espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2025-06-25 17:31:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(console): Added component with mqtt command

Browse Source
This commit is contained in:
Abhik Roy
2024-01-31 23:22:45 +11:00
parent 849fe7b6cb
commit 1fcc5b1d56
19 changed files with 1004 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/console_cmd_mqtt__build.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: "console_cmd_mqtt: build-tests"
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened, labeled]
jobs:
build_console_cmd_mqtt:
if: contains(github.event.pull_request.labels.*.name, 'console') || github.event_name == 'push'
name: Build
strategy:
matrix:
idf_ver: ["latest", "release-v5.0", "release-v5.1", "release-v5.2", "release-v5.3"]
idf_target: ["esp32"]
test: [ { app: mqtt_ssl_auth_console, path: "components/console_cmd_mqtt/examples" }]
runs-on: ubuntu-22.04
container: espressif/idf:${{ matrix.idf_ver }}
steps:
- name: Checkout esp-protocols
uses: actions/checkout@v4
with:
submodules: recursive
- name: Build ${{ matrix.test.app }} with IDF-${{ matrix.idf_ver }} for ${{ matrix.idf_target }}
shell: bash
working-directory: ${{matrix.test.path}}
run: |
. ${IDF_PATH}/export.sh
pip install idf-component-manager idf-build-apps --upgrade
python ../../../ci/build_apps.py ./${{ matrix.test.app }} --target ${{ matrix.idf_target }} -vv --preserve-all --pytest-app

1
.github/workflows/publish-docs-component.yml vendored
View File

@ -98,6 +98,7 @@ jobs:
components/console_cmd_ping;
components/console_cmd_ifconfig;
components/console_cmd_wifi;
components/console_cmd_mqtt;
components/mbedtls_cxx;
components/mosquitto;
components/sock_utils;

8
components/console_cmd_mqtt/.cz.yaml Normal file
View File

@ -0,0 +1,8 @@
---
commitizen:
bump_message: 'bump(console): $current_version -> $new_version'
pre_bump_hooks: python ../../ci/changelog.py console_cmd_mqtt
tag_format: console_cmd_mqtt-v$version
version: 0.1.0
version_files:
- idf_component.yml

7
components/console_cmd_mqtt/CMakeLists.txt Normal file
View File

@ -0,0 +1,7 @@
idf_component_register(SRCS "console_mqtt.c"
INCLUDE_DIRS "."
PRIV_REQUIRES esp_netif console mqtt)
if(CONFIG_MQTT_CMD_AUTO_REGISTRATION)
target_link_libraries(${COMPONENT_LIB} PRIVATE "-u console_cmd_mqtt_register")
endif()

15
components/console_cmd_mqtt/Kconfig.projbuild Normal file
View File

@ -0,0 +1,15 @@
menu "MQTT Configuration"
config MQTT_CMD_AUTO_REGISTRATION
bool "Enable Console command mqtt Auto-registration"
default y
help
Enabling this allows for the autoregistration of the wifi command.
config MQTT_BROKER_URL
string "Broker URL or IP address"
default "mqtt://mqtt.eclipseprojects.io"
help
URL or IP address of the broker to connect to
endmenu

87
components/console_cmd_mqtt/README.md Normal file
View File

@ -0,0 +1,87 @@
# Console command mqtt
The component provides a console where mqtt commands can be executed.
## MQTT Configuration:
1. Broker: Use menuconfig **"MQTT Configuration"** to configure the broker url.
## API
### Steps to enable console in an example code:
1. Add this component to your project using ```idf.py add-dependency``` command.
2. In the main file of the example, add the following line:
```c
#include "console_mqtt.h"
```
3. Ensure esp-netif is initialized and default event loop is created in your app_main():
```c
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
```
4. In your app_main() function, add the following line as the last line:
```c
ESP_ERROR_CHECK(console_cmd_init()); // Initialize console
// Register all plugin command added to your project
ESP_ERROR_CHECK(console_cmd_all_register());
// To register only mqtt command skip calling console_cmd_all_register()
ESP_ERROR_CHECK(console_cmd_mqtt_register());
ESP_ERROR_CHECK(console_cmd_start()); // Start console
```
Note: Auto-registration of a specific plugin command can be disabled from menuconfig.
### Certificate Integration for Mutual Authentication
To enhance security and enable secure communication over MQTT, three functions have been added to the API, allowing users to set client certificates, client keys, and broker certificates separately.
Setting the client certificate:
```c
set_mqtt_client_cert(client_cert_pem_start, client_cert_pem_end);
```
Setting the client key:
```c
set_mqtt_client_key(client_key_pem_start, client_key_pem_end);
```
Setting the broker certificate:
```c
set_mqtt_broker_certs(broker_cert_pem_start, broker_cert_pem_end);
```
Each function takes pointers to the start and end of the respective PEM-encoded data, allowing users to specify the necessary certificate and key information independently. For a complete secure MQTT setup, users should call all three functions in their application code.
To utilize these certificates, users need to include additional arguments when establishing MQTT connections using the library. Specifically, users should provide the `--cert`, `--key`, and `--cafile` options along with the MQTT connection command.
### Adding a plugin command or component:
To add a plugin command or any component from IDF component manager into your project, simply include an entry within the `idf_component.yml` file.
For more details refer [IDF Component Manager](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html)
## Suported command:
### mqtt:
```
mqtt [-CsD] [-h <host>] [-u <username>] [-P <password>] [--cert] [--key] [--cafile]
mqtt command
-C, --connect Connect to a broker (flag, no argument)
-h, --host=<host> Specify the host uri to connect to
-s, --status Displays the status of the mqtt client (flag, no argument)
-u, --username=<username> Provide a username to be used for authenticating with the broker
-P, --password=<password> Provide a password to be used for authenticating with the broker
--cert Define the PEM encoded certificate for this client, if required by the broker (flag, no argument)
--key Define the PEM encoded private key for this client, if required by the broker (flag, no argument)
--cafile Define the PEM encoded CA certificates that are trusted (flag, no argument)
--use-internal-bundle Use the internal certificate bundle for TLS (flag, no argument)
-D, --disconnect Disconnect from the broker (flag, no argument)
mqtt_pub [-t <topic>] [-m <message>]
mqtt publish command
-t, --topic=<topic> Topic to Subscribe/Publish
-m, --message=<message> Message to Publish
mqtt_sub [-U] [-t <topic>]
mqtt subscribe command
-t, --topic=<topic> Topic to Subscribe/Publish
-U, --unsubscribe Unsubscribe from a topic
```

475
components/console_cmd_mqtt/console_mqtt.c Normal file
View File

@ -0,0 +1,475 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdio.h>
#include <string.h>
#include "sdkconfig.h"
#include "esp_console.h"
#include "esp_event.h"
#include "esp_log.h"
#include "argtable3/argtable3.h"
#include "console_mqtt.h"
#include "mqtt_client.h"
#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
#include "esp_crt_bundle.h"
#endif
static const char *TAG = "console_mqtt";
#define CONNECT_HELP_MSG "mqtt -C -h <host uri> -u <username> -P <password> --cert --key --cafile\n"
#define PUBLISH_HELP_MSG "Usage: mqtt -P -t <topic> -d <data>\n"
#define SUBSCRIBE_HELP_MSG "Usage: mqtt -S -t <topic>\n"
#define UNSUBSCRIBE_HELP_MSG "Usage: mqtt -U\n"
#define DISCONNECT_HELP_MSG "Usage: mqtt -D\n"
#if CONFIG_MQTT_CMD_AUTO_REGISTRATION
/**
* Static registration of this plugin is achieved by defining the plugin description
* structure and placing it into .console_cmd_desc section.
* The name of the section and its placement is determined by linker.lf file in 'plugins' component.
*/
static const console_cmd_plugin_desc_t __attribute__((section(".console_cmd_desc"), used)) PLUGIN = {
.name = "console_cmd_mqtt",
.plugin_regd_fn = &console_cmd_mqtt_register
};
#endif
static struct {
struct arg_lit *connect;
struct arg_str *uri;
struct arg_lit *status;
struct arg_str *username;
struct arg_str *password;
struct arg_lit *cert;
struct arg_lit *key;
struct arg_lit *cafile;
#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
struct arg_lit *use_internal_bundle;
#endif
struct arg_lit *disconnect;
struct arg_end *end;
} mqtt_args;
static struct {
struct arg_str *topic;
struct arg_lit *unsubscribe;
struct arg_end *end;
} mqtt_sub_args;
static struct {
struct arg_str *topic;
struct arg_str *message;
struct arg_end *end;
} mqtt_pub_args;
typedef enum {
MQTT_STATE_INIT = 0,
MQTT_STATE_DISCONNECTED,
MQTT_STATE_CONNECTED,
MQTT_STATE_ERROR,
MQTT_STATE_STOPPED,
} mqtt_client_state_t;
mqtt_client_state_t client_status = MQTT_STATE_INIT;
static esp_mqtt_client_handle_t client_handle = NULL;
static const uint8_t *s_own_cert_pem_start = NULL;
static const uint8_t *s_own_cert_pem_end = NULL;
static const uint8_t *s_own_key_pem_start = NULL;
static const uint8_t *s_own_key_pem_end = NULL;
static const uint8_t *s_ca_cert_pem_start = NULL;
static const uint8_t *s_ca_cert_pem_end = NULL;
static void log_error_if_nonzero(const char *message, int error_code)
{
if (error_code != 0) {
ESP_LOGE(TAG, "Last error %s: 0x%x", message, error_code);
}
}
/*
* @brief Event handler registered to receive MQTT events
*
* This function is called by the MQTT client event loop.
*
* @param handler_args user data registered to the event.
* @param base Event base for the handler(always MQTT Base in this example).
* @param event_id The id for the received event.
* @param event_data The data for the event, esp_mqtt_event_handle_t.
*/
static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_t event_id, void *event_data)
{
ESP_LOGD(TAG, "Event dispatched from event loop base=%s, event_id=%" PRIi32, base, event_id);
esp_mqtt_event_handle_t event = event_data;
switch ((esp_mqtt_event_id_t)event_id) {
case MQTT_EVENT_BEFORE_CONNECT:
ESP_LOGI(TAG, "MQTT_EVENT_BEFORE_CONNECT");
break;
case MQTT_EVENT_CONNECTED:
client_status = MQTT_STATE_CONNECTED;
ESP_LOGI(TAG, "MQTT_EVENT_CONNECTED");
break;
case MQTT_EVENT_DISCONNECTED:
client_status = MQTT_STATE_DISCONNECTED;
ESP_LOGI(TAG, "MQTT_EVENT_DISCONNECTED");
break;
case MQTT_EVENT_SUBSCRIBED:
ESP_LOGI(TAG, "MQTT_EVENT_SUBSCRIBED, msg_id=%d", event->msg_id);
break;
case MQTT_EVENT_UNSUBSCRIBED:
ESP_LOGI(TAG, "MQTT_EVENT_UNSUBSCRIBED, msg_id=%d", event->msg_id);
break;
case MQTT_EVENT_PUBLISHED:
ESP_LOGI(TAG, "MQTT_EVENT_PUBLISHED, msg_id=%d", event->msg_id);
break;
case MQTT_EVENT_DATA:
ESP_LOGI(TAG, "MQTT_EVENT_DATA");
ESP_LOGI(TAG, "TOPIC=%.*s\r\n", event->topic_len, event->topic);
ESP_LOGI(TAG, "DATA=%.*s\r\n", event->data_len, event->data);
break;
case MQTT_EVENT_ERROR:
client_status = MQTT_STATE_ERROR;
ESP_LOGI(TAG, "MQTT_EVENT_ERROR");
if (event->error_handle->error_type == MQTT_ERROR_TYPE_TCP_TRANSPORT) {
log_error_if_nonzero("reported from esp-tls", event->error_handle->esp_tls_last_esp_err);
log_error_if_nonzero("reported from tls stack", event->error_handle->esp_tls_stack_err);
log_error_if_nonzero("captured as transport's socket errno", event->error_handle->esp_transport_sock_errno);
ESP_LOGI(TAG, "Last errno string (%s)", strerror(event->error_handle->esp_transport_sock_errno));
}
break;
default:
ESP_LOGI(TAG, "Other event id:%d", event->event_id);
break;
}
}
static const char *mqtt_state_to_string(mqtt_client_state_t state)
{
switch (state) {
case MQTT_STATE_INIT:
return "Initializing";
case MQTT_STATE_DISCONNECTED:
return "Disconnected";
case MQTT_STATE_CONNECTED:
return "Connected";
case MQTT_STATE_ERROR:
return "Error";
case MQTT_STATE_STOPPED:
return "Disconnected and Stopped";
default:
return "Unknown State";
}
}
static int do_mqtt_cmd(int argc, char **argv)
{
int nerrors = arg_parse(argc, argv, (void **)&mqtt_args);
if (nerrors != 0) {
arg_print_errors(stderr, mqtt_args.end, argv[0]);
return 1;
}
if (mqtt_args.status->count > 0) {
ESP_LOGI(TAG, "MQTT Client Status: %s\n", mqtt_state_to_string(client_status));
return 0;
}
if (mqtt_args.connect->count > 0) {
if (client_handle != NULL) {
ESP_LOGW(TAG, "mqtt client already connected");
ESP_LOGI(TAG, "Try: %s", DISCONNECT_HELP_MSG);
return 0;
}
char *uri = CONFIG_MQTT_BROKER_URL;
if (mqtt_args.uri->count > 0) {
uri = (char *)mqtt_args.uri->sval[0];
}
esp_mqtt_client_config_t mqtt_cfg = {
.broker.address.uri = uri,
};
if ((mqtt_args.username->count > 0) && (mqtt_args.password->count > 0)) {
mqtt_cfg.credentials.username = mqtt_args.username->sval[0];
mqtt_cfg.credentials.authentication.password = mqtt_args.password->sval[0];
}
ESP_LOGI(TAG, "broker: %s", mqtt_cfg.broker.address.uri);
#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
/* Ensure --use_internal_bundle and --cafile are mutually exclusive */
if ((mqtt_args.use_internal_bundle->count > 0) && (mqtt_args.cafile->count > 0)) {
ESP_LOGE(TAG, "Error: Options can't be used together. Use either --use-internal-bundle or --cafile. \n");
return 1;
}
if (mqtt_args.use_internal_bundle->count > 0) {
mqtt_cfg.broker.verification.crt_bundle_attach = esp_crt_bundle_attach;
}
#endif
if (mqtt_args.cafile->count > 0) {
if (s_ca_cert_pem_start && s_ca_cert_pem_end) {
mqtt_cfg.broker.verification.certificate = (const char *)s_ca_cert_pem_start;
} else {
ESP_LOGW(TAG, "cafile not provided");
}
}
if (mqtt_args.cert->count > 0) {
if (s_own_cert_pem_start && s_own_cert_pem_end) {
mqtt_cfg.credentials.authentication.certificate = (const char *)s_own_cert_pem_start;
} else {
ESP_LOGW(TAG, "cert not provided");
}
if (mqtt_args.key->count > 0) {
if (s_own_key_pem_start && s_own_key_pem_end) {
mqtt_cfg.credentials.authentication.key = (const char *)s_own_key_pem_start;
} else {
ESP_LOGW(TAG, "key not provided");
}
} else {
mqtt_cfg.credentials.authentication.key = NULL;
}
}
client_handle = esp_mqtt_client_init(&mqtt_cfg);
if (client_handle == NULL) {
ESP_LOGE(TAG, "ERROR: Client init");
ESP_LOGI(TAG, "Try: %s", DISCONNECT_HELP_MSG);
ESP_LOGE(TAG, CONNECT_HELP_MSG);
return 1;
}
/* The last argument may be used to pass data to the event handler, in this example mqtt_event_handler */
esp_mqtt_client_register_event(client_handle, ESP_EVENT_ANY_ID, mqtt_event_handler, NULL);
esp_mqtt_client_start(client_handle);
} else if (mqtt_args.disconnect->count > 0) {
ESP_LOGD(TAG, "Disconnect command received:");
if (client_handle == NULL) {
ESP_LOGE(TAG, "mqtt client not connected");
return 0;
}
if (esp_mqtt_client_stop(client_handle) != ESP_OK) {
ESP_LOGE(TAG, "Failed to stop mqtt client task");
return 1;
}
client_handle = NULL;
client_status = MQTT_STATE_STOPPED;
ESP_LOGI(TAG, "mqtt client disconnected and stopped");
}
return 0;
}
esp_err_t set_mqtt_client_cert(const uint8_t *client_cert_pem_start_i, const uint8_t *client_cert_pem_end_i)
{
if (!client_cert_pem_start_i || !client_cert_pem_end_i ||
(client_cert_pem_start_i > client_cert_pem_end_i)) {
ESP_LOGE(TAG, "Invalid mqtt Client certs(%d)\n", __LINE__);
return ESP_ERR_INVALID_ARG;
}
s_own_cert_pem_start = client_cert_pem_start_i;
s_own_cert_pem_end = client_cert_pem_end_i;
return ESP_OK;
}
esp_err_t set_mqtt_client_key(const uint8_t *client_key_pem_start_i, const uint8_t *client_key_pem_end_i)
{
if (client_key_pem_start_i && client_key_pem_end_i &&
(client_key_pem_start_i >= client_key_pem_end_i)) {
ESP_LOGE(TAG, "Invalid mqtt Client key(%d)\n", __LINE__);
return ESP_ERR_INVALID_ARG;
}
s_own_key_pem_start = client_key_pem_start_i;
s_own_key_pem_end = client_key_pem_end_i;
return ESP_OK;
}
esp_err_t set_mqtt_broker_certs(const uint8_t *ca_cert_pem_start_i, const uint8_t *ca_cert_pem_end_i)
{
if (!ca_cert_pem_start_i || !ca_cert_pem_end_i ||
(ca_cert_pem_start_i > ca_cert_pem_end_i)) {
ESP_LOGE(TAG, "Invalid mqtt ca cert(%d)\n", __LINE__);
return ESP_ERR_INVALID_ARG;
}
s_ca_cert_pem_start = ca_cert_pem_start_i;
s_ca_cert_pem_end = ca_cert_pem_end_i;
return ESP_OK;
}
static int do_mqtt_sub_cmd(int argc, char **argv)
{
int msg_id;
int nerrors = arg_parse(argc, argv, (void **)&mqtt_sub_args);
if (nerrors != 0) {
arg_print_errors(stderr, mqtt_sub_args.end, argv[0]);
return 1;
}
if (client_handle == NULL) {
ESP_LOGE(TAG, "mqtt client not connected");
return 0;
}
if (mqtt_sub_args.unsubscribe->count > 0) {
if (mqtt_sub_args.topic->count <= 0) {
ESP_LOGE(TAG, UNSUBSCRIBE_HELP_MSG);
return 0;
}
char *topic = (char *)mqtt_sub_args.topic->sval[0];
msg_id = esp_mqtt_client_unsubscribe(client_handle, mqtt_sub_args.topic->sval[0]);
ESP_LOGI(TAG, "Unsubscribe successful, msg_id=%d, topic=%s", msg_id, topic);
} else {
if (mqtt_sub_args.topic->count <= 0) {
ESP_LOGE(TAG, SUBSCRIBE_HELP_MSG);
return 0;
}
char *topic = (char *)mqtt_sub_args.topic->sval[0];
msg_id = esp_mqtt_client_subscribe(client_handle, topic, 0);
ESP_LOGI(TAG, "Subscribe successful, msg_id=%d, topic=%s", msg_id, topic);
}
return 0;
}
static int do_mqtt_pub_cmd(int argc, char **argv)
{
int msg_id;
int nerrors = arg_parse(argc, argv, (void **)&mqtt_pub_args);
if (nerrors != 0) {
arg_print_errors(stderr, mqtt_pub_args.end, argv[0]);
return 1;
}
if (client_handle == NULL) {
ESP_LOGE(TAG, "mqtt client not connected");
return 0;
}
if ((mqtt_pub_args.topic->count <= 0) || (mqtt_pub_args.message->count <= 0)) {
ESP_LOGE(TAG, PUBLISH_HELP_MSG);
}
msg_id = esp_mqtt_client_publish(client_handle,
mqtt_pub_args.topic->sval[0],
mqtt_pub_args.message->sval[0],
0, 1, 0);
if (msg_id == -1) {
ESP_LOGE(TAG, "mqtt client not connected");
return 0;
}
ESP_LOGI(TAG, "Publish successful, msg_id=%d, topic=%s, data=%s",
msg_id, mqtt_pub_args.topic->sval[0], mqtt_pub_args.message->sval[0]);
return 0;
}
/**
* @brief Registers the mqtt commands.
*
* @return
* - esp_err_t
*/
esp_err_t console_cmd_mqtt_register(void)
{
esp_err_t ret = ESP_OK;
/* Register mqtt */
mqtt_args.connect = arg_lit0("C", "connect", "Connect to a broker (flag, no argument)");
mqtt_args.uri = arg_str0("h", "host", "<host>", "Specify the host uri to connect to");
mqtt_args.status = arg_lit0("s", "status", "Displays the status of the mqtt client (flag, no argument)");
mqtt_args.username = arg_str0("u", "username", "<username>", "Provide a username to be used for authenticating with the broker");
mqtt_args.password = arg_str0("P", "password", "<password>", "Provide a password to be used for authenticating with the broker");
mqtt_args.cert = arg_lit0(NULL, "cert", "Define the PEM encoded certificate for this client, if required by the broker (flag, no argument)");
mqtt_args.key = arg_lit0(NULL, "key", "Define the PEM encoded private key for this client, if required by the broker (flag, no argument)");
mqtt_args.cafile = arg_lit0(NULL, "cafile", "Define the PEM encoded CA certificates that are trusted (flag, no argument)");
#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
mqtt_args.use_internal_bundle = arg_lit0(NULL, "use-internal-bundle", "Use the internal certificate bundle for TLS (flag, no argument)");
#endif
mqtt_args.disconnect = arg_lit0("D", "disconnect", "Disconnect from the broker (flag, no argument)");
mqtt_args.end = arg_end(1);
const esp_console_cmd_t mqtt_cmd = {
.command = "mqtt",
.help = "mqtt command",
.hint = NULL,
.func = &do_mqtt_cmd,
.argtable = &mqtt_args
};
ret = esp_console_cmd_register(&mqtt_cmd);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Unable to register mqtt");
return ret;
}
/* Register mqtt_pub */
mqtt_pub_args.topic = arg_str0("t", "topic", "<topic>", "Topic to Subscribe/Publish");
mqtt_pub_args.message = arg_str0("m", "message", "<message>", "Message to Publish");
mqtt_pub_args.end = arg_end(1);
const esp_console_cmd_t mqtt_pub_cmd = {
.command = "mqtt_pub",
.help = "mqtt publish command",
.hint = NULL,
.func = &do_mqtt_pub_cmd,
.argtable = &mqtt_pub_args
};
ret = esp_console_cmd_register(&mqtt_pub_cmd);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Unable to register mqtt_pub");
return ret;
}
/* Register mqtt_sub */
mqtt_sub_args.topic = arg_str0("t", "topic", "<topic>", "Topic to Subscribe/Publish");
mqtt_sub_args.unsubscribe = arg_lit0("U", "unsubscribe", "Unsubscribe from a topic");
mqtt_sub_args.end = arg_end(1);
const esp_console_cmd_t mqtt_sub_cmd = {
.command = "mqtt_sub",
.help = "mqtt subscribe command",
.hint = NULL,
.func = &do_mqtt_sub_cmd,
.argtable = &mqtt_sub_args
};
ret = esp_console_cmd_register(&mqtt_sub_cmd);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Unable to register mqtt_sub");
}
return ret;
}

73
components/console_cmd_mqtt/console_mqtt.h Normal file
View File

@ -0,0 +1,73 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "console_simple_init.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Registers the mqtt command.
*
* @return
* - esp_err_t
*/
esp_err_t console_cmd_mqtt_register(void);
/**
* @brief Set MQTT client certificate
*
* This function sets the MQTT client certificate for secure communication.
* The function takes the PEM(Privacy Enhanced Mail) encoded certificate arguments.
*
* @param client_cert_pem_start_i Pointer to the beginning of the client certificate PEM data.
* @param client_cert_pem_end_i Pointer to the end of the client certificate PEM data.
*
* @return
* ESP_OK on success
* ESP_ERR_INVALID_ARG on invalid arguments
*/
esp_err_t set_mqtt_client_cert(const uint8_t *client_cert_pem_start_i, const uint8_t *client_cert_pem_end_i);
/**
* @brief Set MQTT client key
*
* This function sets the MQTT client key for secure communication.
* The function takes the PEM(Privacy Enhanced Mail) encoded key arguments.
*
* @param client_key_pem_start_i Pointer to the beginning of the client key PEM data.
* @param client_key_pem_end_i Pointer to the end of the client key PEM data.
*
* @return
* ESP_OK on success
* ESP_ERR_INVALID_ARG on invalid arguments
*/
esp_err_t set_mqtt_client_key(const uint8_t *client_key_pem_start_i, const uint8_t *client_key_pem_end_i);
/**
* @brief Set MQTT broker certificate
*
* This function sets the MQTT broker certificate for secure communication.
* The function takes the PEM(Privacy Enhanced Mail) encoded broker certificate arguments.
*
* @param broker_cert_pem_start_i Pointer to the beginning of the broker certificate PEM data.
* @param broker_cert_pem_end_i Pointer to the end of the broker certificate PEM data.
*
* @return
* ESP_OK on success
* ESP_ERR_INVALID_ARG on invalid arguments
*/
esp_err_t set_mqtt_broker_certs(const uint8_t *broker_cert_pem_start_i, const uint8_t *broker_cert_pem_end_i);
#ifdef __cplusplus
}
#endif

11
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/CMakeLists.txt Normal file
View File

@ -0,0 +1,11 @@
# The following five lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.16)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(mqtt_ssl_auth_console)
# Certs for mqtts://test.mosquitto.org:8884
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/client.crt" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/client.key" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/mosquitto.org.pem" TEXT)

174
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/README.md Normal file
View File

@ -0,0 +1,174 @@
| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
# ESP-MQTT SSL Authentication Console
This example demonstrates the use of the MQTT command-line component to connect to both secured and unsecured MQTT brokers. It provides multiple modes of connection, including:
* Unsecured transport: Connect to a broker without encryption.
* SSL/TLS transport: Securely connect using SSL/TLS with options for:
* Validating the broker using a provided CA certificate.
* Validating the broker using the internal certificate bundle.
* Performing SSL mutual authentication using client and broker certificates.
Additionally, the example allows subscribing to topics, unsubscribing from topics, and publishing messages to a specified topic through commands. Connections to the broker at test.mosquitto.org are used to demonstrate these features.
(Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org)
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
## How to use example
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
* Open the project configuration menu (`idf.py menuconfig`)
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
* Generate your client keys and certificate (specific to testing with Mosquitto broker)
Note: The following steps are for testing with the Mosquitto broker. If you're using a different broker, you may need to adapt the steps to meet your broker's certificate and key requirements.
#### Steps for SSL Mutual authentication:
Navigate to the certs directory
```
cd certs
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
Please note, that the supplied files `client.crt` and `client.key` in the `main` directory are only placeholders for your client certificate and key (i.e. the example "as is" would compile but would not connect to the broker)
The broker certificate `mosquitto.org.pem` can be downloaded in pem format from [mosquitto.org.crt](https://test.mosquitto.org/ssl/mosquitto.org.crt). Convert it to `mosquitto.org.pem` simply by renaming it.
Note: If your certificate and key file names differ, update the root `CMakeLists.txt` file and main/`mqtt_ssl_auth_console.c` accordingly.
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
idf.py -p PORT flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
Warning: This example might need a bigger app partition size if you're compiling it for debug. To ensere this issue doesn't happen "optimize for size is enabled in menuconfig.
### Command Usage:
```
esp> help
help [<string>]
Print the summary of all registered commands if no arguments are given,
otherwise print summary of given command.
<string> Name of command
mqtt [-CsD] [-h <host>] [-u <username>] [-P <password>] [--cert] [--key] [--cafile]
mqtt command
-C, --connect Connect to a broker (flag, no argument)
-h, --host=<host> Specify the host uri to connect to
-s, --status Displays the status of the mqtt client (flag, no argument)
-u, --username=<username> Provide a username to be used for authenticating with the broker
-P, --password=<password> Provide a password to be used for authenticating with the broker
--cert Define the PEM encoded certificate for this client, if required by the broker (flag, no argument)
--key Define the PEM encoded private key for this client, if required by the broker (flag, no argument)
--cafile Define the PEM encoded CA certificates that are trusted (flag, no argument)
--use-internal-bundle Use the internal certificate bundle for TLS (flag, no argument)
-D, --disconnect Disconnect from the broker (flag, no argument)
mqtt_pub [-t <topic>] [-m <message>]
mqtt publish command
-t, --topic=<topic> Topic to Subscribe/Publish
-m, --message=<message> Message to Publish
mqtt_sub [-U] [-t <topic>]
mqtt subscribe command
-t, --topic=<topic> Topic to Subscribe/Publish
-U, --unsubscribe Unsubscribe from a topic
```
### Connection:
#### Connect without Validating the Broker:
This option connects to the broker without validating its certificate. It is not secure.
```
mqtt -h mqtts://test.mosquitto.org -C
```
or
```
mqtt -h mqtts://mqtt.eclipseprojects.io -C
```
#### Validate the Broker using the Internal Certificate Bundle:
This option uses the ESP-IDF's built-in certificate bundle to verify the broker's identity.
```
mqtt -h mqtts://mqtt.eclipseprojects.io -C --use-internal-bundle
```
or
```
mqtt -h mqtts://test.mosquitto.org -C --use-internal-bundle
```
#### Validate the Broker using a Provided CA Certificate:
This option requires you to provide the broker's CA certificate for validation.
```
mqtt -h mqtts://test.mosquitto.org -C --cafile
```
#### SSL Mutual Authentication(encrypted, client certificate required):
This option performs client authentication in addition to broker validation. It requires the client certificate, private key, and broker CA certificate.
```
mqtt -h mqtts://test.mosquitto.org:8884 -C --cert --key --cafile
```
or
```
mqtt -h mqtts://test.mosquitto.org:8884 -C --cert --key --use-internal-bundle
```
Note: In this example, the broker's certificate is included in the certificate bundle (refer to sdkconfig.default).
### Disconnect:
```
esp> mqtt -D
I (1189949) console_mqtt: mqtt client disconnected
```
### Subscribe/Unsubscribe:
```
esp> mqtt_sub -t test0
I (897289) console_mqtt: Subscribe successful, msg_id=57425, topic=test0
esp> I (897799) console_mqtt: MQTT_EVENT_SUBSCRIBED, msg_id=57425
esp>
esp> mqtt_sub -U -t test0
I (902009) console_mqtt: Unsubscribe successful, msg_id=27663, topic=test0
esp> I (902509) console_mqtt: MQTT_EVENT_UNSUBSCRIBED, msg_id=27663
```
### Publish:
```
esp> mqtt_pub -t test0 -m "Hello, Testing 123"
I (999469) console_mqtt: Publish successful, msg_id=55776, topic=test0, data=Hello, Testing 123
I (1000009) console_mqtt: MQTT_EVENT_PUBLISHED, msg_id=55776
esp>
```
### Receiving data event:
```
esp> I (999999) console_mqtt: MQTT_EVENT_DATA
I (999999) console_mqtt: TOPIC=test0
I (999999) console_mqtt: DATA=Hello, Testing 123
```

0
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/client.crt Normal file
View File

0
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/client.key Normal file
View File

24
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/mosquitto.org.pem Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG
A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU
BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv
by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE
BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES
MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp
dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg
UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW
Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA
s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH
3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo
E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT
MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV
6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC
6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf
+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK
sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839
LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE
m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=
-----END CERTIFICATE-----

2
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/CMakeLists.txt Normal file
View File

@ -0,0 +1,2 @@
idf_component_register(SRCS "mqtt_ssl_auth_console.c"
INCLUDE_DIRS ".")

8
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/idf_component.yml Normal file
View File

@ -0,0 +1,8 @@
dependencies:
idf:
version: ">=5.0"
protocol_examples_common:
path: ${IDF_PATH}/examples/common_components/protocol_examples_common
console_cmd_mqtt:
version: "*"
override_path: '../../../'

51
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/mqtt_ssl_auth_console.c Normal file
View File

@ -0,0 +1,51 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
#include <stdio.h>
#include "nvs_flash.h"
#include "esp_netif.h"
#include "esp_event.h"
#include <netdb.h>
#include "console_mqtt.h"
#include "protocol_examples_common.h"
// Certs for mqtts://test.mosquitto.org:8884
extern const uint8_t g_client_cert_pem_start[] asm("_binary_client_crt_start");
extern const uint8_t g_client_cert_pem_end[] asm("_binary_client_crt_end");
extern const uint8_t g_client_key_pem_start[] asm("_binary_client_key_start");
extern const uint8_t g_client_key_pem_end[] asm("_binary_client_key_end");
extern const uint8_t g_broker_cert_pem_start[] asm("_binary_mosquitto_org_pem_start");
extern const uint8_t g_broker_cert_pem_end[] asm("_binary_mosquitto_org_pem_end");
void app_main(void)
{
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
esp_err_t ret = nvs_flash_init(); //Initialize NVS
if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
ESP_ERROR_CHECK(nvs_flash_erase());
ret = nvs_flash_init();
}
ESP_ERROR_CHECK(ret);
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* ${IDF_PATH}/examples/protocols/README.md for more information about this function.
*/
ESP_ERROR_CHECK(example_connect());
// Initialize console REPL
ESP_ERROR_CHECK(console_cmd_init());
ESP_ERROR_CHECK(console_cmd_all_register());
set_mqtt_client_cert(g_client_cert_pem_start, g_client_cert_pem_end);
set_mqtt_client_key(g_client_key_pem_start, g_client_key_pem_end);
set_mqtt_broker_certs(g_broker_cert_pem_start, g_broker_cert_pem_end);
// start console REPL
ESP_ERROR_CHECK(console_cmd_start());
}

19
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/pytest_mqtt_ssl_auth_console.py Normal file
View File

@ -0,0 +1,19 @@
# SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0
# -*- coding: utf-8 -*-
import pytest
@pytest.mark.esp32
def test_examples_ifconfig_command(dut):
dut.expect('esp>', timeout=30)
dut.write('help mqtt')
dut.expect(r'mqtt \[-CsD\] \[-h <host>\] \[-u <username>\] \[-P <password>\] \[--cert\] \[--key\] \[--cafile\]', timeout=30)
dut.write('help mqtt_pub')
dut.expect(r'mqtt_pub \[-t <topic>\] \[-m <message>\]', timeout=30)
dut.write('help mqtt_sub')
dut.expect(r'mqtt_sub \[-U\] \[-t <topic>\]', timeout=30)

6
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/sdkconfig.defaults Normal file
View File

@ -0,0 +1,6 @@
# This file was generated using idf.py save-defconfig. It can be edited manually.
# Espressif IoT Development Framework (ESP-IDF) 5.5.0 Project Minimal Configuration
#
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="certs/mosquitto.org.pem"

11
components/console_cmd_mqtt/idf_component.yml Normal file
View File

@ -0,0 +1,11 @@
version: 0.1.0
url: https://github.com/espressif/esp-protocols/tree/master/components/console_cmd_mqtt
description: The component provides a console where the 'mqtt' command can be executed.
license: Apache-2.0
dependencies:
idf:
version: '>=5.0'
espressif/console_simple_init:
version: '>=1.1.0'
override_path: '../console_simple_init'
public: true