Added TLS certificates.

2022-07-04 23:44:08 +08:00 · 2022-07-04 23:44:08 +08:00 · e77181ce67
parent 5afbef0177
commit e77181ce67
9 changed files with 175 additions and 1232 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -4,3 +4,7 @@ cmake_minimum_required(VERSION 3.16)

 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(dht_temp)
+
+# Add client certificate, private key and CA bundle to project:
+target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "assets/client.crt"    TEXT)
+target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "assets/client.key"    TEXT)
--- a/assets/ca/ca-bundle.pem
+++ b/assets/ca/ca-bundle.pem
@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADB7MRMwEQYKCZImiZPyLGQB
+GRYDbW9lMRMwEQYKCZImiZPyLGQBGRYDaW1pMQ8wDQYDVQQKDAZpTS5JbmMxHjAc
+BgNVBAsMFWlNLkluYyBJb1QgUm9vdCBDQSBHMjEeMBwGA1UEAwwVaU0uSW5jIElv
+VCBSb290IENBIEcyMB4XDTIwMTEyMTEyMTk0NVoXDTMwMTEyMTEyMTk0NVowezET
+MBEGCgmSJomT8ixkARkWA21vZTETMBEGCgmSJomT8ixkARkWA2ltaTEPMA0GA1UE
+CgwGaU0uSW5jMR4wHAYDVQQLDBVpTS5JbmMgSW9UIFJvb3QgQ0EgRzIxHjAcBgNV
+BAMMFWlNLkluYyBJb1QgUm9vdCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAOjHqAyz7LVqG0yQV6aEaoaEIXaF3dK5vr/in4vyu/ylp7aBmJi0
+UkFV1TYbaT4EEGguYaigyOWPUlyIgrDDMdpEGefNeLPh2wiPeHGe7NBsu/7PcyD6
+1eoM7tKX11C6LtoMpH7hTudfRBj86xUqXib0KofbnqvtwcihbEj60M/TWqafwflJ
+hO5tBzpq4Tgcj8UFRYN7SSKgUG9XI00sH8g3WBKwIPfAI8lbr7UfDvbuIAyedzCp
+7wYQbfY6SQWl9ORig6b50TnJpJQa4J3dwi/d0I0wJmKMLUD1OXSzwYSP/0ra6hx0
+0VAy/HqWD6aPea/Pt+yp7RrtoLhmNRmOg65vrguYDffUc4SLm/A77yWmjFyx5Nla
+G/NgltND9YbD/hD3URyKlXMiKvBCJkXiQnnUcAkVOSp8SftsZZnIOH1yTsKDQ5Ya
+m/CufjUQNrA7cPszwjRLPnNTiTN7YBYIPzr+6rpHfCYT2RFQ6+s9c0xBwgZGleLh
+XAa0Ky/JadU1trpOYwQn5m+HWrDyYivE32PfddSumUbiNOPxQzmePFcZ4YPiqWhf
+DDB+miFr7Nc+r2ptGUBDXGt1bOojtVGqxMMQGmqIz93JQs5jgn1kltcakwyZSYQL
+htplyOlXMDqieMYIgKnLnnTd8un5nCFfVJzPnKRNUANW9A1htLfpAHu5AgMBAAGj
+YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQd
+mQ8/CUEz8dt/eS2ROb6Ng8HS7DAfBgNVHSMEGDAWgBQdmQ8/CUEz8dt/eS2ROb6N
+g8HS7DANBgkqhkiG9w0BAQsFAAOCAgEAQIoSPNiVeKA8kuGv44KskhCxAyKyjaRZ
+muLSYiOeHVI8EqywsFNN8ObMx1zvQwGbNlKjMDIE4o0H1S+CsSpCWMWDLybYCIyN
+w2InHE25SXJks/vz5B9sP1PDZ1ekDD0X4CrqFqEpd0aQxg/4ykl+zEov/+ivC8Y4
+TN7/CtGO6rxIM+yG7hQZBj8VZmIURc90+Nb9RMSSx6or8zt0NCz1fEqc7M/MLtxj
+FvSu8Dcm8YT+yaXhGtRQscH9aXb4J3iOXm2G4//WgYuJ5bjo3CFuSyqFtvhGWwOP
+A7DsK/yS+Wx/ZXMqCDp2lCU2s1Fmav3b47iqBvZUESYgwq8gOSslM9W8MnwaaylZ
+DO2ij+ISNJgURFbDFENxll2fTrSS7gMXaMdXB15PEng/DthsE6j5vJrWpUAXqei
+KBnA9UYrkg/6s+H7yKDEh/YLaWA2EyIzWV/EE6ZTcdbMfuFz1sPKJRxqNgWfWOr1
+gO3c4UVWv3hs1ooj4DQV/4tHodh9Q+lbZNpzq1Jxgx+A4I/TODhnf/2W1bAehWOu
+RZ/7QI+Hd5TZ0pDpHnyMu03i2Felo25Tff2i78Lypxw0bjCCvr/uP6NV7jLDOYST
+US7IDJgrvAycyZNADuW2qpzMmpdMj4HP3axG6O7Y1qR7g3ExiVk679nWEhubdSsD
+OBsrrOf8vtk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF1zCCA7+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB7MRMwEQYKCZImiZPyLGQB
+GRYDbW9lMRMwEQYKCZImiZPyLGQBGRYDaW1pMQ8wDQYDVQQKDAZpTS5JbmMxHjAc
+BgNVBAsMFWlNLkluYyBJb1QgUm9vdCBDQSBHMjEeMBwGA1UEAwwVaU0uSW5jIElv
+VCBSb290IENBIEcyMB4XDTIwMTEyMTEyMjAxNloXDTMwMTEyMTEyMjAxNlowezET
+MBEGCgmSJomT8ixkARkWA21vZTETMBEGCgmSJomT8ixkARkWA2ltaTEPMA0GA1UE
+CgwGaU0uSW5jMR4wHAYDVQQLDBVpTS5JbmMgSW9UIFNpZ25pbmcgQ0ExHjAcBgNV
+BAMMFWlNLkluYyBJb1QgU2lnbmluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALrdwJEXhTNlb6WIN0BC+5zYD8BsLk3QiHswtnGbFG6JjCMtW6KO
+U7EjN1i5LfJjHuZyqy7s2ztDFeMsTAdUq6qSInaZxoAxG0wJ0FvL13wHoab9Y454
+5MIWjOWgV30RwD6D74IxJz43+4GOnzwZipD6G2Qok6jEYeLDOsO0r/idYaEfrz81
+U8+845jeifDVMW+ZCsc6770hKNl+SbtsrpI1Gef2UtMf7W/gxQOILv05b5YOYODC
+RqJZ2LnTZyZklzWhFxUqqSFbRoxsqEZppcVQR926c86VslKyuKuuLcVHaN53KkF0
+W2fGnHvFQrHV9UZfOn0RQiaFe91uZrXf5nufeNYHJznDiQ+Lvm+0ywJ+oEaTn1sp
+/ZW+qOJ7Af9QuF5CXzdlbR/eTTub+40sSIiHp93NxFUswZAbcKew9/YnW6VxDMkG
+uaaYQNEY3vEOtocAu1ReBwPnp0v5nI7iOOMZuBki81tjO7oOjl6V5mw2iRUnICfc
+Y/jKp49YT+L7y/6wB+0uY6xQyR+dcVF+0ANHgGsu1l4vMaOI7DzIzbVagGL1fsJR
+WP7sdERiinO9kgx0FxKz8okYxQ0+JpDgjVkwuvXRc4neW55gRXv/3PKrAW8JRSCk
+ve8/L/JFxAbnQH0hsV66ehQGJuTxl5EvzC+ljSq8h2qdcGNhMWP4SSopAgMBAAGj
+ZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
+BBT6gJ+WDsxRWpAg8gM+Ro8abstW7jAfBgNVHSMEGDAWgBQdmQ8/CUEz8dt/eS2R
+Ob6Ng8HS7DANBgkqhkiG9w0BAQsFAAOCAgEAlT8CkihB4u4WWL6py5xGBKSnz0KZ
+5Fx/OJuqOe5LloMs7TFQsU0rDogx+CD9DVStIeJqyk0v3SK3JTpghVgMfZC+me+h
+8PNIL30ZOjMF/+BolGzcTDqwNXpFdqL9A8V+C2+grJw81EdHl6ap6/jBwqAWato3
+xpElWxSFaF8MkJwns/Dr2e8u9IH+jcWXrueaY8lYI3i+sLUDCBG1Z0jvu7thSDRV
+lYywVUFIMGZz91BkmBtAYasXSo2fWjXJNwjpu0f+stlig5YuxmZ7CAfxrzMNllUM
+6mJ+rJj4KTCD1DUChAUlGn++SCpXon+4drjp3fmilnF5PUKQ4NVlLuMTIta2OO/k
+CeEbyKORmiUCKpnbzouOz6Pl6alW3PSlmU2qP58gYSbDa7OSyP1xb0e4gD9Wh7d5
+UlD9oDxQyWRLD40K669IfZoXZVnQoefGvxjhPJse5XYD/4w6Pnf83ZG6pzXl6kxL
+/+zx4uGc4Wwnl/GAZ/YbVvudB3zMRuwQwpG/WDuXYAyGoep5znIAe39i0KUj2M8/
+cBBXYLO/XmsFK/CL/FZ+J8qYS6EqwUTWb1g2xvonkVIAHPpyFvk21pn22jwGOpFB
+pPSeIQhhKQ4wKQnIONWfmVUs+058i6VRFUFkqHYwWmchYNFB96IxTRfdQRpV0YKC
+DXBx2FuyJRFR9As=
+-----END CERTIFICATE-----
--- a/assets/client.crt
+++ b/assets/client.crt
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5jCCAs6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADB7MRMwEQYKCZImiZPyLGQB
+GRYDbW9lMRMwEQYKCZImiZPyLGQBGRYDaW1pMQ8wDQYDVQQKDAZpTS5JbmMxHjAc
+BgNVBAsMFWlNLkluYyBJb1QgU2lnbmluZyBDQTEeMBwGA1UEAwwVaU0uSW5jIElv
+VCBTaWduaW5nIENBMB4XDTIyMDcwNDEzNDkxNVoXDTI0MDcwMzEzNDkxNVowZzET
+MBEGCgmSJomT8ixkARkWA21vZTETMBEGCgmSJomT8ixkARkWA2ltaTEPMA0GA1UE
+CgwGaU0uSW5jMRMwEQYDVQQLDApJb1QgU3lzdGVtMRUwEwYDVQQDDAxFU1BfREhU
+X1RlbXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtKqSGU7OsJQKE
+/ap3FWFS8d9P0ZPDhwr8FBfGnU9Os9tuERENM7mDFdAISUiKD3t3xfGX+hOLStYm
+9A0vZtWoq6Qhl2pPd7O7yi7Jw5OLSlNmoovClp78dyA82ECszYsEp32fw6nSbhmL
+YKTZMYYcdGQO96NWUXvHjuimpCbcUeaDD8yad2TYkb57na3DJp+UNxdf+mvR2beY
+RGkmsIn84UP9edmV2lPgx8rNQOGH8mxTMDtU4D0taQF+n/2W/awi+yMtsdjf811+
+CwSipyVvo8Sb2zl3IHBcI2uD3gSpJ6pjMkExB6TnO+bE3o4iby+iBAmm9rREiO5l
+y9WmGYsfAgMBAAGjgYgwgYUwDgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQCMAAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFPealnfk4PmDut1rni1pUF5c7lPq
+MB8GA1UdIwQYMBaAFPqAn5YOzFFakCDyAz5Gjxpuy1buMBMGA1UdEQQMMAqCCGRo
+dF90ZW1wMA0GCSqGSIb3DQEBCwUAA4ICAQAFwWkFP/qrYamU7JCRsReW0BTtPxQD
+qPYkdff7IO5mwXcbJZKK9HaueCtItMgl8l9SUMdiNdHETodOAuTRtjI9vaDm1bai
+nnQdxNYUQHDZc0NHurTKzLr7gTlE61Hk84Y6Erd/AiwfyqT+832jCinjS3bpY37s
+rWMxRbo1Abe+4V/+giV4Qqk5yYUHyevkO2zliyCk1FLpczRAGYBvQFBN+2Ggvimj
+lcGhi6O5UCUgqbral3pgNgJ3W0ZPCZqd03B4aaauTvQ7QHk3d++kc/RYanHuWaD+
+SEVgMVv13pG7ITggQxoRgKv51sNFcib3WZeJnisIQ4CnzILVaKTNbHKOg0K2YCk0
+xnfcESJazQiaGHC0PFoVBqdO3NP/ISstr6vltJ1hHP6hUeOii0zJXbecD+I5rnsN
+L6UapEfWvP+/Wt0Hv2ROp8Y2vPkjn9MXCgv5+MsbafnlpP98C8aifexgeygTXZGJ
+pQCeqD39ZMvLwoMHjD9y+Qn6prJHrOAaH41S0mmYF7UirRjVVUp9J8BAnfTLhvgX
+0CCWVipPChXM3r+w4j2+/Y7KuBuOtmPxLDVp6d/Tf96Bg33ZvD2GY7PetPeB7j5x
+Ps+5+9X8cVfNUngzf8LlwTNDsUmECDXpLWri8rRfBBJiGT0CP4EqELvhTrle4uu3
+8PHQZfCgDH9WJQ==
+-----END CERTIFICATE-----
--- a/main/CMakeLists.txt
+++ b/main/CMakeLists.txt
@ -1,5 +1,6 @@
 idf_component_register(
 SRCS
+    "app_mqtt.c"
    "app_wifi.c"
    "main.c"
    "aht10/aht10.c"
--- a/main/Kconfig.projbuild
+++ b/main/Kconfig.projbuild
@ -17,4 +17,16 @@ menu "Application Configuration"
        default 5
        help
            Set the Maximum retry to avoid station reconnecting to the AP unlimited when the AP is really inexistent.
+
+    config APP_MQTT_BROKER_ADDR
+        string "MQTT broker connection string"
+        default "mqtt://127.0.0.1:1883"
+        help
+            Connection string for MQTT broker, use scheme://host:port format.
+
+    config APP_MQTT_TLS_CLIENT_PASSPHRASE
+        string "MQTT TLS Client Passphrase"
+        default "AAAAAAAAAAAAAAAA"
+        help
+            Passphrase to decrypt MQTT client private key.
 endmenu
--- a/main/app_mqtt.c
+++ b/main/app_mqtt.c
@ -0,0 +1,50 @@
+/* ESP drivers */
+#include "esp_log.h"
+#include "esp_system.h"
+#include "esp_tls.h"
+
+/* Cert bundle */
+#include "esp_crt_bundle.h"
+
+/* MQTT client */
+#include "mqtt_client.h"
+
+extern const char mqtt_client_cert_start[] asm("_binary_client_crt_start");
+extern const char mqtt_client_cert_end[] asm("_binary_client_crt_end");
+extern const char mqtt_client_key_start[] asm("_binary_client_key_start");
+extern const char mqtt_client_key_end[] asm("_binary_client_key_end");
+
+static void app_mqtt_event_handler(void *arg, esp_event_base_t event_base, int32_t event_id, void *event_data);
+static void app_mqtt_task(void *pvParameters);
+
+esp_err_t app_mqtt_init(void) {
+    if (xTaskCreate(app_mqtt_task, "MQ_TASK", 2048, NULL, 2U, NULL) != pdPASS) {
+        return ESP_FAIL;
+    }
+
+    return ESP_OK;
+}
+
+static void app_mqtt_task(void *pvParameters) {
+    const esp_mqtt_client_config_t mqtt_cfg = {
+        .uri                    = CONFIG_APP_MQTT_BROKER_ADDR,
+        .client_cert_pem        = mqtt_client_cert_start,
+        .client_key_pem         = mqtt_client_key_start,
+        .clientkey_password     = CONFIG_APP_MQTT_TLS_CLIENT_PASSPHRASE,
+        .clientkey_password_len = strlen(CONFIG_APP_MQTT_TLS_CLIENT_PASSPHRASE),
+        .crt_bundle_attach      = esp_crt_bundle_attach,
+    };
+
+    esp_mqtt_client_handle_t client = esp_mqtt_client_init(&mqtt_cfg);
+    esp_mqtt_client_register_event(client, ESP_EVENT_ANY_ID, app_mqtt_event_handler, NULL);
+
+    esp_mqtt_client_start(client);
+
+    for (;;) {
+        vTaskSuspend(NULL);
+    }
+}
+
+static void app_mqtt_event_handler(void *arg, esp_event_base_t event_base, int32_t event_id, void *event_data) {
+    /**/
+}
--- a/main/include/app_mqtt.h
+++ b/main/include/app_mqtt.h
@ -0,0 +1,8 @@
+#ifndef APP_MQTT_H
+#define APP_MQTT_H
+
+#include "esp_system.h"
+
+esp_err_t app_mqtt_init(void);
+
+#endif
--- a/main/main.c
+++ b/main/main.c
@ -18,6 +18,7 @@

 /* Config */
 #include "app_wifi.h"
+#include "app_mqtt.h"
 #include "sdkconfig.h"

 #define APP_LOG_TAG "MAIN"
@ -46,5 +47,7 @@ void app_main(void) {
        /* ?? */
    }

+    ESP_ERROR_CHECK(app_mqtt_init());
+
    vTaskSuspend(NULL);
 }
--- a/sdkconfig.old
+++ b/sdkconfig.old