espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2025-07-29 10:17:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(console): Added component with mqtt command

Browse Source
This commit is contained in:
Abhik Roy
2024-01-31 23:22:45 +11:00
parent 849fe7b6cb
commit 1fcc5b1d56
19 changed files with 1004 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/CMakeLists.txt Normal file
View File

@ -0,0 +1,11 @@
# The following five lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.16)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(mqtt_ssl_auth_console)
# Certs for mqtts://test.mosquitto.org:8884
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/client.crt" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/client.key" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "certs/mosquitto.org.pem" TEXT)

174
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/README.md Normal file
View File

@ -0,0 +1,174 @@
| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
# ESP-MQTT SSL Authentication Console
This example demonstrates the use of the MQTT command-line component to connect to both secured and unsecured MQTT brokers. It provides multiple modes of connection, including:
* Unsecured transport: Connect to a broker without encryption.
* SSL/TLS transport: Securely connect using SSL/TLS with options for:
* Validating the broker using a provided CA certificate.
* Validating the broker using the internal certificate bundle.
* Performing SSL mutual authentication using client and broker certificates.
Additionally, the example allows subscribing to topics, unsubscribing from topics, and publishing messages to a specified topic through commands. Connections to the broker at test.mosquitto.org are used to demonstrate these features.
(Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org)
It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
## How to use example
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
* Open the project configuration menu (`idf.py menuconfig`)
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
* Generate your client keys and certificate (specific to testing with Mosquitto broker)
Note: The following steps are for testing with the Mosquitto broker. If you're using a different broker, you may need to adapt the steps to meet your broker's certificate and key requirements.
#### Steps for SSL Mutual authentication:
Navigate to the certs directory
```
cd certs
```
Generate a client key and a CSR. When you are generating the CSR, do not use the default values. At a minimum, the CSR must include the Country, Organisation and Common Name fields.
```
openssl genrsa -out client.key
openssl req -out client.csr -key client.key -new
```
Paste the generated CSR in the [Mosquitto test certificate signer](https://test.mosquitto.org/ssl/index.php), click Submit and copy the downloaded `client.crt` in the `main` directory.
Please note, that the supplied files `client.crt` and `client.key` in the `main` directory are only placeholders for your client certificate and key (i.e. the example "as is" would compile but would not connect to the broker)
The broker certificate `mosquitto.org.pem` can be downloaded in pem format from [mosquitto.org.crt](https://test.mosquitto.org/ssl/mosquitto.org.crt). Convert it to `mosquitto.org.pem` simply by renaming it.
Note: If your certificate and key file names differ, update the root `CMakeLists.txt` file and main/`mqtt_ssl_auth_console.c` accordingly.
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
idf.py -p PORT flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
Warning: This example might need a bigger app partition size if you're compiling it for debug. To ensere this issue doesn't happen "optimize for size is enabled in menuconfig.
### Command Usage:
```
esp> help
help [<string>]
Print the summary of all registered commands if no arguments are given,
otherwise print summary of given command.
<string> Name of command
mqtt [-CsD] [-h <host>] [-u <username>] [-P <password>] [--cert] [--key] [--cafile]
mqtt command
-C, --connect Connect to a broker (flag, no argument)
-h, --host=<host> Specify the host uri to connect to
-s, --status Displays the status of the mqtt client (flag, no argument)
-u, --username=<username> Provide a username to be used for authenticating with the broker
-P, --password=<password> Provide a password to be used for authenticating with the broker
--cert Define the PEM encoded certificate for this client, if required by the broker (flag, no argument)
--key Define the PEM encoded private key for this client, if required by the broker (flag, no argument)
--cafile Define the PEM encoded CA certificates that are trusted (flag, no argument)
--use-internal-bundle Use the internal certificate bundle for TLS (flag, no argument)
-D, --disconnect Disconnect from the broker (flag, no argument)
mqtt_pub [-t <topic>] [-m <message>]
mqtt publish command
-t, --topic=<topic> Topic to Subscribe/Publish
-m, --message=<message> Message to Publish
mqtt_sub [-U] [-t <topic>]
mqtt subscribe command
-t, --topic=<topic> Topic to Subscribe/Publish
-U, --unsubscribe Unsubscribe from a topic
```
### Connection:
#### Connect without Validating the Broker:
This option connects to the broker without validating its certificate. It is not secure.
```
mqtt -h mqtts://test.mosquitto.org -C
```
or
```
mqtt -h mqtts://mqtt.eclipseprojects.io -C
```
#### Validate the Broker using the Internal Certificate Bundle:
This option uses the ESP-IDF's built-in certificate bundle to verify the broker's identity.
```
mqtt -h mqtts://mqtt.eclipseprojects.io -C --use-internal-bundle
```
or
```
mqtt -h mqtts://test.mosquitto.org -C --use-internal-bundle
```
#### Validate the Broker using a Provided CA Certificate:
This option requires you to provide the broker's CA certificate for validation.
```
mqtt -h mqtts://test.mosquitto.org -C --cafile
```
#### SSL Mutual Authentication(encrypted, client certificate required):
This option performs client authentication in addition to broker validation. It requires the client certificate, private key, and broker CA certificate.
```
mqtt -h mqtts://test.mosquitto.org:8884 -C --cert --key --cafile
```
or
```
mqtt -h mqtts://test.mosquitto.org:8884 -C --cert --key --use-internal-bundle
```
Note: In this example, the broker's certificate is included in the certificate bundle (refer to sdkconfig.default).
### Disconnect:
```
esp> mqtt -D
I (1189949) console_mqtt: mqtt client disconnected
```
### Subscribe/Unsubscribe:
```
esp> mqtt_sub -t test0
I (897289) console_mqtt: Subscribe successful, msg_id=57425, topic=test0
esp> I (897799) console_mqtt: MQTT_EVENT_SUBSCRIBED, msg_id=57425
esp>
esp> mqtt_sub -U -t test0
I (902009) console_mqtt: Unsubscribe successful, msg_id=27663, topic=test0
esp> I (902509) console_mqtt: MQTT_EVENT_UNSUBSCRIBED, msg_id=27663
```
### Publish:
```
esp> mqtt_pub -t test0 -m "Hello, Testing 123"
I (999469) console_mqtt: Publish successful, msg_id=55776, topic=test0, data=Hello, Testing 123
I (1000009) console_mqtt: MQTT_EVENT_PUBLISHED, msg_id=55776
esp>
```
### Receiving data event:
```
esp> I (999999) console_mqtt: MQTT_EVENT_DATA
I (999999) console_mqtt: TOPIC=test0
I (999999) console_mqtt: DATA=Hello, Testing 123
```

0
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/client.crt Normal file
View File

0
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/client.key Normal file
View File

24
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/certs/mosquitto.org.pem Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG
A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU
BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv
by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE
BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES
MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp
dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg
UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW
Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA
s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH
3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo
E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT
MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV
6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC
6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf
+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK
sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839
LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE
m/XriWr/Cq4h/JfB7NTsezVslgkBaoU=
-----END CERTIFICATE-----

2
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/CMakeLists.txt Normal file
View File

@ -0,0 +1,2 @@
idf_component_register(SRCS "mqtt_ssl_auth_console.c"
INCLUDE_DIRS ".")

8
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/idf_component.yml Normal file
View File

@ -0,0 +1,8 @@
dependencies:
idf:
version: ">=5.0"
protocol_examples_common:
path: ${IDF_PATH}/examples/common_components/protocol_examples_common
console_cmd_mqtt:
version: "*"
override_path: '../../../'

51
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/main/mqtt_ssl_auth_console.c Normal file
View File

@ -0,0 +1,51 @@
/*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
#include <stdio.h>
#include "nvs_flash.h"
#include "esp_netif.h"
#include "esp_event.h"
#include <netdb.h>
#include "console_mqtt.h"
#include "protocol_examples_common.h"
// Certs for mqtts://test.mosquitto.org:8884
extern const uint8_t g_client_cert_pem_start[] asm("_binary_client_crt_start");
extern const uint8_t g_client_cert_pem_end[] asm("_binary_client_crt_end");
extern const uint8_t g_client_key_pem_start[] asm("_binary_client_key_start");
extern const uint8_t g_client_key_pem_end[] asm("_binary_client_key_end");
extern const uint8_t g_broker_cert_pem_start[] asm("_binary_mosquitto_org_pem_start");
extern const uint8_t g_broker_cert_pem_end[] asm("_binary_mosquitto_org_pem_end");
void app_main(void)
{
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
esp_err_t ret = nvs_flash_init(); //Initialize NVS
if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
ESP_ERROR_CHECK(nvs_flash_erase());
ret = nvs_flash_init();
}
ESP_ERROR_CHECK(ret);
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* ${IDF_PATH}/examples/protocols/README.md for more information about this function.
*/
ESP_ERROR_CHECK(example_connect());
// Initialize console REPL
ESP_ERROR_CHECK(console_cmd_init());
ESP_ERROR_CHECK(console_cmd_all_register());
set_mqtt_client_cert(g_client_cert_pem_start, g_client_cert_pem_end);
set_mqtt_client_key(g_client_key_pem_start, g_client_key_pem_end);
set_mqtt_broker_certs(g_broker_cert_pem_start, g_broker_cert_pem_end);
// start console REPL
ESP_ERROR_CHECK(console_cmd_start());
}

19
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/pytest_mqtt_ssl_auth_console.py Normal file
View File

@ -0,0 +1,19 @@
# SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0
# -*- coding: utf-8 -*-
import pytest
@pytest.mark.esp32
def test_examples_ifconfig_command(dut):
dut.expect('esp>', timeout=30)
dut.write('help mqtt')
dut.expect(r'mqtt \[-CsD\] \[-h <host>\] \[-u <username>\] \[-P <password>\] \[--cert\] \[--key\] \[--cafile\]', timeout=30)
dut.write('help mqtt_pub')
dut.expect(r'mqtt_pub \[-t <topic>\] \[-m <message>\]', timeout=30)
dut.write('help mqtt_sub')
dut.expect(r'mqtt_sub \[-U\] \[-t <topic>\]', timeout=30)

6
components/console_cmd_mqtt/examples/mqtt_ssl_auth_console/sdkconfig.defaults Normal file
View File

@ -0,0 +1,6 @@
# This file was generated using idf.py save-defconfig. It can be edited manually.
# Espressif IoT Development Framework (ESP-IDF) 5.5.0 Project Minimal Configuration
#
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="certs/mosquitto.org.pem"