Add support for MQTT certificates

Fixes shmuelzon#35

Author: shmuelzon

README.md

@@ -108,6 +108,9 @@ The `mqtt` section below includes the following entries:
       "host": "192.168.1.1",
       "port": 1883,
       "ssl": false,
+      "client_cert": null,
+      "client_key": null,
+      "server_cert": null,
       "username": null,
       "password": null,
       "client_id": null
@@ -125,6 +128,16 @@ The `mqtt` section below includes the following entries:
 }
 ```
 * `server` - MQTT connection parameters
+  * `host` - Host name or IP address of the MQTT broker
+  * `port` - TCP port of the MQTT broker. If not specificed will default to
+    1883 or 8883, depending on SSL configuration
+  * `client_cert`, `client_key`, `server_cert` - Full path names, including a
+    leading slash (/), of the certificate/key file (in PEM format) stored under
+    the data folder. For example, if a certificate file is placed at
+    `data/certs/my_cert.pem`, the value stored in the configuration should be
+    `/certs/my_cert.pem`
+  * `username`, `password` - MQTT login credentials
+  * `client_id` - The MQTT client ID
 * `publish` - Configuration for publishing topics
 * `topics`
   * `prefix` - Which prefix should be added to all MQTT value topics. OTA

main/ble2mqtt.c

@@ -163,7 +163,9 @@ static void wifi_on_connected(void)
     ESP_LOGI(TAG, "Connected to WiFi, connecting to MQTT");
     mqtt_connect(config_mqtt_host_get(), config_mqtt_port_get(),
         config_mqtt_client_id_get(), config_mqtt_username_get(),
-        config_mqtt_password_get(), config_mqtt_ssl_get());
+        config_mqtt_password_get(), config_mqtt_ssl_get(),
+        config_mqtt_server_cert_get(), config_mqtt_client_cert_get(),
+        config_mqtt_client_key_get());
 }
 
 static void wifi_on_disconnected(void)

main/config.c

@@ -18,6 +18,36 @@ static cJSON *config;
 /* Internal variables */
 static char config_version[33];
 
+/* Common utilities */
+static char *read_file(const char *path)
+{
+    int fd, len;
+    struct stat st;
+    char *buf, *p;
+
+    if (stat(path, &st))
+        return NULL;
+
+    if ((fd = open(path, O_RDONLY)) < 0)
+        return NULL;
+
+    if (!(buf = p = malloc(st.st_size + 1)))
+        return NULL;
+
+    while ((len = read(fd, p, 1024)) > 0)
+        p += len;
+    close(fd);
+
+    if (len < 0)
+    {
+        free(buf);
+        return NULL;
+    }
+
+    *p = '\0';
+    return buf;
+}
+
 /* BLE Configuration*/
 static cJSON *config_ble_get_name_by_uuid(uint8_t is_service,
     const char *uuid, const char *field_name)
@@ -202,6 +232,48 @@ uint8_t config_mqtt_ssl_get(void)
     return cJSON_IsTrue(ssl);
 }
 
+const char *config_mqtt_file_get(const char *field)
+{
+    const char *file = config_mqtt_server_get(field);
+    char buf[128];
+
+    if (!file)
+        return NULL;
+
+    snprintf(buf, sizeof(buf), "/spiffs%s", file);
+    return read_file(buf);
+}
+
+const char *config_mqtt_server_cert_get(void)
+{
+    static const char *cert;
+
+    if (!cert)
+        cert = config_mqtt_file_get("server_cert");
+
+    return cert;
+}
+
+const char *config_mqtt_client_cert_get(void)
+{
+    static const char *cert;
+
+    if (!cert)
+        cert = config_mqtt_file_get("client_cert");
+
+    return cert;
+}
+
+const char *config_mqtt_client_key_get(void)
+{
+    static const char *key;
+
+    if (!key)
+        key = config_mqtt_file_get("client_key");
+
+    return key;
+}
+
 const char *config_mqtt_client_id_get(void)
 {
     return config_mqtt_server_get("client_id");
@@ -351,35 +423,6 @@ int config_update_end(config_update_handle_t handle)
     return 0;
 }
 
-static char *read_file(const char *path)
-{
-    int fd, len;
-    struct stat st;
-    char *buf, *p;
-
-    if (stat(path, &st))
-        return NULL;
-
-    if ((fd = open(path, O_RDONLY)) < 0)
-        return NULL;
-
-    if (!(buf = p = malloc(st.st_size + 1)))
-        return NULL;
-
-    while ((len = read(fd, p, 1024)) > 0)
-        p += len;
-    close(fd);
-
-    if (len < 0)
-    {
-        free(buf);
-        return NULL;
-    }
-
-    *p = '\0';
-    return buf;
-}
-
 static cJSON *load_json(const char *path)
 {
     char *p, *str = read_file(path);

main/config.h

@@ -20,6 +20,9 @@ uint32_t config_ble_passkey_get(const char *mac);
 const char *config_mqtt_host_get(void);
 uint16_t config_mqtt_port_get(void);
 uint8_t config_mqtt_ssl_get(void);
+const char *config_mqtt_server_cert_get(void);
+const char *config_mqtt_client_cert_get(void);
+const char *config_mqtt_client_key_get(void);
 const char *config_mqtt_client_id_get(void);
 const char *config_mqtt_username_get(void);
 const char *config_mqtt_password_get(void);

main/mqtt.c

@@ -251,7 +251,8 @@ static esp_err_t mqtt_event_cb(esp_mqtt_event_handle_t event)
 }
 
 int mqtt_connect(const char *host, uint16_t port, const char *client_id,
-    const char *username, const char *password, uint8_t ssl)
+    const char *username, const char *password, uint8_t ssl,
+    const char *server_cert, const char *client_cert, const char *client_key)
 {
     esp_mqtt_client_config_t config = {
         .event_handle = mqtt_event_cb,
@@ -261,6 +262,9 @@ int mqtt_connect(const char *host, uint16_t port, const char *client_id,
         .username = username,
         .password = password,
         .transport = ssl ? MQTT_TRANSPORT_OVER_SSL : MQTT_TRANSPORT_OVER_TCP,
+        .cert_pem = server_cert,
+        .client_cert_pem = client_cert,
+        .client_key_pem = client_key,
     };
 
     ESP_LOGI(TAG, "Connecting MQTT client");

main/mqtt.h

@@ -23,7 +23,8 @@ int mqtt_publish(const char *topic, uint8_t *payload, size_t len, int qos,
     uint8_t retained);
 
 int mqtt_connect(const char *host, uint16_t port, const char *client_id,
-    const char *username, const char *password, uint8_t ssl);
+    const char *username, const char *password, uint8_t ssl,
+    const char *server_cert, const char *client_cert, const char *client_key);
 int mqtt_disconnect(void);
 
 uint8_t mqtt_is_connected(void);