aly-fly · aly-fly · Nov 28, 2024 · Nov 19, 2024 · Nov 25, 2024 · Nov 27, 2024
diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp b/EleksTubeHAX_pio/src/Mqtt_client_ips.cpp
@@ -11,21 +11,26 @@
  */
 
 #include "Mqtt_client_ips.h"
-#include "WiFi.h"         // for ESP32
+#include <WiFi.h>         // for ESP32
 #include <PubSubClient.h> // Download and install this library first from: https://www.arduinolibraries.info/libraries/pub-sub-client
 #include <ArduinoJson.h>
 #include "TempSensor.h"
 #include "TFTs.h"
 #include "Backlights.h"
 #include "Clock.h"
+#ifdef MQTT_USE_TLS
+#include <WiFiClientSecure.h> // for secure WiFi client
+
+WiFiClientSecure espClient;
+#else
+WiFiClient espClient;
+#endif
+PubSubClient MQTTclient(espClient);
 
 #define concat2(first, second) first second
 #define concat3(first, second, third) first second third
 #define concat4(first, second, third, fourth) first second third fourth
 
-WiFiClient espClient;
-PubSubClient MQTTclient(espClient);
-
 #define MQTT_STATE_ON "ON"
 #define MQTT_STATE_OFF "OFF"
 
@@ -320,6 +325,54 @@ void MqttReportState(bool force)
 #endif
 }
 
+#ifdef MQTT_USE_TLS
+bool loadCARootCert()
+{
+  const char *filename = "/mqtt-ca-root.pem";
+  Serial.println("Loading CA Root Certificate");
+
+  // Check if the PEM file exists
+  if (!SPIFFS.exists(filename))
+  {
+    Serial.println("ERROR: File not found mqtt-ca-root.pem");
+    return false;
+  }
+
+  // Open the PEM file in read mode
+  File file = SPIFFS.open(filename, "r");
+  if (!file)
+  {
+    Serial.println("ERROR: Failed to open mqtt-ca-root.pem");
+    return false;
+  }
+
+  // Get the size of the file
+  size_t size = file.size();
+  if (size == 0)
+  {
+    Serial.println("ERROR: Empty mqtt-ca-root.pem");
+    file.close();
+    return false;
+  }
+
+  // Use the loadCA() method to load the certificate directly from the file stream
+  bool result = espClient.loadCACert(file, size);
+
+  file.close();
+
+  if (result)
+  {
+    Serial.println("CA Root Certificate loaded successfully");
+  }
+  else
+  {
+    Serial.println("ERROR: Failed to load CA Root Certificate");
+  }
+
+  return result;
+}
+#endif
+
 void MqttStart()
 {
 #ifdef MQTT_ENABLED
@@ -330,7 +383,15 @@ void MqttStart()
     MQTTclient.setServer(MQTT_BROKER, MQTT_PORT);
     MQTTclient.setCallback(callback);
     MQTTclient.setBufferSize(2048);
+#ifdef MQTT_USE_TLS
+    bool result = loadCARootCert();
+    if (!result)
+    {
+      return; // load certificate failed -> do not continue
+    }
+#endif
 
+    Serial.println("");
     Serial.println("Connecting to MQTT...");
     if (MQTTclient.connect(MQTT_CLIENT, MQTT_USERNAME, MQTT_PASSWORD))
     {
@@ -341,14 +402,15 @@ void MqttStart()
     {
       if (MQTTclient.state() == 5)
       {
-        Serial.println("Connection not allowed by broker, possible reasons:");
+        Serial.println("Error: Connection not allowed by broker, possible reasons:");
         Serial.println("- Device is already online. Wait some seconds until it appears offline");
         Serial.println("- Wrong Username or password. Check credentials");
         Serial.println("- Client Id does not belong to this username, verify ClientId");
       }
       else
       {
-        Serial.print("Not possible to connect to Broker Error code:");
+        Serial.println("Error: Not possible to connect to Broker!");
+        Serial.print("Error code:");
         Serial.println(MQTTclient.state());
       }
       return; // do not continue if not connected

diff --git a/EleksTubeHAX_pio/src/Mqtt_client_ips.h b/EleksTubeHAX_pio/src/Mqtt_client_ips.h
@@ -2,6 +2,7 @@
 #define mqtt_client_H_
 
 #include "GLOBAL_DEFINES.h"
+#include <FS.h>
 
 extern bool MqttConnected;
 

diff --git a/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h b/EleksTubeHAX_pio/src/_USER_DEFINES - empty.h
@@ -40,7 +40,8 @@
 #define GEOLOCATION_API_KEY "__enter_your_api_key_here__"
 
 // ************* MQTT config *************
-// #define MQTT_ENABLED // enable general MQTT support
+// #define MQTT_ENABLED                       // enable general MQTT support
+#define MQTT_SAVE_PREFERENCES_AFTER_SEC 60 // auto save config X seconds after last MQTT message received
 
 // --- MQTT Home Assistant settings ---
 // You will either need a local MQTT broker to use MQTT with Home Assistant (e.g. Mosquitto) or use an internet-based broker with Home Assistant support.
@@ -69,7 +70,9 @@
 #define MQTT_USERNAME "__enter_your_username_here__" // Username from Smartnest
 #define MQTT_PASSWORD "__enter_your_api_key_here__"  // Password from Smartnest or API key (under MY Account)
 #define MQTT_CLIENT "__enter_your_device_id_here__"  // Device Id from Smartnest
-#define MQTT_SAVE_PREFERENCES_AFTER_SEC 60
+// #define MQTT_USE_TLS                                 // Use TLS for MQTT connection. Setting a root CA certificate is needed!
+                                                     // Don't forget to copy the correct certificate file into the 'data' folder and rename it to mqtt-ca-root.pem!
+                                                     // Example CA cert (Let's Encrypt CA cert) can be found in the 'data - other graphics' subfolder in the root of this repo
 
 // ************* Optional temperature sensor *************
 // #define ONE_WIRE_BUS_PIN   4  // DS18B20 connected to GPIO4; comment this line if sensor is not connected

diff --git a/EleksTubeHAX_pio/src/main.cpp b/EleksTubeHAX_pio/src/main.cpp
@@ -126,10 +126,10 @@ void setup()
   // Setup MQTT
   tfts.setTextColor(TFT_YELLOW, TFT_BLACK);
   tfts.print("MQTT start...");
-  Serial.print("MQTT start...");
+  Serial.println("MQTT start...");
   MqttStart();
   tfts.println("Done!");
-  Serial.println("Done!");
+  Serial.println("MQTT start Done!");
   tfts.setTextColor(TFT_WHITE, TFT_BLACK);
 
 #ifdef GEOLOCATION_ENABLED

diff --git a/data - other graphics/mqtt-ca-root.pem b/data - other graphics/mqtt-ca-root.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----