Improved MQTT SSL

UtilitechAS · Oct 12, 2023 · f9b4680 · f9b4680
1 parent 2a10096
commit f9b4680
Show file tree

Hide file tree

Showing 8 changed files with 165 additions and 52 deletions.
diff --git a/lib/SvelteUi/app/dist/index.css b/lib/SvelteUi/app/dist/index.css
diff --git a/lib/SvelteUi/app/dist/index.js b/lib/SvelteUi/app/dist/index.js
diff --git a/lib/SvelteUi/app/src/lib/ConfigurationPanel.svelte b/lib/SvelteUi/app/src/lib/ConfigurationPanel.svelte
@@ -9,6 +9,7 @@
     import CountrySelectOptions from './CountrySelectOptions.svelte';
     import { Link, navigate } from 'svelte-navigator';
     import SubnetOptions from './SubnetOptions.svelte';
+    import TrashIcon from './TrashIcon.svelte';
     
 
     export let sysinfo = {}
@@ -166,6 +167,45 @@
       }
     }
 
+    async function askDeleteCa() {
+        if(confirm('Are you sure you want to delete CA?')) {
+            const response = await fetch('/mqtt-ca', {
+                method: 'POST'
+            });
+            let res = (await response.text())
+            configurationStore.update(c => {
+                c.q.s.c = false;
+                return c;
+            });
+        }
+    }
+
+    async function askDeleteCert() {
+        if(confirm('Are you sure you want to delete cert?')) {
+            const response = await fetch('/mqtt-cert', {
+                method: 'POST'
+            });
+            let res = (await response.text())
+            configurationStore.update(c => {
+                c.q.s.r = false;
+                return c;
+            });
+        }
+    }
+
+    async function askDeleteKey() {
+        if(confirm('Are you sure you want to delete key?')) {
+            const response = await fetch('/mqtt-key', {
+                method: 'POST'
+            });
+            let res = (await response.text())
+            configurationStore.update(c => {
+                c.q.s.k = false;
+                return c;
+            });
+        }
+    }
+
     const updateMqttPort = function() {
         if(configuration.q.s.e) {
             if(configuration.q.p == 1883) configuration.q.p = 8883;
@@ -466,32 +506,33 @@
                 </div>
             </div>
             {#if configuration.q.s.e}
-            <div class="my-1">
-                <div>
-                    <Link to="/mqtt-ca">
-                        {#if configuration.q.s.c}
-                        <Badge color="green" text="CA OK" title="Click here to replace CA"/>
-                        {:else}
-                        <Badge color="blue" text="Upload CA" title="Click here to upload CA"/>
-                        {/if}
-                    </Link>
+            <div class="my-1 flex">
+                <span class="flex pr-2">
+                    {#if configuration.q.s.c}
+                    <span class="rounded-l-md bg-green-500 text-green-100 text-xs font-semibold px-2.5 py-1"><Link to="/mqtt-ca">CA OK</Link></span>
+                    <span class="rounded-r-md bg-red-500 text-red-100 text-xs px-2.5 py-1"  on:click={askDeleteCa} on:keypress={askDeleteCa}><TrashIcon/></span>
+                    {:else}
+                    <Link to="/mqtt-ca"><Badge color="blue" text="Upload CA" title="Click here to upload CA"/></Link>
+                    {/if}
+                </span>
 
-                    <Link to="/mqtt-cert">
-                        {#if configuration.q.s.r}
-                        <Badge color="green" text="Cert OK" title="Click here to replace certificate"/>
-                        {:else}
-                        <Badge color="blue" text="Upload cert" title="Click here to upload certificate"/>
-                        {/if}
-                    </Link>
+                <span class="flex pr-2">
+                    {#if configuration.q.s.r}
+                    <span class="rounded-l-md bg-green-500 text-green-100 text-xs font-semibold px-2.5 py-1"><Link to="/mqtt-cert">Cert OK</Link></span>
+                    <span class="rounded-r-md bg-red-500 text-red-100 text-xs px-2.5 py-1" on:click={askDeleteCert} on:keypress={askDeleteCert}><TrashIcon/></span>
+                    {:else}
+                    <Link to="/mqtt-cert"><Badge color="blue" text="Upload cert" title="Click here to upload certificate"/></Link>
+                    {/if}
+                </span>
 
-                    <Link to="/mqtt-key">
-                        {#if configuration.q.s.k}
-                        <Badge color="green" text="Key OK" title="Click here to replace key"/>
-                        {:else}
-                        <Badge color="blue" text="Upload key" title="Click here to upload key"/>
-                        {/if}
-                    </Link>
-                </div>
+                <span class="flex pr-2">
+                    {#if configuration.q.s.k}
+                    <span class="rounded-l-md bg-green-500 text-green-100 text-xs font-semibold px-2.5 py-1"><Link to="/mqtt-key">Key OK</Link></span>
+                    <span class="rounded-r-md bg-red-500 text-red-100 text-xs px-2.5 py-1" on:click={askDeleteKey} on:keypress={askDeleteKey}><TrashIcon/></span>
+                    {:else}
+                    <Link to="/mqtt-key"><Badge color="blue" text="Upload key" title="Click here to upload key"/></Link>
+                    {/if}
+                </span>
             </div>
             {/if}
             <div class="my-1">

diff --git a/lib/SvelteUi/app/src/lib/TrashIcon.svelte b/lib/SvelteUi/app/src/lib/TrashIcon.svelte
@@ -0,0 +1,5 @@
+<script></script>
+<!-- Heroicons -->
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-4 h-4">
+    <path stroke-linecap="round" stroke-linejoin="round" d="M14.74 9l-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 01-2.244 2.077H8.084a2.25 2.25 0 01-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 00-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 013.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 00-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 00-7.5 0" />
+</svg>
diff --git a/lib/SvelteUi/app/vite.config.js b/lib/SvelteUi/app/vite.config.js
@@ -17,18 +17,21 @@ export default defineConfig({
   plugins: [svelte()],
   server: {
     proxy: {
-      "/data.json": "http://192.168.233.235",
-      "/energyprice.json": "http://192.168.233.235",
-      "/dayplot.json": "http://192.168.233.235",
-      "/monthplot.json": "http://192.168.233.235",
-      "/temperature.json": "http://192.168.233.235",
-      "/sysinfo.json": "http://192.168.233.235",
-      "/configuration.json": "http://192.168.233.235",
-      "/tariff.json": "http://192.168.233.235",
-      "/save": "http://192.168.233.235",
-      "/reboot": "http://192.168.233.235",
-      "/configfile": "http://192.168.233.235",
-      "/upgrade": "http://192.168.233.235"
+      "/data.json": "http://192.168.233.244",
+      "/energyprice.json": "http://192.168.233.244",
+      "/dayplot.json": "http://192.168.233.244",
+      "/monthplot.json": "http://192.168.233.244",
+      "/temperature.json": "http://192.168.233.244",
+      "/sysinfo.json": "http://192.168.233.244",
+      "/configuration.json": "http://192.168.233.244",
+      "/tariff.json": "http://192.168.233.244",
+      "/save": "http://192.168.233.244",
+      "/reboot": "http://192.168.233.244",
+      "/configfile": "http://192.168.233.244",
+      "/upgrade": "http://192.168.233.244",
+      "/mqtt-ca": "http://192.168.233.244",
+      "/mqtt-cert": "http://192.168.233.244",
+      "/mqtt-key": "http://192.168.233.244",
     }
   }
 })
diff --git a/lib/SvelteUi/include/AmsWebServer.h b/lib/SvelteUi/include/AmsWebServer.h
@@ -104,9 +104,13 @@ class AmsWebServer {
 	void isAliveCheck();
 
 	void mqttCaUpload();
+	void mqttCaDelete();
 	void mqttCertUpload();
+	void mqttCertDelete();
 	void mqttKeyUpload();
+	void mqttKeyDelete();
 	HTTPUpload& uploadFile(const char* path);
+	void deleteFile(const char* path);
 
 	void configFileDownload();
 	void configFileUpload();

diff --git a/lib/SvelteUi/src/AmsWebServer.cpp b/lib/SvelteUi/src/AmsWebServer.cpp
@@ -100,9 +100,9 @@ void AmsWebServer::setup(AmsConfiguration* config, GpioConfig* gpioConfig, Meter
 
 	server.on(F("/robots.txt"), HTTP_GET, std::bind(&AmsWebServer::robotstxt, this));
 
-	server.on(F("/mqtt-ca"), HTTP_POST, std::bind(&AmsWebServer::firmwarePost, this), std::bind(&AmsWebServer::mqttCaUpload, this));
-	server.on(F("/mqtt-cert"), HTTP_POST, std::bind(&AmsWebServer::firmwarePost, this), std::bind(&AmsWebServer::mqttCertUpload, this));
-	server.on(F("/mqtt-key"), HTTP_POST, std::bind(&AmsWebServer::firmwarePost, this), std::bind(&AmsWebServer::mqttKeyUpload, this));
+	server.on(F("/mqtt-ca"), HTTP_POST, std::bind(&AmsWebServer::mqttCaDelete, this), std::bind(&AmsWebServer::mqttCaUpload, this));
+	server.on(F("/mqtt-cert"), HTTP_POST, std::bind(&AmsWebServer::mqttCertDelete, this), std::bind(&AmsWebServer::mqttCertUpload, this));
+	server.on(F("/mqtt-key"), HTTP_POST, std::bind(&AmsWebServer::mqttKeyDelete, this), std::bind(&AmsWebServer::mqttKeyUpload, this));
 
 	server.on(F("/configfile"), HTTP_POST, std::bind(&AmsWebServer::firmwarePost, this), std::bind(&AmsWebServer::configFileUpload, this));
 	server.on(F("/configfile.cfg"), HTTP_GET, std::bind(&AmsWebServer::configFileDownload, this));
@@ -1807,6 +1807,23 @@ void AmsWebServer::mqttCaUpload() {
 	}
 }
 
+void AmsWebServer::mqttCaDelete() {
+	if(!checkSecurity(1))
+		return;
+
+	if(!uploading) { // Not an upload
+		deleteFile(FILE_MQTT_CA);
+		server.send(200);
+		MqttConfig mqttConfig;
+		if(config->getMqttConfig(mqttConfig) && mqttConfig.ssl) {
+			config->setMqttChanged();
+		}
+	} else {
+		uploading = false;
+		server.send(200);
+	}
+}
+
 void AmsWebServer::mqttCertUpload() {
 	if(!checkSecurity(1))
 		return;
@@ -1823,6 +1840,23 @@ void AmsWebServer::mqttCertUpload() {
 	}
 }
 
+void AmsWebServer::mqttCertDelete() {
+	if(!checkSecurity(1))
+		return;
+
+	if(!uploading) { // Not an upload
+		deleteFile(FILE_MQTT_CERT);
+		server.send(200);
+		MqttConfig mqttConfig;
+		if(config->getMqttConfig(mqttConfig) && mqttConfig.ssl) {
+			config->setMqttChanged();
+		}
+	} else {
+		uploading = false;
+		server.send(200);
+	}
+}
+
 void AmsWebServer::mqttKeyUpload() {
 	if(!checkSecurity(1))
 		return;
@@ -1839,6 +1873,30 @@ void AmsWebServer::mqttKeyUpload() {
 	}
 }
 
+void AmsWebServer::mqttKeyDelete() {
+	if(!checkSecurity(1))
+		return;
+
+	if(!uploading) { // Not an upload
+		deleteFile(FILE_MQTT_KEY);
+		server.send(200);
+		MqttConfig mqttConfig;
+		if(config->getMqttConfig(mqttConfig) && mqttConfig.ssl) {
+			config->setMqttChanged();
+		}
+	} else {
+		uploading = false;
+		server.send(200);
+	}
+}
+
+void AmsWebServer::deleteFile(const char* path) {
+	if(LittleFS.begin()) {
+		LittleFS.remove(path);
+		LittleFS.end();
+	}
+}
+
 void AmsWebServer::tariffJson() {
 	if(debugger->isActive(RemoteDebug::DEBUG)) debugger->printf_P(PSTR("Serving /tariff.json over http...\n"));
 

diff --git a/src/AmsToMqttBridge.cpp b/src/AmsToMqttBridge.cpp
@@ -1866,8 +1866,10 @@ void MQTT_connect() {
 						if(mqttSecureClient->loadCACert(file, file.size())) {
 							debugI_P(PSTR("CA accepted"));
 						} else {
-							debugW_P(PSTR("CA was rejected, disabling certificate validation"));
-							mqttSecureClient->setInsecure();
+							debugW_P(PSTR("CA was rejected"));
+							delete mqttSecureClient;
+							mqttSecureClient = NULL;
+							return;
 						}
 					#endif
 					file.close();