Initial TLS support
parent
0bba170041
commit
e5629c9b04
11
README.md
11
README.md
|
@ -15,9 +15,14 @@ is directly connected on ESP-12E module.
|
|||
Software
|
||||
--------
|
||||
|
||||
Mosquitto contained in docker is used as a broker. ESP8266 code uses [Sming
|
||||
framework](https://github.com/SmingHub/Sming). Set your Wifi configuration in
|
||||
`common/common_config.h` (used by both `switch` and `light`)
|
||||
Mosquitto contained in docker is used as a broker. For proper TLS you need to
|
||||
create self-signed certificate and store its SHA-1 fingerprint in
|
||||
`common/common_config.h`.
|
||||
|
||||
ESP8266 code uses [slaff's
|
||||
fork of Sming framework](https://github.com/slaff/Sming). (For axTLS support)
|
||||
Set your Wifi configuration in `common/common_config.h` (used by both `switch`
|
||||
and `light`)
|
||||
|
||||
|
||||
Thoughts
|
||||
|
|
|
@ -8,7 +8,12 @@
|
|||
|
||||
#ifndef MQTT_BROKER
|
||||
#define MQTT_BROKER "192.168.0.100"
|
||||
#ifdef ENABLE_SSL
|
||||
#define MQTT_PORT 8883
|
||||
#define SSL_FINGERPRINT { } // TODO
|
||||
#else
|
||||
#define MQTT_PORT 1883
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define TOPIC_PREFIX "iot/"
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
ota/*
|
||||
mqtt/certs/*
|
|
@ -0,0 +1,9 @@
|
|||
```
|
||||
openssl req -nodes -new -x509 -days 3650 -extensions v3_ca -keyout ca.key -out ca.crt
|
||||
openssl genrsa -out server.key 2048
|
||||
openssl req -out server.csr -key server.key -new
|
||||
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650
|
||||
|
||||
# Extract SHA-1
|
||||
openssl x509 -in server.crt -sha1 -noout -fingerprint | sed 's/.*=/0x/g; s/:/, 0x/g'
|
||||
```
|
|
@ -6,18 +6,21 @@ import sys
|
|||
# The callback for when the client receives a CONNACK response from the server.
|
||||
def on_connect(client, userdata, rc):
|
||||
print("Connected with result code "+str(rc))
|
||||
|
||||
# Subscribing in on_connect() means that if we lose the connection and
|
||||
# reconnect then subscriptions will be renewed.
|
||||
client.subscribe("light/status")
|
||||
client.subscribe("#")
|
||||
client.publish("iot/" + sys.argv[1] + "/" + sys.argv[2], sys.argv[3])
|
||||
|
||||
# The callback for when a PUBLISH message is received from the server.
|
||||
def on_message(client, userdata, msg):
|
||||
print(str(time.time())+" "+msg.topic+" "+str(msg.payload))
|
||||
exit()
|
||||
|
||||
client = mqtt.Client("test-client-%d" % random.randint(100, 999))
|
||||
if len(sys.argv) < 4:
|
||||
print('Usage: client.py [DEVICE_ID] [ENDPOINT] [VALUE]');
|
||||
exit(1)
|
||||
|
||||
client = mqtt.Client()
|
||||
client.on_connect = on_connect
|
||||
client.on_message = on_message
|
||||
|
|
@ -1,7 +1,11 @@
|
|||
mosquitto:
|
||||
image: toke/mosquitto
|
||||
volumes:
|
||||
- mqtt/config/:/mqtt/config/conf.d:ro
|
||||
- mqtt/certs/:/mqtt/config/certs:ro
|
||||
ports:
|
||||
- "1883:1883"
|
||||
- "8883:8883"
|
||||
|
||||
nginx:
|
||||
image: nginx
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
listener 8883
|
||||
cafile /mqtt/config/certs/ca.crt
|
||||
certfile /mqtt/config/certs/server.crt
|
||||
keyfile /mqtt/config/certs/server.key
|
|
@ -49,9 +49,17 @@ void SpejsNode::keepAliveHandler() {
|
|||
|
||||
void SpejsNode::onConnected() {
|
||||
Serial.println("Connection successful");
|
||||
// "+deviceID+"/
|
||||
|
||||
mqtt.setWill(TOPIC_PREFIX + deviceID + "/state", "offline", 1, true);
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
const uint8_t sha1Fingerprint[] = SSL_FINGERPRINT;
|
||||
mqtt.connect("iot-" + deviceID, "", "", true);
|
||||
mqtt.addSslOptions(SSL_SERVER_VERIFY_LATER);
|
||||
mqtt.setSslFingerprint(sha1Fingerprint, 20);
|
||||
#else
|
||||
mqtt.connect("iot-" + deviceID);
|
||||
#endif
|
||||
|
||||
mqtt.subscribe(TOPIC_PREFIX + deviceID + "/control");
|
||||
|
||||
|
@ -80,6 +88,7 @@ void SpejsNode::registerInput(String key, MqttStringSubscriptionCallback callbac
|
|||
|
||||
void SpejsNode::mqttCallback(String origtopic, String value) {
|
||||
String devicePrefix = TOPIC_PREFIX + deviceID;
|
||||
|
||||
if(!origtopic.startsWith(devicePrefix)) {
|
||||
Serial.println("ignoring");
|
||||
return;
|
||||
|
@ -91,7 +100,6 @@ void SpejsNode::mqttCallback(String origtopic, String value) {
|
|||
Serial.println(value);
|
||||
|
||||
if(inputs.contains(topic)) {
|
||||
Serial.println("dupa");
|
||||
inputs[topic](origtopic, value);
|
||||
} else {
|
||||
Serial.println("unknown topic?");
|
||||
|
@ -103,10 +111,7 @@ void SpejsNode::controlHandler(String key, String value) {
|
|||
if(value == "ota") {
|
||||
startOTA();
|
||||
} else if(value == "restart") {
|
||||
//System.restart();
|
||||
keepaliveTimer.initializeMs(500, *[] {
|
||||
System.restart();
|
||||
}).start();
|
||||
} else {
|
||||
Serial.println("Invalid command");
|
||||
}
|
||||
|
@ -147,11 +152,11 @@ void SpejsNode::startOTA() {
|
|||
|
||||
otaUpdater->setCallback(otaUpdateDelegate(&SpejsNode::otaUpdateCallback, this));
|
||||
otaUpdater->start();
|
||||
|
||||
notify("ota", "started");
|
||||
}
|
||||
|
||||
void SpejsNode::otaUpdateCallback(bool result) {
|
||||
Serial.println("In callback...");
|
||||
void SpejsNode::otaUpdateCallback(rBootHttpUpdate& updater, bool result) {
|
||||
if(result == true) {
|
||||
// success
|
||||
notify("ota", "finished");
|
||||
|
@ -168,9 +173,7 @@ void SpejsNode::otaUpdateCallback(bool result) {
|
|||
|
||||
rboot_set_temp_rom(slot);
|
||||
|
||||
keepaliveTimer.initializeMs(500, *[] {
|
||||
System.restart();
|
||||
}).start();
|
||||
} else {
|
||||
notify("ota", "failed");
|
||||
}
|
||||
|
|
|
@ -32,5 +32,5 @@ public:
|
|||
void registerInput(String key, MqttStringSubscriptionCallback cb);
|
||||
void mqttCallback(String, String);
|
||||
void controlHandler(String, String);
|
||||
void otaUpdateCallback(bool result);
|
||||
void otaUpdateCallback(rBootHttpUpdate& updater, bool result);
|
||||
};
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
MODULES = app ../spejsiot
|
||||
DISABLE_SPIFFS = 1
|
||||
USER_CFLAGS = -I../common
|
||||
|
||||
RBOOT_ENABLED ?= 1
|
||||
RBOOT_BIG_FLASH ?= 1
|
||||
ENABLE_SSL = 1
|
||||
RBOOT_ENABLED = 1
|
||||
RBOOT_BIG_FLASH = 1
|
||||
RBOOT_RTC_ENABLED = 1
|
||||
SPI_SIZE ?= 4M
|
||||
|
|
|
@ -4,7 +4,7 @@ SpejsNode node("switch");
|
|||
|
||||
void init() {
|
||||
node.init();
|
||||
node.registerInput("relay", *[](String value) {
|
||||
node.registerInput("relay", *[](String key, String value) {
|
||||
Serial.println("handler");
|
||||
digitalWrite(5, value == "1" ? HIGH : LOW);
|
||||
});
|
||||
|
|
|
@ -5,7 +5,7 @@ MEMORY
|
|||
dport0_0_seg : org = 0x3FF00000, len = 0x10
|
||||
dram0_0_seg : org = 0x3FFE8000, len = 0x14000
|
||||
iram1_0_seg : org = 0x40100000, len = 0x8000
|
||||
irom0_0_seg : org = 0x40202010, len = 0x42000
|
||||
irom0_0_seg : org = 0x40202010, len = 0xF0000
|
||||
}
|
||||
|
||||
PHDRS
|
||||
|
@ -161,6 +161,7 @@ SECTIONS
|
|||
*(.irom0.literal .irom.literal .irom.text.literal .irom0.text .irom.text)
|
||||
out/build/app_app.a:*(.literal .text .literal.* .text.* .stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
|
||||
*libsming.a:*(.literal .text .literal.* .text.* .stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
|
||||
*libsmingssl.a:*(.literal .text .literal.* .text.* .stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
|
||||
_irom0_text_end = ABSOLUTE(.);
|
||||
_flash_code_end = ABSOLUTE(.);
|
||||
} >irom0_0_seg :irom0_0_phdr
|
||||
|
|
Loading…
Reference in New Issue