From 2684ed413d36cb40119832f3b928492490e1c3b3 Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Mon, 30 Dec 2019 08:37:57 +0100
Subject: [PATCH] add support for password protected client-key

---
 include/mqtt_client.h             |  2 ++
 include/mqtt_supported_features.h |  1 +
 mqtt_client.c                     | 16 ++++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/include/mqtt_client.h b/include/mqtt_client.h
index 074abad..923ceb0 100644
--- a/include/mqtt_client.h
+++ b/include/mqtt_client.h
@@ -168,6 +168,8 @@ typedef struct {
     bool          use_global_ca_store;      /*!< Use a global ca_store for all the connections in which this bool is set. */
     int reconnect_timeout_ms;               /*!< Reconnect to the broker after this value in miliseconds if auto reconnect is not disabled */
     const char **alpn_protos;               /*!< NULL-terminated list of supported application protocols to be used for ALPN */
+    const char *clientkey_password;         /*!< Client key decryption password string */
+    int clientkey_password_len;             /*!< String length of the password pointed to by clientkey_password */
 } esp_mqtt_client_config_t;
 
 /**
diff --git a/include/mqtt_supported_features.h b/include/mqtt_supported_features.h
index d82fd3d..c7a8a79 100644
--- a/include/mqtt_supported_features.h
+++ b/include/mqtt_supported_features.h
@@ -44,6 +44,7 @@
 #define MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION
 #define MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
 #define MQTT_SUPPORTED_FEATURE_ALPN
+#define MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD
 #endif
 #endif
 
diff --git a/mqtt_client.c b/mqtt_client.c
index 501d675..e13d77e 100644
--- a/mqtt_client.c
+++ b/mqtt_client.c
@@ -80,6 +80,8 @@ typedef struct {
     int reconnect_timeout_ms;
     char **alpn_protos;
     int num_alpn_protos;
+    char *clientkey_password;
+    int clientkey_password_len;
 } mqtt_config_storage_t;
 
 typedef enum {
@@ -277,6 +279,12 @@ esp_err_t esp_mqtt_set_config(esp_mqtt_client_handle_t client, const esp_mqtt_cl
         }
     }
 
+    if (config->clientkey_password && config->clientkey_password_len) {
+        cfg->clientkey_password_len = config->clientkey_password_len;
+        cfg->clientkey_password = malloc(cfg->clientkey_password_len);
+        memcpy(cfg->clientkey_password, config->clientkey_password, cfg->clientkey_password_len);
+    }
+
     MQTT_API_UNLOCK_FROM_OTHER_TASK(client);
     return ESP_OK;
 _mqtt_set_config_failed:
@@ -296,6 +304,7 @@ static esp_err_t esp_mqtt_destroy_config(esp_mqtt_client_handle_t client)
             free(cfg->alpn_protos[i]);
     }
     free(cfg->alpn_protos);
+    free(cfg->clientkey_password);
     free(client->connect_info.will_topic);
     free(client->connect_info.will_message);
     free(client->connect_info.client_id);
@@ -473,6 +482,13 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co
     }
     MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_cert_data, config->client_cert_pem, config->client_cert_len);
     MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_key_data, config->client_key_pem, config->client_key_len);
+#ifdef MQTT_SUPPORTED_FEATURE_CLIENT_KEY_PASSWORD
+    if (client->config->clientkey_password && client->config->clientkey_password_len) {
+        esp_transport_ssl_set_client_key_password(ssl,
+                                                  client->config->clientkey_password,
+                                                  client->config->clientkey_password_len);
+    }
+#endif
 
     if (config->psk_hint_key) {
 #ifdef MQTT_SUPPORTED_FEATURE_PSK_AUTHENTICATION