Skip to content
This repository has been archived by the owner on Aug 30, 2020. It is now read-only.

Commit

Permalink
Merge pull request #201 from ofekd/mqtt-tls-support
Browse files Browse the repository at this point in the history
Support MQTT over TLS
  • Loading branch information
synesthesiam authored Apr 10, 2020
2 parents 3bc36f2 + 54063fe commit de0824e
Show file tree
Hide file tree
Showing 10 changed files with 157 additions and 15 deletions.
10 changes: 9 additions & 1 deletion docs/audio-input.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
"site_id": "default"
"site_id": "default",
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
}
```

Expand Down
10 changes: 9 additions & 1 deletion docs/audio-output.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
"site_id": "default"
"site_id": "default",
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
}
```

Expand Down
10 changes: 9 additions & 1 deletion docs/command-listener.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
"site_id": "default"
"site_id": "default",
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
}
```

Expand Down
24 changes: 16 additions & 8 deletions docs/intent-handling.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,22 @@ Add to your [profile](profiles.md):

```json
"mqtt": {
"enabled": true,
"host": "localhost",
"username": "",
"password": "",
"port": 1883,
"reconnect_sec": 5,
"site_id": "default",
"publish_intents": true
"enabled": true,
"host": "localhost",
"username": "",
"password": "",
"port": 1883,
"reconnect_sec": 5,
"site_id": "default",
"publish_intents": true,
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
}
```

Expand Down
10 changes: 9 additions & 1 deletion docs/wake-word.md
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,15 @@ Add to your [profile](profiles.md):
"username": "",
"port": 1883,
"password": "",
"site_id": "default"
"site_id": "default",
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
}
```

Expand Down
10 changes: 9 additions & 1 deletion profiles/defaults.json
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,15 @@
"publish_intents": true,
"reconnect_sec": 5,
"site_id": "default",
"username": ""
"username": "",
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
},
"rhasspy": {
"listen_on_start": true,
Expand Down
23 changes: 23 additions & 0 deletions rhasspy/mqtt.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ def __init__(self) -> None:
self.password = None
self.reconnect_sec = 5
self.publish_intents = True
self.tls = { "enabled": False }

# -------------------------------------------------------------------------

Expand All @@ -66,6 +67,7 @@ def to_started(self, from_state: str) -> None:
self.password = self.profile.get("mqtt.password", None)
self.reconnect_sec = self.profile.get("mqtt.reconnect_sec", 5)
self.publish_intents = self.profile.get("mqtt.publish_intents", True)
self.tls = self.profile.get("mqtt.tls", { "enabled": False })

if self.profile.get("mqtt.enabled", False):
self.transition("connecting")
Expand All @@ -84,6 +86,27 @@ def to_connecting(self, from_state: str) -> None:
self.client.on_message = self.on_message
self.client.on_disconnect = self.on_disconnect

if pydash.get(self.tls, "enabled", False):
import ssl
allowed_cert_reqs = {
"CERT_REQUIRED": ssl.CERT_REQUIRED,
"CERT_OPTIONAL": ssl.CERT_OPTIONAL,
"CERT_NONE": ssl.CERT_NONE
}

self.client.tls_set(
ca_certs=pydash.get(self.tls, "ca_certs", None),
cert_reqs=pydash.get(
allowed_cert_reqs,
pydash.get(self.tls, "cert_reqs", "CERT_REQUIRED"),
ssl.CERT_REQUIRED
),
certfile=pydash.get(self.tls, "certfile", None),
ciphers=pydash.get(self.tls, "ciphers", None),
keyfile=pydash.get(self.tls, "keyfile", None),
tls_version=ssl.PROTOCOL_TLS
)

if self.username:
self._logger.debug("Logging in as %s", self.username)
self.client.username_pw_set(self.username, self.password)
Expand Down
13 changes: 12 additions & 1 deletion rhasspy/profile_schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -417,7 +417,18 @@
"reconnect_sec": { "type": "integer", "min": 0 },
"site_id": { "type": "string" },
"username": { "type": "string" },
"publish_intents": { "type": "boolean" }
"publish_intents": { "type": "boolean" },
"tls": {
"type": "dict",
"schema": {
"enabled": { "type": "boolean" },
"ca_certs": { "type": "string" },
"cert_reqs": { "type": "string" },
"certfile": { "type": "string" },
"ciphers": { "type": "string" },
"keyfile": { "type": "string" }
}
}
}
},

Expand Down
10 changes: 9 additions & 1 deletion src/assets/ProfileDefaults.js
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,15 @@ const profileDefaults = {
"reconnect_sec": 5,
"site_id": "default",
"username": "",
"publish_intents": true
"publish_intents": true,
"tls": {
"enabled": false,
"ca_certs": "",
"cert_reqs": "CERT_REQUIRED",
"certfile": "",
"ciphers": "",
"keyfile": ""
}
},
"rhasspy": {
"default_profile": "en",
Expand Down
52 changes: 52 additions & 0 deletions src/components/profile/Rhasspy.vue
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,58 @@
</div>
</div>
</div>
<div class="form-group">
<div class="form-row">
<input id="mqtt-tls-enabled" type="checkbox" v-model="profile.mqtt.tls.enabled" :disabled="!profile.mqtt.enabled">
<label for="mqtt-tls-enabled" class="col-form-label">Enable MQTT over TLS</label>
</div>
</div>
<template v-if="profile.mqtt.tls.enabled">
<div class="form-group">
<div class="form-row">
<label for="mqtt-tls-ca_certs" class="col-form-label">ca_certs</label>
<div class="col-sm-auto">
<input id="mqtt-tls-ca_certs" type="text" class="form-control" v-model="profile.mqtt.tls.ca_certs" :disabled="!profile.mqtt.enabled">
</div>
</div>
</div>
<div class="form-group">
<div class="form-row">
<label for="mqtt-tls-cert_reqs" class="col-form-label">cert_reqs</label>
<div class="col-sm-auto">
<select id="mqtt-tls-cert_reqs" v-model="profile.mqtt.tls.cert_reqs" :disabled="!profile.mqtt.enabled">
<option value="CERT_REQUIRED" default>CERT_REQUIRED</option>
<option value="CERT_OPTIONAL">CERT_OPTIONAL</option>
<option value="CERT_NONE">CERT_NONE</option>
</select>
</div>
</div>
</div>
<div class="form-group">
<div class="form-row">
<label for="mqtt-tls-certfile" class="col-form-label">certfile</label>
<div class="col-sm-auto">
<input id="mqtt-tls-certfile" type="text" class="form-control" v-model="profile.mqtt.tls.certfile" :disabled="!profile.mqtt.enabled">
</div>
</div>
</div>
<div class="form-group">
<div class="form-row">
<label for="mqtt-tls-ciphers" class="col-form-label">ciphers</label>
<div class="col-sm-auto">
<input id="mqtt-tls-ciphers" type="text" class="form-control" v-model="profile.mqtt.tls.ciphers" :disabled="!profile.mqtt.enabled">
</div>
</div>
</div>
<div class="form-group">
<div class="form-row">
<label for="mqtt-tls-keyfile" class="col-form-label">keyfile</label>
<div class="col-sm-auto">
<input id="mqtt-tls-keyfile" type="text" class="form-control" v-model="profile.mqtt.tls.keyfile" :disabled="!profile.mqtt.enabled">
</div>
</div>
</div>
</template>
<div class="form-group">
<div class="form-row">
<input type="checkbox" id="mqtt-publish_intents" v-model="profile.mqtt.publish_intents" :disabled="!profile.mqtt.enabled">
Expand Down

0 comments on commit de0824e

Please sign in to comment.