Option to set additional ssl parameters

karthiksaligrama · Oct 9, 2014 · ccf2332 · ccf2332
1 parent 6d6f643
commit ccf2332
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 12 deletions.
diff --git a/MQTT/MQTTClient.h b/MQTT/MQTTClient.h
@@ -9,7 +9,10 @@
 #import <Foundation/Foundation.h>
 #import "MQTTMessage.h"
 
-
+#define CERT_FILE @"CERT_FILE"
+#define KEY_FILE @"KEY_FILE"
+#define CA_PATH @"CA_PATH"
+#define CA_FILE @"CA_FILE"
 
 typedef enum MQTTConnectionResponse:NSUInteger{
     ConnectionAccepted,
@@ -20,6 +23,7 @@ typedef enum MQTTConnectionResponse:NSUInteger{
 } MQTTConnectionResponseCode;
 
 typedef void (^MQTTSubscribeHandler)(NSArray *qosGranted);
+typedef NSString* (^PasswordCallback)();
 
 @protocol MQTTMessageDelegate;
 
@@ -30,7 +34,6 @@ typedef void (^MQTTSubscribeHandler)(NSArray *qosGranted);
 /*
  *  Initialize the MQTT Client
  */
-
 -(MQTTClient *)initWithClientId:(NSString *)client;
 
 /*
@@ -58,14 +61,28 @@ typedef void (^MQTTSubscribeHandler)(NSArray *qosGranted);
  */
 -(void)connectWithHost:(NSString *)hostName withPort:(int)port enableSSL:(bool)ssl usingSSLCACert:(NSString *)certFile;
 
+/*
+ * Incase you are using self signed certificates. 
+ * #warning Donot use in production.
+ * call before using connect
+ */
+-(void)setSSLInsecure:(BOOL)insecure;
+
+/*
+ * Settings for the SSL.
+ * Accepts a dictionary with the following values;
+ * CA_PATH,CA_FILE,CERT_FILE,KEY_FILE
+ * Set the passwordCallback incase the keyfile is encrypted.
+ */
+-(void)setSSLSettings:(NSDictionary *)options passwordCallback:(PasswordCallback) pwdCallback;
+
 /*
  * Publish message to the MQTT Server.
  * return the message id of the published message.
  * Store it and retrieve handle it in the callback.
  */
 -(NSNumber *)publishMessage:(MQTTMessage *)message;
 
-
 /*
  * Set the message retry interval in case of publishing the message
  */
@@ -74,27 +91,21 @@ typedef void (^MQTTSubscribeHandler)(NSArray *qosGranted);
 /*
  * Subscribe Message from the MQTT server with a given topic and quality of service
  */
-
 -(void)subscribeToTopic:(NSString *)topic qos:(MessageQualityOfService)qos subscribeHandler:(MQTTSubscribeHandler)handler;
 
 /*
  * Unsubscribe to topic from the MQTT server
  */
-
 -(void)unsubscribeToTopic:(NSString *)topic;
 
-
 /*
  * Disconnect from Server
  */
 -(void)disconnect;
 
 
-
 @end
 
-
-
 @protocol MQTTMessageDelegate <NSObject>
 
 @optional

diff --git a/MQTT/MQTTClient.m b/MQTT/MQTTClient.m
@@ -34,6 +34,9 @@ @interface MQTTClient()
 @property(nonatomic,strong) NSMutableDictionary *publishQueue;
 @property(nonatomic,strong) NSMutableDictionary *subscribeQueue;
 
+
+@property(nonatomic,strong) PasswordCallback callback;
+
 @end
 
 @implementation MQTTClient
@@ -88,7 +91,7 @@ -(void)connectWithHost:(NSString *)hostName{
 }
 
 -(void)connectWithHost:(NSString *)hostName withPort:(int)port enableSSL:(bool)ssl{
-    [self connectWithHost:hostName withPort:port enableSSL:ssl usingSSLCACert:SSL_CERTIFICATE_PATH];
+    [self connectWithHost:hostName withPort:port enableSSL:ssl usingSSLCACert:nil];
 }
 
 -(void)connectWithHost:(NSString *)hostName withSSL:(BOOL)ssl{
@@ -100,7 +103,7 @@ -(void)connectWithHost:(NSString *)hostName withPort:(int)port enableSSL:(bool)s
     self.host = hostName;
     self.sslEnabled = ssl;
     self.port = port;
-    if(self.sslEnabled){
+    if(self.sslEnabled && certFile){
         const char* caFilePath = [certFile cStringUsingEncoding:NSUTF8StringEncoding];
         int success = mosquitto_tls_set(mosq,caFilePath, NULL, NULL, NULL, NULL);
         if(success == MOSQ_ERR_SUCCESS){
@@ -111,7 +114,9 @@ -(void)connectWithHost:(NSString *)hostName withPort:(int)port enableSSL:(bool)s
     }
 
     const char *cstrHost = [self.host cStringUsingEncoding:NSASCIIStringEncoding];
+
     mosquitto_username_pw_set(mosq, NULL , NULL);
+
     mosquitto_reconnect_delay_set(mosq, self.reconnectDelay, self.reconnectDelayMax, self.reconnectExponentialBackoff);
     mosquitto_connect(mosq, cstrHost, self.port, self.keepAlive);
 
@@ -120,12 +125,27 @@ -(void)connectWithHost:(NSString *)hostName withPort:(int)port enableSSL:(bool)s
     });
 }
 
+-(void)setSSLInsecure:(BOOL)insecure{
+    mosquitto_tls_insecure_set(mosq,insecure);
+}
+
+
+
+-(void)setSSLSettings:(NSDictionary *)options passwordCallback:(PasswordCallback) pwdCallback{
+    const char *certFile = [(NSString *)[options objectForKey:CERT_FILE] cStringUsingEncoding:NSUTF8StringEncoding];
+    const char *caPath = [(NSString *)[options objectForKey:CA_PATH] cStringUsingEncoding:NSUTF8StringEncoding];
+    const char *caFile = [(NSString *)[options objectForKey:CA_FILE] cStringUsingEncoding:NSUTF8StringEncoding];
+    const char *keyFile = [(NSString *)[options objectForKey:KEY_FILE] cStringUsingEncoding:NSUTF8StringEncoding];
+    self.callback = pwdCallback;
+
+    mosquitto_tls_set(mosq, caFile, caPath, certFile, keyFile, on_pw_callback);
+}
+
 #pragma mark disconnect
 -(void)disconnect{
     mosquitto_disconnect(mosq);
 }
 
-
 #pragma mark - Publishing part
 
 -(NSNumber *)publishMessage:(MQTTMessage *)message{
@@ -168,6 +188,12 @@ -(void)dealloc{
 
 #pragma mark - Callback methods from libmosquitto
 
+int on_pw_callback(char *buf, int size, int rwflag, void *userdata){
+    //work on returning the
+    //NSString *password =self.callback();
+    return 0;
+}
+
 void on_connect_callback(struct mosquitto *mosq, void *obj, int rc){
     MQTTClient *client = (__bridge MQTTClient *)obj;
     client.isConnected = (rc == ConnectionAccepted);