient.h +++ b/src/EspMQTTClient.h @@ -8,6 +8,7 @@ #ifdef ESP8266 #include + #include #include #include #include @@ -19,7 +20,9 @@ #else // for ESP32 + #include + #include #include #include #include "ESP32HTTPUpdateServer.h" @@ -48,7 +51,9 @@ class EspMQTTClient unsigned int _wifiReconnectionAttemptDelay; const char* _wifiSsid; const char* _wifiPassword; + WiFiClient _wifiClient; + WiFiClientSecure _wifiClientSecure; // MQTT related bool _mqttConnected; @@ -57,8 +62,12 @@ class EspMQTTClient const char* _mqttServerIp; const char* _mqttUsername; const char* _mqttPassword; + const char* _mqttRootCA; + const char* _mqttClientCertificate; + const char *_mqttClientKey; const char* _mqttClientName; uint16_t _mqttServerPort; + bool _mqttSecure; bool _mqttCleanSession; char* _mqttLastWillTopic; char* _mqttLastWillMessage; @@ -109,16 +118,6 @@ class EspMQTTClient const char* mqttClientName = DEFAULT_MQTT_CLIENT_NAME, const uint16_t mqttServerPort = 1883); - /// Wifi + MQTT with MQTT authentification - EspMQTTClient( - const char* wifiSsid, - const char* wifiPassword, - const char* mqttServerIp, - const char* mqttUsername, - const char* mqttPassword, - const char* mqttClientName = DEFAULT_MQTT_CLIENT_NAME, - const uint16_t mqttServerPort = 1883); - /// Only MQTT handling (no wifi), with MQTT authentification EspMQTTClient( const char* mqttServerIp, @@ -133,6 +132,43 @@ class EspMQTTClient const uint16_t mqttServerPort, const char* mqttClientName = DEFAULT_MQTT_CLIENT_NAME); + /// Wifi + MQTT(S) (SSL unsecure) with MQTT authentification + EspMQTTClient( + const char *wifiSsid, + const char *wifiPassword, + const char *mqttServerIp, + const char *mqttUsername, + const char *mqttPassword, + const char *mqttClientName, + const uint16_t mqttServerPort, + bool mqttSecure = false); + + /// Wifi + MQTT(S) (SSL with CA certificate) with MQTT authentification + EspMQTTClient( + const char* wifiSsid, + const char* wifiPassword, + const char* mqttServerIp, + const char* mqttUsername, + const char* mqttPassword, + const char* mqttRootCA, + const char* mqttClientName = DEFAULT_MQTT_CLIENT_NAME, + const uint16_t mqttServerPort = 1883, + bool mqttSecure = false); + + /// Wifi + MQTT(S) (with client certificate) with MQTT authentification + EspMQTTClient( + const char* wifiSsid, + const char* wifiPassword, + const char* mqttServerIp, + const char* mqttUsername, + const char* mqttPassword, + const char* mqttRootCA, + const char* mqttClientCertificate, + const char* mqttClientKey, + const char* mqttClientName = DEFAULT_MQTT_CLIENT_NAME, + const uint16_t mqttServerPort = 1883, + bool mqttSecure = false); + ~EspMQTTClient(); // Optional functionality