lmoskala/SSLClient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add EthernetMQTT example to demonstrate mTLS (credit @Atalonica)

Browse source
This commit is contained in:
Noah Laptop 2020-03-09 09:39:03 -07:00
parent 7a1a2a823b
commit 5ae689bf72
2 changed files with 162 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
examples/EthernetMQTT/EthernetMQTT.ino Normal file
View file

@ -0,0 +1,87 @@
/*
Basic MQTT example (with SSL!)
This sketch demonstrates the basic capabilities of the library.
It connects to an MQTT server then:
- publishes "hello world" to the topic "outTopic"
- subscribes to the topic "inTopic", printing out any messages
it receives. NB - it assumes the received payloads are strings not binary
It will reconnect to the server if the connection is lost using a blocking
reconnect function. See the 'mqtt_reconnect_nonblocking' example for how to
achieve the same result without blocking the main loop.
You will need to populate "certificates.h" with your trust anchors
(see https://github.com/OPEnSLab-OSU/SSLClient/blob/master/TrustAnchors.md)
and my_cert/my_key with your certificate/private key pair
(see https://github.com/OPEnSLab-OSU/SSLClient#mtls).
*/
#include <SPI.h>
#include <EthernetLarge.h>
#include <SSLClient.h>
#include "certificates.h" // This file must be regenerated
#include <PubSubClient.h>
const char my_cert[] = "FIXME";
const char my_key[] = "FIXME";
SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof my_cert, my_key, sizeof my_key);
byte mac[] = { 0xDE, 0xED, 0xBA, 0xFE, 0xFE, 0xED };
const char* mqttServer = "broker.example"; // Broker address
IPAddress ip (192, 168, 1, 2); // Custom client static IP
void callback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message arrived [");
Serial.print(topic);
Serial.print("] ");
for (int i=0;i<length;i++) {
Serial.print((char)payload[i]);
}
Serial.println();
}
EthernetClient ethClient;
SSLClient ethClientSSL(ethClient, TAs, (size_t)TAs_NUM, A5);
PubSubClient client(mqttServer, 8883, callback, ethClientSSL);
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect("arduinoClient")) {
Serial.println("connected");
// Once connected, publish an announcement...
client.publish("outTopic","hello world");
// ... and resubscribe
client.subscribe("inTopic");
} else {
Serial.print("failed, rc=");
Serial.print(client.state());
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
delay(5000);
}
}
}
void setup(){
// Start Serial
Serial.begin(115200);
while(!Serial);
// Enable mutual TLS with SSLClient
ethClientSSL.setMutualAuthParams(mTLS);
// You can use Ethernet.init(pin) to configure the CS pin
Ethernet.init(10); // Most Arduino shields
//Ethernet.init(5); // MKR ETH shield
//Ethernet.init(0); // Teensy 2.0
//Ethernet.init(20); // Teensy++ 2.0
//Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet
//Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet
Ethernet.begin(mac, ip);
}
void loop(){
if (!client.connected()) {
reconnect();
}
client.loop();
}

75
tools/pycert_bearssl/certificates.h Normal file
View file

@ -0,0 +1,75 @@
#ifndef _CERTIFICATES_H_
#define _CERTIFICATES_H_
#ifdef __cplusplus
extern "C"
{
#endif
/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually.
* Certificates are BearSSL br_x509_trust_anchor format. Included certs:
*
* Index: 0
* Label: OPEnS
* Subject: C=US,ST=OR,L=Corvallis,O=OPEnS
*/
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0c, 0x02, 0x4f, 0x52, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x09, 0x43, 0x6f, 0x72, 0x76, 0x61, 0x6c, 0x6c, 0x69, 0x73,
0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x05, 0x4f,
0x50, 0x45, 0x6e, 0x53,
};
static const unsigned char TA_RSA_N0[] = {
0xe2, 0x80, 0x32, 0x18, 0xe7, 0xa6, 0x94, 0x04, 0x62, 0x43, 0xbc, 0x1e,
0x14, 0x13, 0xaf, 0x40, 0x82, 0x0e, 0x14, 0x57, 0xe8, 0x50, 0x98, 0x38,
0xa4, 0xd9, 0xf1, 0x8a, 0x20, 0x5f, 0x37, 0xae, 0xd1, 0xdf, 0xc1, 0xc0,
0x53, 0x47, 0xd2, 0x4b, 0x10, 0x63, 0xe8, 0x8f, 0xb5, 0x58, 0x9f, 0xd8,
0x69, 0x86, 0x31, 0xbc, 0x9f, 0x39, 0xf5, 0x88, 0xb3, 0xae, 0xcb, 0x25,
0x50, 0xc0, 0x47, 0x7c, 0xde, 0x68, 0xdc, 0x5c, 0xb6, 0x68, 0xef, 0x17,
0xe3, 0xf1, 0xd9, 0x41, 0xb1, 0x8a, 0xde, 0x31, 0x74, 0x82, 0xa9, 0x14,
0x4b, 0x12, 0x7d, 0x7a, 0xbc, 0x2a, 0x8e, 0x6c, 0xf6, 0xfc, 0xeb, 0xda,
0xe3, 0x55, 0x11, 0x77, 0x98, 0x71, 0xe6, 0xa7, 0x0d, 0x9a, 0x10, 0x47,
0xe9, 0xde, 0x38, 0x71, 0x68, 0xe6, 0xbc, 0x8a, 0xec, 0xdd, 0xac, 0x53,
0xdf, 0x20, 0x13, 0x55, 0x59, 0x70, 0xf1, 0xd5, 0x38, 0xc0, 0x4b, 0x46,
0x3b, 0xe4, 0x82, 0x56, 0x27, 0x36, 0xaf, 0x4e, 0x80, 0x4d, 0xc4, 0xbc,
0x21, 0x4c, 0x20, 0xc8, 0x4e, 0x87, 0x7d, 0x6c, 0x6f, 0xa2, 0x7b, 0x61,
0xf1, 0x0b, 0xdc, 0xaa, 0x0c, 0xbb, 0x95, 0xdd, 0xe0, 0x1b, 0x92, 0x29,
0x96, 0xf8, 0xf3, 0x5e, 0x47, 0x5b, 0x88, 0xe3, 0x8e, 0xb0, 0x4b, 0x89,
0xaf, 0x73, 0x55, 0x08, 0x7d, 0xcc, 0xdf, 0x84, 0x7e, 0xaf, 0xba, 0x7c,
0xdd, 0x6e, 0x5c, 0xc7, 0xd8, 0x2b, 0x25, 0x35, 0xdb, 0x2e, 0x53, 0x90,
0xd1, 0x46, 0x20, 0x77, 0x5a, 0x39, 0xed, 0x5f, 0xcd, 0xee, 0x12, 0xe4,
0x12, 0xdf, 0xaa, 0xa3, 0x18, 0x82, 0x69, 0x31, 0xc6, 0x0c, 0x7b, 0xa4,
0x5b, 0x11, 0x9a, 0xd5, 0x0e, 0x21, 0x7d, 0x68, 0xc0, 0x5b, 0x2a, 0xb4,
0xb5, 0x89, 0x18, 0x7d, 0x01, 0x27, 0xa7, 0x2e, 0x60, 0x0a, 0xc4, 0x58,
0xca, 0x8e, 0x26, 0x03,
};
static const unsigned char TA_RSA_E0[] = {
0x01, 0x00, 0x01,
};
static const br_x509_trust_anchor TAs[] = {
{
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
BR_X509_TA_CA,
{
BR_KEYTYPE_RSA,
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
}
},
};
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* ifndef _CERTIFICATES_H_ */