MQTT TLS error on EXS82-W | Telit Cinterion IoT Developer Community

April 22, 2021 - 4:46pm, 4867 views

I have configured a Mosquitto server on my local machine:

mosquitto -h
mosquitto version 2.0.10

mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.

Usage: mosquitto [-c config_file] [-d] [-h] [-p port]

 -c : specify the broker config file.
 -d : put the broker into the background after starting.
 -h : display this help.
 -p : start the broker listening on the specified port.
      Not recommended in conjunction with the -c option.
 -v : verbose mode - enable all logging types. This overrides
      any logging options given in the config file.

See https://mosquitto.org/ for more information.

Here is the configuration file I am using:

allow_anonymous false
listener 8883 0.0.0.0

cafile   /home/user/CERTS/ca.crt
certfile /home/user/CERTS/server.crt
keyfile  /home/user/CERTS/server.key

tls_version tlsv1.2

require_certificate true
use_identity_as_username true

I am trying to use the MQTT with TLS, and with this configuration, I am able to subscribe and publish like this:

mosquitto_sub --cafile ca.crt -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -p 8883 -d --cert client.crt --key client.key


mosquitto_pub -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -m "***** world!" -p 8883 -d --cert client.crt --key client.key --cafile ca.crt

Obs.: AAAA.BBBB.CCCC.DDDD is just to hide my public IP, but I have already tested that my Mosquitto is accessible in an outside network (my IP is publicly accessible).

Up to this point, everything is working as I expected, where I can connect locally and outside my network.

The problem is when I try to connect it with a Cinterion module, which supports specification OASIS MQTT Version 3.1.1.

Also, the Cinterion module EXS82-W is using TLS version 1.2, which is the same as the Mosquitto.

However, when I try to connect the Cinterion module I get this error:

1619097715: New connection from AAAA.BBBB.CCCC.DDDD:1234 on port 8883.
1619097717: OpenSSL Error[0]: error:141A20F4:SSL routines:ossl_statem_server_read_transition:unexpected message
1619097717: Client <unknown> disconnected: Protocol error.

I do not know what is wrong here.

If I comment from the config file these two attributes:

# require_certificate true
# use_identity_as_username true

Then clients do not connect anymore, and I get this error (when trying to connect via mosquitto_sub):

mosquitto_sub --cafile ca.crt -h AAAA.BBBB.CCCC.DDDD -t "mqtttest" -p 8883 -d --cert client.crt --key client.key
Client (null) sending CONNECT
Client (null) received CONNACK (5)
Connection error: Connection Refused: not authorised.
Client (null) sending DISCONNECT

And, if I try to connect with the Cinterion module, I get this:

1619101865: New connection from AAAA.BBBB.CCCC.DDDD:1234 on port 8883.
1619101866: OpenSSL Error[0]: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
1619101866: Client <unknown> closed its connection.

Osb.: I had followed this tutorial on how to configure MQTT to use TLS communication, which is the steps that have worked so far for me.

My system is Ubuntu 20.04, kernel 5.4.0-72-generic

Cinterion module: EXS82-W B2.1

Mosquitto Server 2.0.10

TLS version used: 1.2

Running ATI1 on module:

Terminal ready
ATI1
Cinterion
EXS82-W
REVISION 01.100
A-REVISION 01.000.14

OK

For these tests, I am using the MQTT example from the SDK, which I had to just update the IP of the MQTT Server, and the certificates for the new ones I had generated.

Comment

Bartłomiej Gema...

Apr 23 2021 - 11:16am

Hello,

Have you seen this https://iot-developer.thalesgroup.com/showcase/mqtts-demo-using-embedded...
Is your MQTT example same?
Do you have any logs from the module side?
Have you tried with any public MQTT test server?
You could also try with AT commands for reference.

Best regards,
Bartłomiej

Like
1
Log in or register to post comments

cassianocampes

Apr 29 2021 - 3:34pm

Hello,

Thanks for the shared codes.

However, I am still not able to connect.

Considering that I copied all the files you mentioned to the SDK/examples/mqtt, accordingly.

These were the steps I executed with the code you provided:

1 - Download the certificates using the SDK

sudo python2.7 app.py download ../examples/mqtt/certs/demo_certificate.pem

sudo python2.7 app.py download ../examples/mqtt/certs/demo_certificate_key.pem

sudo python2.7 app.py download ../examples/mqtt/certs/demo_rootca.pem

2 - Verify the mqtt.c file, and change the required items, such as APN.

For this, the changes I have made were just the APN on line 140, and APN username and password, at lines 141, and 142, respectively.

I didn't change the username_ptr neither password_ptr in the mqtt configuration (lines 145 ~ 148). I assume that the MQTT server on Thales side is configured for that.

The mqtt_server_ip is the same as in the file, 123.56.73.138 (line 162).

Also, the "#define ENABLE_SSL_MQTT" is set, thus, the mqtts will be used.

I also added some extra debug messages, just to enrich the debugging messages to identify what could be the cause of the connection not happening.

3 - Compile the example:

./build.sh 
No DAM_RO_BASE given - choose default, which is 0x43000000!
Application RO base selected = 0x43000000
txm_module_preamble_llvm compiled sucessfully
DAM APP compilation succeed
Linking Demo application
Input File: ./build/mqtt.elf [32-bit size: 118936 (0x1d098)]
Output Binary Format: ./build/mqtt.bin Bit Width: 8, Bank: 1
Demo application is built at ./build/mqtt.bin

4 - Download the compiled example to the module:

sudo python2.7 app.py download ../examples/mqtt/build/mqtt.bin 
Would you like to ***** the application on target with the new one ? [y/n]: y
Sent 100 %    
Done !

5 - Here is the AT commands to prove that the module has a connection with the internet (sensitive data I changed to " ****** ") :

Type [C-a] [C-h] to see available commands
Terminal ready
^SUSRW: 2,"00:22:25:118 CRIT:mqtt.c,230: cleanup: MY CLEANUP"
at
OK
AT+CFUN=1,1
OK

^SYSSTART

+CIEV: prov,0,"fallb3gpp"
AT
OK
AT
OK
AT
OK
AT+CPSMS=0
OK
ATE1
OK
AT+CMEE=2
OK
AT^SGAUTH=1,1,*****,*****
OK
AT+CGDCONT=1,"IPV4V6",*********
OK
AT+CEREG=2
OK
AT+COPS=2
OK

+CEREG: 0
AT+COPS=1,2,"72406",7
OK

+CEREG: 4

+CEREG: 2

+CEREG: 1,"894F","0F5DA733",7
AT
OK
AT^SMONI
^SMONI: Cat.M1,***********,CONN,1

OK
AT^SICA=1,1
OK
AT^SISX="Ping",1,"8.8.8.8",5,5000
^SISX: "Ping",1,1,"8.8.8.8",126
^SISX: "Ping",1,1,"8.8.8.8",94
^SISX: "Ping",1,1,"8.8.8.8",140
^SISX: "Ping",1,1,"8.8.8.8",97
^SISX: "Ping",1,1,"8.8.8.8",108
^SISX: "Ping",2,1,5,5,0,0
^SISX: "Ping",3,1,94,140,113

OK

6 - Then, I started the application:

sudo python2.7 app.py start mqtt

7 - And connected the logger to see the debug messages:

sudo python2.7 log.py read -d /dev/ttyUSB0 
/dev/ttyUSB0
Cinterion Logging Tool ++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start logging on URC shared port (/dev/ttyUSB0) at 2021-04-29 09:52:25... (use Control-C to exit)
MAIN EVENT WAIT FOR 0x27
SIGNAL EVENT IS [0x4] status=0
NETCTRL_SIG_EVT_CONNECTED_EVENT Signal
test_dam_mqtt_sample: start
MQTT New Successfull, mqtt handle 0x29995cfa
dam_mqtt_config: start
MQTT Server IP: 123.56.73.138 Port: 8883
MQTT Configuration: client id [mqtt_client1], client id len=12
MQTT Configuration: username [mqtt_user1], username len = 10
MQTT Configuration: password [mqtt_user1_pw], password len = 13
MQTT Configuration: will topic [mqttwill], topic len = 8
MQTT Configuration: connack timeout_sec = 120, keepalive duration = 60
MQTT SSL is enabled
00:01:43:915 INFO:mqtt.c,701: read 1285 bytes from file=/demo_rootca.pem
00:01:44:008 INFO:mqtt.c,646: convert/store for ca_list.bin rc=0
00:01:44:010 INFO:mqtt.c,771: util_CopyCertoToCertBuf: Type=2 CertStoreName=ca_list.bin file=/demo_rootca.pem key=<empty> rc=0
00:01:44:013 INFO:mqtt.c,701: read 1176 bytes from file=/demo_certificate.pem
00:01:44:017 INFO:mqtt.c,701: read 1679 bytes from file=/demo_certificate_key.pem
00:01:44:113 INFO:mqtt.c,646: convert/store for crt.bin rc=0
00:01:44:116 INFO:mqtt.c,771: util_CopyCertoToCertBuf: Type=1 CertStoreName=crt.bin file=/demo_certificate.pem key=/demo_certificate_key.pem rc=0
dam_mqtt_connect: start
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20044
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20042
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20044
MQTT IS NOT CONNECTED, rc= -20044
dam_mqtt_connect: connect request sent
***** = 0
Topic Publish on counter is Failed
***** = 1
Topic Publish on counter is Failed
***** = 2
Topic Publish on counter is Failed

I also tested to connect to THALES via mosquitto_sub / mosquitto_pub clients, using these very same certificates, and I could succeed, below the logs:

Subscriber:

mosquitto_sub --cafile demo_rootca.pem -h 123.56.73.138 -t "mqttwill" -p 8883 -d --cert demo_certificate.pem --key demo_certificate_key.pem 
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: mqttwill, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
Client (null) sending PINGREQ
Client (null) received PINGRESP
Client (null) sending PINGREQ
Client (null) received PINGRESP
Client (null) received PUBLISH (d0, q0, r0, m0, 'mqttwill', ... (12 bytes))
Hello world!
Client (null) sending PINGREQ
Client (null) received PINGRESP

Publisher:

 mosquitto_sub -h 123.56.73.138 -t "mqttwill" -m "Hello world!
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending PUBLISH (d0, q0, r0, m1, 'mqttwill', ... (12 bytes))
Client (null) sending DISCONNECT

As you can see, the publisher published on "mqttwill" successfully, and the subscriber received it successfully.

UPDATE:

There are these other AT commands that I've tried as well.

Terminal ready
^SUSRW: 2,"00:26:40:052 CRIT:mqtt.c,230: cleanup: MY CLEANUP"
at
OK
at
OK
AT^CGDCONT=1,"IPV4V6","**************"
+CME ERROR: unknown
AT^SICA=0,1
OK
AT^SISS=1,srvType,"Mqtt"
OK
AT^SISS=1,conId,"1"
OK
AT^SISS=1,address,"mqtts://123.56.73.138:8883;connackTimeout=30"
OK
AT^SISS=1,secopt,1
OK
AT^SISS=1,clientId,"EXS62-W_123456"
OK
AT^SISS=1,cleanSession,"1"
OK
AT^SISS=1,ipVer,"4"
OK
AT^SISS=1,cmd,"publish"
OK
AT^SISS=1,Topic,"mqttwill"
OK
AT^SICA=1,1
OK
AT^SIND=is_cert,1
^SIND: is_cert,1,0,"","","","","",""

OK
AT^SISO=1,2
OK

^SIS: 1,0,76,"Certificate format error"

Please, notice that for these commands, there is a "Certificate format error" message at the end, as well as "AT^SIND=is_cert,1" does not show any certificate.

Like
0
Log in or register to post comments

cassianocampes

Apr 29 2021 - 3:40pm

The unsecure connection works fine.

I just disable the "ENABLE_SSL_MQTT" on mqtt.c file, and here are the logs:

sudo python2.7 log.py read -d /dev/ttyUSB0 
/dev/ttyUSB0
Cinterion Logging Tool ++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start logging on URC shared port (/dev/ttyUSB0) at 2021-04-29 10:27:16... (use Control-C to exit)
MQTT Demo Start
allocate event rc=0
create event rc=0
qapi_DSS_Init() success
Registering Callback dss handle
dss handle=0x440d64ce, status=0, SUCCESS
Registed netctrl_dss_handler success
00:36:30:645 INFO:mqtt.c,354: Set TECH_PREF to AUTO, rc=0
Set APN=**********, rc=0
Set APN_USER=*****, rc=0
Set APN_PASSWORD=******, rc=0
Set IP_family=IPv_4 (2:NonIP 4:v4 6:v6 10:v4_6)
Set UMTS_PROFILE_IDX=1, rc=0
qapi_DSS_Start_Data_Call start
Start Data service success
MAIN EVENT WAIT FOR 0x27
SIGNAL EVENT IS [0x4] status=0
NETCTRL_SIG_EVT_CONNECTED_EVENT Signal
test_dam_mqtt_sample: start
MQTT New Successfull, mqtt handle 0x3985dedb
dam_mqtt_config: start
MQTT Server IP: 123.56.73.138 Port: 1883
MQTT Configuration: client id [mqtt_client1], client id len=12
MQTT Configuration: username [mqtt_user1], username len = 10
MQTT Configuration: password [mqtt_user1_pw], password len = 13
MQTT Configuration: will topic [mqttwill], topic len = 8
MQTT Configuration: connack timeout_sec = 120, keepalive duration = 60
dam_mqtt_connect: start
dam_mqtt_connect: Connecting...
Connection Callback: connect Successfully
dam_mqtt_subscribe: start
Topic Subscribe Failed
MQTT Connected, rc= 0
MQTT IS CONNECTED!!!!, rc= 0
dam_mqtt_connect: connect request sent
***** = 0
Topic Publish on *****er is Success
Publish Callback: msg_type=5, qos=2
Publish Callback: msg_type=7, qos=2
***** = 1
Topic Publish on *****er is Success
Publish Callback: msg_type=5, qos=2
Publish Callback: msg_type=7, qos=2

And, I also connected the mosquitto_sub to see the messages comming, and here are the logs:

 mosquitto_sub -h 123.56.73.138 -t "*****er" -p 1883 -d
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: *****er, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 0
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 1
Client (null) sending PINGREQ
Client (null) received PINGRESP
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 2
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 3
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 4
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 5
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 6
Client (null) received PUBLISH (d0, q0, r0, m0, '*****er', ... (17 bytes))
publish ***** = 7

Like
0
Log in or register to post comments

cassianocampes

May 4 2021 - 2:36am

Hello Bartłomiej , are these informations good for you to check if I am doing something wrong?

Thanks.

Like
0
Log in or register to post comments

Bartłomiej Gema...

May 4 2021 - 10:39am

Hello,

Thank you for all the information. Unfortunately I don't have experience with this topic and had to ask a college for advice. I hope to hear from him soon.

Best regards,

Bartłomiej

Like
0
Log in or register to post comments

cassianocampes

May 5 2021 - 2:14pm

Hello,

To help further on debugging, I added some more verifications on the code based on the return codes that have been happening.

If you take a loop at the end of the logs below, it is telling that the TCP bind failed "QAPI_NET_MQTT_ERR_TCP_BIND_FAILED".

Cinterion Logging Tool ++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start logging on URC shared port (/dev/ttyUSB0) at 2021-05-05 09:11:42... (use Control-C to exit)
MQTT Demo Start
allocate event rc=0
create event rc=0
qapi_DSS_Init() success
Registering Callback dss handle
dss handle=0xb4cafc21, status=0, SUCCESS
Registed netctrl_dss_handler success
00:00:32:966 INFO:mqtt.c,299: Set TECH_PREF to AUTO, rc=0
Set APN=*******, rc=0
Set APN_USER=*****, rc=0
Set APN_PASSWORD=*******, rc=0
Set IP_family=IPv_4 (2:NonIP 4:v4 6:v6 10:v4_6)
Set UMTS_PROFILE_IDX=1, rc=0
qapi_DSS_Start_Data_Call start
Start Data service success
netctrl_event_cb) QAPI_DSS_EVT_NET_IS_CONN_E
MAIN EVENT WAIT FOR 0x27
SIGNAL EVENT IS [0x4] status=0
NETCTRL_SIG_EVT_CONNECTED_EVENT Signal
test_dam_mqtt_sample: start
MQTT New Successfull, mqtt handle 0x8cf9530d
dam_mqtt_config: start
MQTT Server IP: 123.56.73.138 Port: 8883
MQTT Configuration: client id [mqtt_client1], client id len=12
MQTT Configuration: username [mqtt_user1], username len = 10
MQTT Configuration: password [mqtt_user1_pw], password len = 13
MQTT Configuration: will topic [mqttwill], topic len = 8
MQTT Configuration: connack timeout_sec = 120, keepalive duration = 60
MQTT SSL is enabled
00:00:38:039 INFO:mqtt.c,653: read 1285 bytes from file=/demo_rootca.pem
util_certstore_load:555) QAPI_NET_SSL_CA_LIST_E
00:00:38:133 INFO:mqtt.c,597: convert/store for ca_list.bin rc=0
convert/store for ca_list.bin rc=0
00:00:38:137 INFO:mqtt.c,723: util_CopyCertoToCertBuf: Type=2 CertStoreName=ca_list.bin file=/demo_rootca.pem key=<empty> rc=0
00:00:38:140 INFO:mqtt.c,653: read 1176 bytes from file=/demo_certificate.pem
00:00:38:142 INFO:mqtt.c,653: read 1679 bytes from file=/demo_certificate_key.pem
util_certstore_load:569) QAPI_NET_SSL_CERTIFICATE_E
00:00:38:231 INFO:mqtt.c,597: convert/store for crt.bin rc=0
convert/store for crt.bin rc=0
00:00:38:235 INFO:mqtt.c,723: util_CopyCertoToCertBuf: Type=1 CertStoreName=crt.bin file=/demo_certificate.pem key=/demo_certificate_key.pem rc=0
dam_mqtt_connect: start
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20044
QAPI_NET_MQTT_ERR_TCP_BIND_FAILED
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20042
QAPI_NET_MQTT_ERR_TCP_BIND_FAILED
dam_mqtt_connect: Connecting...
MQTT Connect Failed, Error type -20044
QAPI_NET_MQTT_ERR_TCP_BIND_FAILED
MQTT IS NOT CONNECTED, rc= -20044
dam_mqtt_connect: connect request sent
^C...End logging 2021-05-05 09:12:22

Like
0
Log in or register to post comments

cassianocampes

May 6 2021 - 2:43am

Hello,

I could succeed now to fix the problem.

To summarize, I have changed these parameters:

changed the cipher orders to this:

_mqtt_config.ssl_cfg.cipher[0] = QAPI_NET_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
    _mqtt_config.ssl_cfg.cipher[1] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
    _mqtt_config.ssl_cfg.cipher[2] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
    _mqtt_config.ssl_cfg.cipher[3] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
    _mqtt_config.ssl_cfg.cipher[4] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
    _mqtt_config.ssl_cfg.cipher[5] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
    _mqtt_config.ssl_cfg.cipher[6] = QAPI_NET_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
    _mqtt_config.ssl_cfg.cipher[7] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;

changed the time_Validity = 0;
changed send_alert = 0;
added _mqtt_config.ssl_cfg.***_Frag_Len = 4096;
added _mqtt_config.ssl_cfg.***_Frag_Len_Neg_Disable = 0;

Here is the complete paste of the code, it contains some extra debug messages, but replacing to this code, works fine:

/******************************************************************************

 Copyright (C) 2020 THALES DIS AIS Deutschland GmbH

 This software is protected by international intellectual property laws and
 treaties. Customer shall not reverse engineer, decompile or disassemble the
 source code and shall only use the source code for the purpose of evaluation,
 analysis and to provide feedback thereon to Gemalto. Any right, title and
 interest in and to the source code, other than those expressly granted to the
 customer under this agreement, shall remain vested with Gemalto. This
 license may be terminated by Gemalto at any time in writing. Customer
 undertakes not to provide third parties with the source code. In particular,
 Customer is not allowed to sell, to lend or to license the source code or to
 make it available to the public.

 The information contained in this document is considered the CONFIDENTIAL and
 PROPRIETARY information of Gemalto M2M GmbH and may not be
 disclosed or discussed with anyone who is not employed by Gemalto M2M
 GmbH, unless the individual company:

 i)  has an express need to know such information, and

 ii) disclosure of information is subject to the terms of a duly executed
 Confidentiality  and Non-Disclosure Agreement between Gemalto M2M GmbH
 and the individual company.

 THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
 EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
 GEMALTO, ITS LEGAL REPRESENTATIVES AND VICARIOUS AGENTS SHALL - IRRESPECTIVE
 OF THE LEGAL GROUND - ONLY BE LIABLE FOR DAMAGES IF THE DAMAGE WAS CAUSED
 THROUGH CULPABLE BREACH OF A MAJOR CONTRACTUAL OBLIGATION (CARDINAL DUTY),
 I.E. A DUTY THE FULFILMENT OF WHICH ALLOWS THE PROPER EXECUTION OF THE
 RESPECTIVE AGREEMENT IN THE FIRST PLACE OR THE BREACH OF WHICH PUTS THE
 ACHIEVEMENT OF THE PURPOSE OF THE AGREEMENT AT STAKE, RESPECTIVELY, AND ON
 THE FULFILMENT OF WHICH THE RECIPIENT THEREFORE MAY RELY ON OR WAS CAUSED BY
 GROSS NEGLIGENCE OR INTENTIONALLY. ANY FURTHER LIABILITY FOR DAMAGES SHALL -
 IRRESPECTIVE OF THE LEGAL GROUND - BE EXCLUDED. IN THE EVENT THAT GEMALTO
 IS LIABLE FOR THE VIOLATION OF A MAJOR CONTRACTUAL OBLIGATION IN THE ABSENCE
 OF GROSS NEGLIGENCE OR WILFUL CONDUCT, SUCH LIABILITY FOR DAMAGE SHALL BE
 LIMITED TO AN EXTENT WHICH, AT THE TIME WHEN THE RESPECTIVE AGREEMENT IS
 CONCLUDED, GEMALTO SHOULD NORMALLY EXPECT TO ***** DUE TO CIRCUMSTANCES THAT
 THE PARTIES HAD KNOWLEDGE OF AT SUCH POINT IN TIME. GEMALTO SHALL IN NO
 EVENT BE LIABLE FOR INDIRECT AND CONSEQUENTIAL DAMAGES OR LOSS OF PROFIT.
 GEMALTO SHALL IN NO EVENT BE LIABLE FOR AN AMOUNT EXCEEDING EUR 20,000.00
 PER EVENT OF  DAMAGE. WITHIN THE BUSINESS RELATIONSHIP THE OVERALL LIABILITY
 SHALL BE  LIMITED TO A TOTAL OF EUR 100,000.00. CLAIMS FOR DAMAGES SHALL
 BECOME TIME-BARRED AFTER ONE YEAR AS OF THE BEGINNING OF THE STATUTORY
 LIMITATION PERIOD. IRRESPECTIVE OF THE LICENSEE'S KNOWLEDGE OR GROSS NEGLIGENT
 LACK OF  KNOWLEDGE OF THE CIRCUMSTANCES GIVING RISE FOR A LIABILITY ANY CLAIMS
 SHALL BECOME TIME-BARRED AFTER FIVE YEARS AS OF THE LIABILITY *****. THE
 AFOREMENTIONED LIMITATION OR EXCLUSION OF LIABILITY SHALL NOT APPLY IN THE
 CASE OF CULPABLE INJURY TO LIFE, BODY OR HEALTH, IN CASE OF INTENTIONAL ACTS,
 UNDER THE LIABILITY PROVISIONS OF THE GERMAN PRODUCT LIABILITY ACT
 (PRODUKTHAFTUNGSGESETZ) OR IN CASE OF A CONTRACTUALLY AGREED OBLIGATION TO
 ASSUME LIABILITY IRRESPECTIVE OF ANY FAULT (GUARANTEE).

 IN THE EVENT OF A CONFLICT BETWEEN THE PROVISIONS OF THIS AGREEMENT AND
 ANOTHER AGREEMENT REGARDING THE SOURCE CODE (EXCEPT THE GENERAL TERMS AND
 CONDITIONS OF GEMALTO) THE OTHER AGREEMENT SHALL PREVAIL.

 All rights created by patent grant or registration of a utility model or
 design patent are reserved.
******************************************************************************/

#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <stdarg.h>
#include <stdbool.h>

#include "qapi_fs_types.h"
#include "qapi_status.h"
#include "qapi_socket.h"
#include "qapi_dss.h"
#include "qapi_netservices.h"

#include "qapi_uart.h"
#include "qapi_timer.h"
#include "qapi_diag.h"
#include "qapi_ns_utils.h"

#include "qapi_ssl.h"
#include "qapi_fs.h"
#include "qapi_fs_types.h"

#include "qapi_mqtt.h"

#include "gina.h"

/**
    ************** TEST SETUP **************

    This test is intended to show
     *  a generic mqtt(s) handling
     *  some memory pool handling
     *  some event handling

    Every setup value is compiled into the application.

    Preconditions:
      - PIN unlocked
      - module successfully attached to the network
      - used PDP context not yet established from
        host, IP Services or another DAM application

    To do this request, a valid PDP context has to be
    established before, this is done by this application:
      - Please change apn, apn_username, apn_passwd
        to valid values of your your used network
      - The contexct has to exist in CGDCONT database:
        Please add this context (once, persitent) with
          AT+CGDCONT=<ProfileIdx>,<IpVer>,<APN>
        with the correct values before using it.
      - this application will use the default APN @index 1

    For mqtts, the used certificates from the TLS demo can be resued, to
    be found in ../tls/certs
    To use them, the *.pem files have to be copied to FFS root.

    mqtts demo will read its used certs always from
      /demo_certificate.pem       --> client cert
      /demo_certificate_key.pem   --> client cert private key
      /demo_rootca.pem            --> a validation rootca
    Please keep the name unchanged, otherwise please update the names in following codes.

    As in every example program, flash lifetime is not optimized.
    Global certificate loading/removing functions like
      qapi_Net_SSL_Cert_Convert_And_Store
      qapi_Net_SSL_Cert_delete
    work on the secured file system by adding/removing certificates
    with a module unique key. This is very secure, but
    should not called on every application start or stop.
    Like every continuous flash write access, this would
    decrease flash lifetime.
*/

// TESTNET; PLEASE CHANGE TO YOUR NETWORK PROVIDER FOR A VALID NETWORK CONNECTION!!!
static char apn[] = "YOUR_APN_HERE";
static char apn_username[] = "USERNAME";
static char apn_passwd[] = "PASSWORD";

//mqtt configuration
static char will_topic_ptr[] = "mqttwill";
static char will_message_ptr[] = "This is a will message from willTopic";
static char username_ptr[] = "mqtt_user1";
static char password_ptr[] = "mqtt_user1_pw";

/* Enable MQTT WILL Management */
#define ENABLE_MQTT_WILL

/*Choose which to support, ipv4 or ipv6. Then update the mqtt_server_ip address*/
#define ENABLE_MQTT_IPV4
//#define ENABLE_MQTT_IPV6
static char mqtt_server_ip[] = "123.56.73.138"; // Bln MQTT Test Server Address

/*Disabled by default. Uncomment this if mqtts is used*/
#define ENABLE_SSL_MQTT

#ifdef ENABLE_SSL_MQTT
static char mqtts_server_ip[] = "123.56.73.138"; // Bei MQTTS Test Server Address
#define CERT_FILE           "crt.bin"
#define ROOT_CA_File        "ca_list.bin"
#endif

/*===========================================================================
                           Global variable
===========================================================================*/

typedef enum
{
    NETCTRL_DSSLIB_STATE_CLOSED,
    NETCTRL_DSSLIB_STATE_FAILED,
    NETCTRL_DSSLIB_STATE_OPENED
} DSS_Lib_Status_e;

typedef enum
{
    NETCTRL_SIG_EVT_INVALID_EVENT     = 0x0001,
    NETCTRL_SIG_EVT_NOCONN_EVENT      = 0x0002,
    NETCTRL_SIG_EVT_CONNECTED_EVENT   = 0x0004,
    NETCTRL_SIG_EVT_DISCONNECTED_EVENT= 0x0010,
    NETCTRL_SIG_EVT_EXIT_EVENT        = 0x0020
} DSS_Signal_Evt_e;

static signed char netctrl_lib_status = NETCTRL_DSSLIB_STATE_CLOSED;
static qapi_DSS_Net_Evt_t netctrl_pdp_status = QAPI_DSS_EVT_INVALID_E;
static qapi_DSS_Hndl_t netctrl_dss_handle = NULL;

static TX_EVENT_FLAGS_GROUP *main_signal_hndl;


static qapi_Net_MQTT_Hndl_t    _mqtt_handle = NULL;
static qapi_Net_MQTT_Config_t  _mqtt_config;

#define _htons(x) ((unsigned short)((((unsigned short)(x) & 0x00ff) << 8) | (((unsigned short)(x) & 0xff00) >> 8)))
#define _ntohs(x) ((unsigned short)((((unsigned short)(x) & 0x00ff) << 8) | (((unsigned short)(x) & 0xff00) >> 8)))


//-------------------------DEBUG-----------------------
#define DSS_ADDR_SIZE       16
#define DSS_ADDR_INFO_SIZE  5
#define GET_ADDR_INFO_MIN(a, b) ((a) > (b) ? (b) : (a))

/*===========================================================================
                               FUNCTION
===========================================================================*/


#define TEST_BYTE_POOL_SIZE 30720*8

static TX_BYTE_POOL *byte_pool_test;
static uint32 free_memory_test[TEST_BYTE_POOL_SIZE/4];

static int netctrl_stop(void);
static qapi_Status_t dam_byte_pool_deinit(void);


/* cleanup used resources */
static void cleanup(void * data)
{
  if (main_signal_hndl != NULL) {
    tx_event_flags_delete(main_signal_hndl);
    txm_module_object_deallocate(main_signal_hndl);
  }

  dam_byte_pool_deinit();
  gina_cleanup();
  GINA_UWLOG_CRITICAL("cleanup: %s", (gchar *)data);
}


/*!
    @brief
    Create byte pool for DAM application.
    @return
    None
*/
/*=========================================================================*/
static qapi_Status_t dam_byte_pool_init(void)
{
    int ret;

    /* Allocate byte_pool_dam (memory heap) */
    ret = txm_module_object_allocate(&byte_pool_test, sizeof(TX_BYTE_POOL));
    if(ret != TX_SUCCESS)
    {
      gina_uwlog_printf("Allocate byte_pool_dam fail");
      return ret;
    }

    /* Create byte_pool_dam */
    ret = tx_byte_pool_create(byte_pool_test,
                              "Test pool",
                              free_memory_test,
                              TEST_BYTE_POOL_SIZE);
    if(ret != TX_SUCCESS)
    {
      gina_uwlog_printf("Create byte_pool_dam fail");
      return ret;
    }

    return ret;
}


static qapi_Status_t dam_byte_pool_deinit(void)
{
    int ret;

    ret = tx_byte_pool_delete(byte_pool_test);
    if(ret != TX_SUCCESS) {
        GINA_UWLOG_INFO("delete byte_pool fail");
        return ret;
    }

    /* Allocate byte_pool_dam (memory heap) */
    ret = txm_module_object_deallocate(byte_pool_test);
    if(ret != TX_SUCCESS) {
        GINA_UWLOG_INFO("Deallocate byte_pool fail");
    }
    return ret;
}


static void netctrl_event_cb
(
  qapi_DSS_Hndl_t         hndl,
  void                    *user_data,
  qapi_DSS_Net_Evt_t      evt,
  qapi_DSS_Evt_Payload_t  *payload_ptr
)
{
  /*****************************
   ATTENTION: DO NOT CALL ANY
   GINA/QAPI FUNCTIONS CAUSE THEY
   USUALLY RUN INTO A SYSCALL
   NOT POSSIBLE HERE
   *****************************/

    qapi_Status_t status = QAPI_OK;

    switch (evt)
    {
        case QAPI_DSS_EVT_NET_IS_CONN_E:
            //** datacall connected */;
            /* Signal main task */
            netctrl_pdp_status = QAPI_DSS_EVT_NET_IS_CONN_E;
            tx_event_flags_set(main_signal_hndl,
                                NETCTRL_SIG_EVT_CONNECTED_EVENT, TX_OR);

			gina_uwlog_printf("%s) QAPI_DSS_EVT_NET_IS_CONN_E", __func__);
            break;

        case QAPI_DSS_EVT_NET_NO_NET_E:
            if (QAPI_DSS_EVT_NET_IS_CONN_E == netctrl_pdp_status)
            {
                tx_event_flags_set(main_signal_hndl,
                                    NETCTRL_SIG_EVT_EXIT_EVENT, TX_OR);
				gina_uwlog_printf("%s) QAPI_DSS_EVT_NET_IS_CONN_E", __func__);
            }
            else
            {
                /* DSS status maybe QAPI_DSS_EVT_NET_NO_NET_E
                    before data call establishment */
                tx_event_flags_set(main_signal_hndl,
                                    NETCTRL_SIG_EVT_NOCONN_EVENT, TX_OR);
				gina_uwlog_printf("%s) ! QAPI_DSS_EVT_NET_IS_CONN_E", __func__);
            }
			gina_uwlog_printf("%s) QAPI_DSS_EVT_NET_NO_NET_E", __func__);
            break;
        default:
            /* Signal main task */
            tx_event_flags_set(main_signal_hndl,
                              NETCTRL_SIG_EVT_INVALID_EVENT, TX_OR);
			gina_uwlog_printf("%s) NETCTRL_SIG_EVT_INVALID_EVENT", __func__);
            break;
    }
}


static int netctrl_SetPDPParams(int IpVer)
{
    qapi_Status_t rc;
    qapi_DSS_Call_Param_Value_t param_info;

    if (NULL == netctrl_dss_handle) {

        gina_uwlog_printf("Dss handler is NULL!!!");
        return -1;
    }

    /* set data call param */
    param_info.buf_val = NULL;
    param_info.num_val = QAPI_DSS_RADIO_TECH_UNKNOWN;
    rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                      QAPI_DSS_CALL_INFO_TECH_PREF_E,
                                      &param_info);
    GINA_UWLOG_INFO("Set TECH_PREF to AUTO, rc=%d", rc);

    /* set apn */
    param_info.buf_val = apn;
    param_info.num_val = strlen(apn);
    rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                      QAPI_DSS_CALL_INFO_APN_NAME_E,
                                      &param_info);
    gina_uwlog_printf("Set APN=%s, rc=%d", apn, rc);

    if (strlen(apn_username)>0)
    {
        /* set apn username */
        param_info.buf_val = apn_username;
        param_info.num_val = strlen(apn_username);
        rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                          QAPI_DSS_CALL_INFO_USERNAME_E,
                                          &param_info);
        gina_uwlog_printf("Set APN_USER=%s, rc=%d", apn_username, rc);

        /* set apn password */
        param_info.buf_val = apn_passwd;
        param_info.num_val = strlen(apn_passwd);
        rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                          QAPI_DSS_CALL_INFO_PASSWORD_E,
                                          &param_info);
        gina_uwlog_printf("Set APN_PASSWORD=%s, rc=%d", apn_passwd, rc);
    }

    /* set IP version(NON-IP IPv4 or IPv6) */
    param_info.buf_val = NULL;
    param_info.num_val = IpVer;
    rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                      QAPI_DSS_CALL_INFO_IP_VERSION_E,
                                      &param_info);
    gina_uwlog_printf("Set IP_family=IPv_%d (2:NonIP 4:v4 6:v6 10:v4_6)", param_info.num_val, rc);

    /**
        depending from the used network, not every +CGDCONT position is usable
        from DAM application.

        Often, 1-4 is used internally by the modem, and the
        customer has to use 5++

        Sometimes (i.e. Verizon) the usage of a dedicated APN index + name is
        dedicated.

        PLEASE NOTE:
        The contexct has to exist!
        Please add this context (once, persitent) with
          AT+CGDCONT=<ProfileIdx>,<IpVer>,<APN>
        with the correct values before using it.

        The MQTT example use the default context on Idx 1 for a connection.
    */
    param_info.buf_val = NULL;
    param_info.num_val = 1;
    rc = qapi_DSS_Set_Data_Call_Param(netctrl_dss_handle,
                                      QAPI_DSS_CALL_INFO_UMTS_PROFILE_IDX_E,
                                      &param_info);
    gina_uwlog_printf("Set UMTS_PROFILE_IDX=%d, rc=%d", param_info.num_val, rc);

    /** we currently ignore any error; for a
        product, this is not the best idea */
    return 0;
}



/* Initializes the DSS netctrl library for the specified operating mode */
static int netctrl_init(void)
{
    int ret_val = 0;
    qapi_Status_t status = QAPI_OK;

    /* Initializes the DSS netctrl library */
    if (QAPI_OK == qapi_DSS_Init(QAPI_DSS_MODE_GENERAL))
    {
        netctrl_lib_status = NETCTRL_DSSLIB_STATE_OPENED;
        gina_uwlog_printf("qapi_DSS_Init() success");
    }
    else
    {
        /* @Note: netctrl library has been initialized */
        netctrl_lib_status = NETCTRL_DSSLIB_STATE_FAILED;
        gina_uwlog_printf("qapi_DSS_Init() failed;"
                          " continue anyway (already initialized?)");
    }

    /* Registering callback */
    do
    {
        gina_uwlog_printf("Registering Callback dss handle");

        status = qapi_DSS_Get_Data_Srvc_Hndl(netctrl_event_cb, NULL,
                                              &netctrl_dss_handle);
        gina_uwlog_printf("dss handle=%p, status=%d, %s",
                          netctrl_dss_handle,
                          status,
                          NULL==netctrl_dss_handle?"FAIL, RETRY":"SUCCESS");

        if (NULL != netctrl_dss_handle)
        {
          gina_uwlog_printf("Registed netctrl_dss_handler success");
          break;
        }

        /* retry each 100 ms if failed*/
        qapi_Timer_Sleep(100, QAPI_TIMER_UNIT_MSEC, true);
    } while(1);

    return ret_val;
}



static int netctrl_start(void)
{
    int rc = 0;

    if (0 == netctrl_init())
    {
        /* Get valid DSS handler and set the data call parameter */
        #ifdef ENABLE_MQTT_IPV4
        netctrl_SetPDPParams(QAPI_DSS_IP_VERSION_4);
        #endif

        #ifdef ENABLE_MQTT_IPV6
        netctrl_SetPDPParams(QAPI_DSS_IP_VERSION_6);
        #endif

        gina_uwlog_printf("qapi_DSS_Start_Data_Call start");
        if (QAPI_OK == qapi_DSS_Start_Data_Call(netctrl_dss_handle))
        {
            gina_uwlog_printf("Start Data service success");
        }
        else
        {
            rc = -1;
        }
    }
    else
    {
        gina_uwlog_printf("dss_init fail.");
        rc = -1;
    }
    return rc;
}



static int netctrl_stop(void)
{
    qapi_Status_t status;

    if (netctrl_dss_handle)
    {
        status = qapi_DSS_Stop_Data_Call(netctrl_dss_handle);
        gina_uwlog_printf("Stop data call, rc=%d", status);

        status = qapi_DSS_Rel_Data_Srvc_Hndl(netctrl_dss_handle);
        gina_uwlog_printf("Release dss handle, rc=%d", status);
    }

    status = qapi_DSS_Release(QAPI_DSS_MODE_GENERAL);
    gina_uwlog_printf("netctrl_stop: qapi_DSS_Release(), rc=%d", status);
    return 0;
}

#ifdef ENABLE_SSL_MQTT

void *util_data_malloc(uint32_t size)
{
  void *data = NULL;
  uint32_t status;

  if (0 == size) {
    return NULL;
  }

  status = tx_byte_allocate(byte_pool_test, (VOID **)&data, size, TX_NO_WAIT);

  if (TX_SUCCESS != status) {
    GINA_UWLOG_INFO("Failed to allocate memory with %d", status);
    return NULL;
  }
  return data;
}

void util_data_free(void *data)
{
  uint32_t status = 0;

  if(NULL == data) {
    return;
  }
  status = tx_byte_release(data);

  if (TX_SUCCESS != status) {
    GINA_UWLOG_INFO("Failed to release memory with %d", status);
  }
  data = NULL;
}


/*=============================================================================

FUNCTION util_certstore_load

DESCRIPTION
  This utility function is to convert the certificate buffer
  to file in security place

DEPENDENCIES
  None.

RETURN VALUE
  QAPI_OK: convert/store success
  others:  convert/store failure

SIDE EFFECTS
  None
==============================================================================*/
qapi_Status_t util_certstore_load
(
  qapi_Net_SSL_Cert_Type_t cert_type,
  const char*              security_cert_name,
  uint8_t*                 cert_buf,
  uint32_t                 cert_buf_size,
  uint8_t*                 key_buf,
  uint32_t                 key_buf_size
)
{
  int to_alloc;
  qapi_Status_t ret = QAPI_OK;
  qapi_Net_SSL_Cert_Info_t cert_info;

  if(cert_buf == NULL || cert_buf_size == 0)
  {
    return QAPI_ERR_INVALID_PARAM;
  }

  /* Key need provided when for normal certifiate  */
  if(cert_type == QAPI_NET_SSL_CERTIFICATE_E &&
        (key_buf == NULL || key_buf_size == 0))
  {
    return QAPI_ERR_INVALID_PARAM;
  }

  memset(&cert_info, 0, sizeof(qapi_Net_SSL_Cert_Info_t));
  cert_info.cert_Type = cert_type;

  switch(cert_info.cert_Type)
  {
    case QAPI_NET_SSL_CA_LIST_E:

	  gina_uwlog_printf("%s:%d) QAPI_NET_SSL_CA_LIST_E", __func__, __LINE__);
      cert_info.info.ca_List.ca_Cnt = 1;
      to_alloc=sizeof(qapi_NET_SSL_CA_Info_t) * cert_info.info.ca_List.ca_Cnt;
      cert_info.info.ca_List.ca_Info[0] = util_data_malloc(to_alloc);
      if(cert_info.info.ca_List.ca_Info[0] == NULL) {
        ret = QAPI_ERROR;
      }
      else {
      cert_info.info.ca_List.ca_Info[0]->ca_Size = cert_buf_size;
      cert_info.info.ca_List.ca_Info[0]->ca_Buf  = cert_buf;
      }
      break;

    case QAPI_NET_SSL_CERTIFICATE_E:
	  gina_uwlog_printf("%s:%d) QAPI_NET_SSL_CERTIFICATE_E", __func__, __LINE__);
      cert_info.info.cert.cert_Size = cert_buf_size;
      cert_info.info.cert.cert_Buf  = cert_buf;
      cert_info.info.cert.key_Size  = key_buf_size;
      cert_info.info.cert.key_Buf   = key_buf;
      break;

    case QAPI_NET_SSL_DI_CERT_E:
	  gina_uwlog_printf("%s:%d) QAPI_NET_SSL_DI_CERT_E", __func__, __LINE__);
      cert_info.info.di_cert.di_Cert_Size = cert_buf_size;
      cert_info.info.di_cert.di_Cert_Buf  = cert_buf;
      break;

    case QAPI_NET_SSL_PSK_TABLE_E:
	  gina_uwlog_printf("%s:%d) QAPI_NET_SSL_PSK_TABLE_E", __func__, __LINE__);
      cert_info.info.psk_Tbl.psk_Size = cert_buf_size;
      cert_info.info.psk_Tbl.psk_Buf  = cert_buf;
      break;

    default:
	  gina_uwlog_printf("%s:%d) Unknown certificate type(%d)", __func__, __LINE__, cert_info.cert_Type);
      GINA_UWLOG_ERROR("Unknown certificate type(%d)", cert_info.cert_Type);
      ret = QAPI_ERROR;
      break;
  }

  if (ret == QAPI_OK) {
    ret = qapi_Net_SSL_Cert_Convert_And_Store(&cert_info, security_cert_name);
    GINA_UWLOG_INFO("convert/store for %s rc=%d", security_cert_name, ret);
    gina_uwlog_printf("convert/store for %s rc=%d", security_cert_name, ret);
  }

  if(cert_info.cert_Type == QAPI_NET_SSL_CA_LIST_E)
  {
    int i;
    for (i=0; i<cert_info.info.ca_List.ca_Cnt; i++) {
      if(cert_info.info.ca_List.ca_Info[i] != NULL) {
        util_data_free(cert_info.info.ca_List.ca_Info[i]);
      }
    }
  }

  return ret;
}


static int util_ReadFileToBuf(char *CertName, uint8 **Buf, size_t *BufSize)
{
  int fread=-1, fd = -1, rc=-1;
  struct qapi_FS_Stat_Type_s stat;
  stat.st_size = 0;

  do
  {
    if (!CertName || !Buf || !BufSize) {
        GINA_UWLOG_ERROR("%s: param error %p,%p,%p", __func__, CertName, Buf, BufSize);
        break;
    }

    if (qapi_FS_Open(CertName, QAPI_FS_O_RDONLY_E, &fd) < 0) {
        GINA_UWLOG_ERROR("could not open file=%s", CertName);
        break;
    }

    if (qapi_FS_Stat_With_Handle(fd, &stat) < 0) {
        GINA_UWLOG_ERROR("could not stat file=%s", CertName);
        break;
    }

    *Buf = (uint8 *) util_data_malloc(stat.st_size);
    if (*Buf == NULL) {
        GINA_UWLOG_ERROR("could not alloc %lu bytes for file=%s", stat.st_size, CertName);
        break;
    }

    qapi_FS_Read(fd, *Buf, stat.st_size, &fread);
    if (fread != stat.st_size) {
        util_data_free(*Buf);
        *Buf=NULL;
        GINA_UWLOG_ERROR("could not read %lu bytes from file=%s", stat.st_size, CertName);
        break;
    }

    *BufSize = stat.st_size;
    GINA_UWLOG_INFO("read %lu bytes from file=%s", stat.st_size, CertName);
    rc = 0;
  }
  while (0);

  if (fd != -1) {
    qapi_FS_Close(fd);
  }
  return rc;
}


/**
    Loading a certificate in PEM format from the generic file system
    to the secured certificate store (certstore)

    For this demo, this loading is always performed. For a real
    product, only load to the certstore when a certificate really
    ***** an update (flash lifetime will be decreased with too much
    write access)
*/
static int util_CopyCertoToCertBuf
(
    qapi_Net_SSL_Cert_Type_t Type,
    char *CertName,
    char *KeyName,
    char *CertStoreName
)
{
  int rc=-1;
  uint8 *KeyBuf=NULL, *CertBuf=NULL;
  size_t KeyBufSize=-1, CertBufSize=-1;

  do
  {
    if (!CertName || !CertStoreName)
      break;

    int ret=util_ReadFileToBuf(CertName, &CertBuf, &CertBufSize);
    if (ret)
      break;

    if (KeyName != NULL) {
      ret=util_ReadFileToBuf(KeyName, &KeyBuf, &KeyBufSize);
      if (ret)
        break;
    }

    /* convert RootCA/certificate/PSK from blob to security place */
    if (QAPI_OK != util_certstore_load(Type, CertStoreName,
                                        CertBuf, CertBufSize,
                                        KeyBuf, KeyBufSize)) {
      break;
    }

    rc=0;
  }
  while (0);

  if (CertBuf)
    util_data_free(CertBuf);
  if (KeyBuf)
    util_data_free(KeyBuf);

  GINA_UWLOG_INFO("%s: Type=%d CertStoreName=%s file=%s key=%s rc=%d",
                  __func__,
                  Type,
                  CertStoreName?CertStoreName:"<empty>",
                  CertName?CertName:"<empty>",
                  KeyName?KeyName:"<empty>",
                  rc);
  return rc;
}

#endif

void dam_mqtt_config()
{
    char buff[32];
    static uint32_t port_client = 1234;
    struct sockaddr_in *sin4;
    struct sockaddr_in6 *sin6;

    uint32_t addrNum;

    uint32 retain = false;
    uint16 keepalive_duration = 60;
    uint16 connack_timeout = 120;
    boolean clean_session       = true;
    boolean non_blocking        = false;
    char  client_id[]           = "mqtt_client1";
    uint8 client_id_len         = strlen(client_id);
    uint8 will_qos = 0;

    gina_uwlog_printf("%s: start", __func__);

    memset(&_mqtt_config, 0, sizeof(_mqtt_config));

#ifdef ENABLE_MQTT_IPV4
    sin4 = (struct sockaddr_in *)&_mqtt_config.local;
    sin4->sin_family = AF_INET;
    sin4->sin_port = (uint16)_htons(port_client);
    inet_pton(AF_INET, "0.0.0.0", &(addrNum));
    sin4->sin_addr.s_addr = addrNum;

    sin4 = (struct sockaddr_in *)&_mqtt_config.remote;
    sin4->sin_family = AF_INET;

#ifdef ENABLE_SSL_MQTT
    sin4->sin_addr.s_addr = inet_addr(mqtts_server_ip);
    sin4->sin_port = _htons(CLI_MQTT_SECURE_PORT);
#else
    sin4->sin_addr.s_addr = inet_addr(mqtt_server_ip);
    sin4->sin_port = _htons(CLI_MQTT_PORT);
#endif /* ENABLE_SSL_MQTT */
    gina_uwlog_printf("MQTT Server IP: %s Port: %d", inet_ntop(AF_INET, &sin4->sin_addr.s_addr, buff, sizeof(buff)), _ntohs(sin4->sin_port));
#endif /* ENABLE_MQTT_IPV4 */

#ifdef ENABLE_MQTT_IPV6
    sin6 = (struct sockaddr_in6 *)&_mqtt_config.local;
    sin6->sin_family = AF_INET6;
    sin6->sin_port = (uint16)_htons(port_client);
    inet_pton(AF_INET6, "::", &sin6->sin_addr);

    sin6 = (struct sockaddr_in6 *)&_mqtt_config.remote;
    sin6->sin_family = AF_INET6;

#ifdef ENABLE_SSL_MQTT
    inet_pton(AF_INET6, mqtts_server_ip, &sin6->sin_addr);
    sin6->sin_port = _htons(CLI_MQTT_SECURE_PORT);
#else
    inet_pton(AF_INET6, mqtt_server_ip, &sin6->sin_addr);
    sin6->sin_port = _htons(CLI_MQTT_PORT);
#endif /* ENABLE_SSL_MQTT */
    gina_uwlog_printf("MQTT Server IP: %s Port: %d", inet_ntop(AF_INET6, &sin6->sin_addr.s_addr, buff, sizeof(buff)), _ntohs(sin6->sin_port));
#endif /* ENABLE_MQTT_IPV6 */

    strncpy((char *)_mqtt_config.client_id, (char *)client_id, QAPI_NET_MQTT_***_CLIENT_ID_LEN);
    _mqtt_config.client_id_len        = client_id_len;
    _mqtt_config.nonblocking_connect  = non_blocking;
    _mqtt_config.keepalive_duration   = keepalive_duration;
    _mqtt_config.clean_session        = clean_session;
    _mqtt_config.connack_timed_out_sec= connack_timeout;

#ifdef ENABLE_MQTT_WILL
    _mqtt_config.will_retained        = retain;
    _mqtt_config.will_qos             = will_qos;
    _mqtt_config.will_topic           = (uint8_t*)will_topic_ptr;
    _mqtt_config.will_topic_len       = strlen(will_topic_ptr);
    _mqtt_config.will_message         = (uint8_t*)will_message_ptr;
    _mqtt_config.will_message_len     = strlen(will_message_ptr);
#else
    _mqtt_config.will_retained        = retain;		//false`
    _mqtt_config.will_qos             = will_qos;   // =0
    _mqtt_config.will_topic           = NULL;
    _mqtt_config.will_topic_len       = 0;
    _mqtt_config.will_message         = NULL;
    _mqtt_config.will_message_len     = 0;
#endif /* ENABLE_MQTT_WILL */

	_mqtt_config.username             = (uint8_t*)username_ptr;
    _mqtt_config.username_len         = strlen(username_ptr);
    _mqtt_config.password             = (uint8_t*)password_ptr;
    _mqtt_config.password_len         = strlen(password_ptr);

    gina_uwlog_printf("MQTT Configuration: client id [%s], client id len=%d", _mqtt_config.client_id, _mqtt_config.client_id_len);
    gina_uwlog_printf("MQTT Configuration: username [%s], username len = %d", _mqtt_config.username, _mqtt_config.username_len);
    gina_uwlog_printf("MQTT Configuration: password [%s], password len = %d", _mqtt_config.password, _mqtt_config.password_len);
    gina_uwlog_printf("MQTT Configuration: will topic [%s], topic len = %d", _mqtt_config.will_topic, _mqtt_config.will_topic_len);
    gina_uwlog_printf("MQTT Configuration: connack timeout_sec = %d, keepalive duration = %d", _mqtt_config.connack_timed_out_sec, _mqtt_config.keepalive_duration);

#ifdef ENABLE_SSL_MQTT
    gina_uwlog_printf("MQTT SSL is enabled");
    _mqtt_config.ca_list = ROOT_CA_File;
    _mqtt_config.cert = CERT_FILE;

    /** protocol set to TLS 1.2 */
    _mqtt_config.ssl_cfg.protocol  = QAPI_NET_SSL_PROTOCOL_TLS_1_2;

    /** cipher suites */
    /**
    ###########################################################
    ### please remember QAPI_NET_SSL_CIPHERSUITE_LIST_DEPTH ###
    ### and activate not more than this, as this demo code  ###
    ### does not care for it                                ###
    ###########################################################
    */
	_mqtt_config.ssl_cfg.cipher[0] = QAPI_NET_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
    _mqtt_config.ssl_cfg.cipher[1] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
    _mqtt_config.ssl_cfg.cipher[2] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
    _mqtt_config.ssl_cfg.cipher[3] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
    _mqtt_config.ssl_cfg.cipher[4] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
    _mqtt_config.ssl_cfg.cipher[5] = QAPI_NET_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
    _mqtt_config.ssl_cfg.cipher[6] = QAPI_NET_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
    _mqtt_config.ssl_cfg.cipher[7] = QAPI_NET_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;

	/* Fragment value will be taken only in 512, 1024, 2048, 4096 */
	_mqtt_config.ssl_cfg.***_Frag_Len = 4096;
	_mqtt_config.ssl_cfg.***_Frag_Len_Neg_Disable = 0;

      /** validate time for this demo*/
    _mqtt_config.ssl_cfg.verify.time_Validity = 0;

    /** alert */
    _mqtt_config.ssl_cfg.verify.send_Alert = 0;

    /** no domain */
    _mqtt_config.ssl_cfg.verify.domain = 0;
    _mqtt_config.ssl_cfg.verify.match_Name[0] = '\0';

    /** no sni */
    _mqtt_config.ssl_cfg.sni_Name_Size = 0;
    _mqtt_config.ssl_cfg.sni_Name = NULL;





    /*Prepare the CA File and CERT file*/
    (void) util_CopyCertoToCertBuf(QAPI_NET_SSL_CA_LIST_E,
            "/demo_rootca.pem",
            NULL,
            ROOT_CA_File);

    (void) util_CopyCertoToCertBuf(QAPI_NET_SSL_CERTIFICATE_E,
            "/demo_certificate.pem",
            "/demo_certificate_key.pem",
            CERT_FILE);
#endif /* ENABLE_SSL_MQTT */
}


int dam_mqtt_subscribe()
{
    int ret = QAPI_ERROR;

    char sub_topic[] = "mqtttest";
    int sub_qos = 1;

    gina_uwlog_printf("%s: start", __func__);

    if(NULL == _mqtt_handle)
    {
      gina_uwlog_printf("No MQTT Connection, Please do MQTT connection first \n");
      return QAPI_ERROR;
    }

    ret = qapi_Net_MQTT_Subscribe(_mqtt_handle, (uint8 *)sub_topic, sub_qos);

    gina_uwlog_printf("Topic Subscribe %s", ret?"Failed":"Success");
    return ret;
}


int dam_mqtt_publish(unsigned int *****)
{
    char msg[50];
    int ret = QAPI_ERROR;

    gina_uwlog_printf("%s: start", __func__);

    char topic[] = "*****er";
    sprintf(msg, "publish ***** = %d", *****);
    int qos = 2;
    int retain = 0;

    if(NULL == _mqtt_handle)
    {
      gina_uwlog_printf("No MQTT Connection, Please do MQTT connection first \n");
      return QAPI_ERROR;
    }

    ret = qapi_Net_MQTT_Publish(_mqtt_handle, (uint8 *)topic, (uint8 *)msg, strlen(msg), qos, retain);

    gina_uwlog_printf("Topic Publish on %s is %s", topic,ret?"Failed":"Success");
    return ret;
}


int dam_mqtt_unsubscribe()
{
    int ret = QAPI_ERROR;
    char unsub_topic[] = "mqtttest";

    gina_uwlog_printf("%s: start", __func__);

    if(NULL == _mqtt_handle)
    {
      gina_uwlog_printf("No MQTT Connection, Please do MQTT connection first \n");
      return QAPI_ERROR;
    }

    ret = qapi_Net_MQTT_Unsubscribe(_mqtt_handle, (uint8 *)unsub_topic);

    gina_uwlog_printf("Topic Unubscribe %s", ret?"Failed":"Success");
    return ret;
}



int dam_mqtt_disconnect()
{
    int ret = QAPI_ERROR;

    gina_uwlog_printf("%s: start", __func__);
    ret = qapi_Net_MQTT_Disconnect(_mqtt_handle);
    if(ret)
    {
      gina_uwlog_printf("MQTT Disconnect Failed, Error type %d", ret);
    }
    else
    {
      gina_uwlog_printf("Disconnect Successfull");
    }

    return ret;
}


int dam_mqtt_destory()
{
    int ret = QAPI_ERROR;

    gina_uwlog_printf("%s: start", __func__);

    if(NULL == _mqtt_handle)
    {
      gina_uwlog_printf("No MQTT Connection, Please do MQTT connection first \n");
      return QAPI_ERROR;
    }

    ret = qapi_Net_MQTT_Destroy(_mqtt_handle);

    gina_uwlog_printf("MQTT Destroy %s", ret?"Failed":"Success");
    return ret;
}


void dam_mqtt_connect_callback(qapi_Net_MQTT_Hndl_t mqtt, int32 reason)
{
    switch (reason) {
        case QAPI_NET_MQTT_CONNECT_SUCCEEDED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_SUCCEEDED_E: MQTT connect succeed");
            dam_mqtt_subscribe();
            return;
        case QAPI_NET_MQTT_TCP_CONNECT_FAILED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_TCP_CONNECT_FAILED_E: TCP connect failed");
            break;
        case QAPI_NET_MQTT_SSL_CONNECT_FAILED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_SSL_CONNECT_FAILED_E: SSL connect failed");
            break;
        case QAPI_NET_MQTT_CONNECT_FAILED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_FAILED_E: MQTT connect failed");
            break;
        case QAPI_NET_MQTT_CONNECT_PROTOCOL_VER_ERROR_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_PROTOCOL_VER_ERROR_E: Connection refused -unacceptable");
            break;
        case QAPI_NET_MQTT_CONNECT_IDENTIFIER_ERROR_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_IDENTIFIER_ERROR_E: Connection refused - identifier rejected");
            break;
        case QAPI_NET_MQTT_CONNECT_SERVER_UNAVAILABLE_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_SERVER_UNAVAILABLE_E: Connection refused - server unavailable");
            break;
        case QAPI_NET_MQTT_CONNECT_MALFORMED_DATA_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_MALFORMED_DATA_E: connection refused - data in username or password malformed");
            break;
        case QAPI_NET_MQTT_CONNECT_UNAUTHORIZED_CLIENT_E:
            gina_uwlog_printf("QAPI_NET_MQTT_CONNECT_UNAUTHORIZED_CLIENT_E: connection refused - unauthorized client");
            break;
    }
    dam_mqtt_disconnect();
}



void dam_mqtt_subscribe_callback(qapi_Net_MQTT_Hndl_t mqtt,
                                 int32 reason,
                                 const uint8 *topic,
                                 int32 topic_length,
                                 int32 qos,
                                 const void *sid)
{
    switch (reason) {
        case QAPI_NET_MQTT_SUBSCRIBE_GRANTED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_SUBSCRIBE_GRANTED_E: Subscribe Callback: Granted");
            break;
        case QAPI_NET_MQTT_SUBSCRIBE_DENIED_E:
            gina_uwlog_printf("QAPI_NET_MQTT_SUBSCRIBE_DENIED_E: Subscribe Callback: Denied");
            break;
        case QAPI_NET_MQTT_SUBSCRIBE_MSG_E:
            gina_uwlog_printf("QAPI_NET_MQTT_SUBSCRIBE_MSG_E: Subscribe Callback: Message Received From Broker");
            break;
    }
}

void dam_mqtt_publish_callback(qapi_Net_MQTT_Hndl_t mqtt,
                                          enum QAPI_NET_MQTT_MSG_TYPES msgtype,
                                          int qos,
                                          uint16_t msg_id)
{
    gina_uwlog_printf("Publish Callback: msg_type=%d, qos=%d", msgtype, qos);
}


void dam_mqtt_message_callback(qapi_Net_MQTT_Hndl_t mqtt,
                               int32 reason,
                               const uint8 *topic,
                               int32 topic_length,
                               const uint8 *msg,
                               int32 msg_length,
                               int32 qos,
                               const void *sid)
{
    gina_uwlog_printf("Message Callback: qos=%d, topic=%s, msg=%s", qos, topic, msg);
}


int dam_mqtt_connect()
{
    int ret = QAPI_ERROR;
    int loop = 3;
	int connected = 0;

    gina_uwlog_printf("%s: start", __func__);

    qapi_Net_MQTT_Pass_Pool_Ptr (_mqtt_handle, byte_pool_test);

    ret = qapi_Net_MQTT_Set_Connect_Callback(_mqtt_handle, dam_mqtt_connect_callback);
    if (ret == QAPI_OK)
        gina_uwlog_printf("registered connect callback success");
    else
        gina_uwlog_printf("registered connect callback FAILED");
    qapi_Net_MQTT_Set_Subscribe_Callback(_mqtt_handle, dam_mqtt_subscribe_callback);
    if (ret == QAPI_OK)
        gina_uwlog_printf("registered subscribe callback success");
    else
        gina_uwlog_printf("registered subscribecallback FAILED");
    qapi_Net_MQTT_Set_Publish_Callback(_mqtt_handle, dam_mqtt_publish_callback);
    if (ret == QAPI_OK)
        gina_uwlog_printf("registered publish callback success");
    else
        gina_uwlog_printf("registered publish callback FAILED");

    qapi_Net_MQTT_Set_Message_Callback(_mqtt_handle, dam_mqtt_message_callback);
    if (ret == QAPI_OK)
        gina_uwlog_printf("registered message callback success");
    else
        gina_uwlog_printf("registered message callback FAILED");

    do{
        gina_uwlog_printf("%s: Connecting...", __func__);
        qapi_Timer_Sleep(5, QAPI_TIMER_UNIT_SEC, true); //Try Every 5 Seconds
        ret = qapi_Net_MQTT_Connect(_mqtt_handle, &_mqtt_config);
        if(ret != QAPI_OK)
        {
          gina_uwlog_printf("MQTT Connect Failed, Error type %d", ret);

          switch (ret) {
              case QAPI_NET_MQTT_ERR_TCP_BIND_FAILED:
                gina_uwlog_printf("QAPI_NET_MQTT_ERR_TCP_BIND_FAILED", ret);
                break;
              case QAPI_NET_MQTT_ERR_SSL_CONN_FAILURE:
                gina_uwlog_printf("QAPI_NET_MQTT_ERR_TCP_BIND_FAILED", ret);
                break;
              default:
                gina_uwlog_printf("DEFAULT: MQTT Connect Failed, Error type %d", ret);
                break;
          }
        }
        else
        {
          gina_uwlog_printf("MQTT Connected, rc= %d", ret);
		  connected = 1;
          break;
        }
        loop--;
    }while(loop);

	if (connected == 0)
		gina_uwlog_printf("MQTT IS NOT CONNECTED, rc= %d", ret);
	else
		gina_uwlog_printf("MQTT IS CONNECTED!!!!, rc= %d", ret);


    gina_uwlog_printf("%s: connect request sent", __func__);

    return ret;
}


int test_dam_mqtt_sample()
{
    int ret = QAPI_ERROR;
    unsigned int publish_***** = 0;

    gina_uwlog_printf("%s: start", __func__);

    ret = qapi_Net_MQTT_New(&_mqtt_handle);

    if(ret != QAPI_OK)
    {
      gina_uwlog_printf("MQTT New Failed, Error type %d", ret);
      return ret;
    }
    else
    {
      gina_uwlog_printf("MQTT New Successfull, mqtt handle %p", _mqtt_handle);
    }

    dam_mqtt_config();

    dam_mqtt_connect();

    //dam_mqtt_subscribe();
    while (publish_***** < 100){
        qapi_Timer_Sleep(10, QAPI_TIMER_UNIT_SEC, true);
        gina_uwlog_printf("***** = %d", publish_*****);
        dam_mqtt_publish(publish_*****);
        publish_*****++;
    }

    dam_mqtt_unsubscribe();

    dam_mqtt_disconnect();

    dam_mqtt_destory();

    gina_uwlog_printf("%s: finish", __func__);
    return ret;
}


int _dam_main(void)
{
    ULONG dss_event = 0;
    int32 sig_mask;
    ULONG status;
    int ret = QAPI_ERROR;

    gina_init();

    qapi_Timer_Sleep(10, QAPI_TIMER_UNIT_SEC, true);
    /* register the cleanup function */
    gina_uwmod_set_cleanup(cleanup, "MY CLEANUP");

    gina_uwlog_printf("MQTT Demo Start");

    dam_byte_pool_init();

    /* Create event signal handle and clear signals */
    status = txm_module_object_allocate(&main_signal_hndl,
                                        sizeof(TX_EVENT_FLAGS_GROUP));
    gina_uwlog_printf("allocate event rc=%d", status);
    if (TX_SUCCESS != status)
        return -1;

    status = tx_event_flags_create(main_signal_hndl, "main_signal_hndl");
    gina_uwlog_printf("create event rc=%d", status);
    if (TX_SUCCESS != status)
        return -1;

    netctrl_start();

    sig_mask =  NETCTRL_SIG_EVT_INVALID_EVENT |
                NETCTRL_SIG_EVT_NOCONN_EVENT |
                NETCTRL_SIG_EVT_CONNECTED_EVENT |
                NETCTRL_SIG_EVT_EXIT_EVENT;

    while (1)
    {
        qapi_Timer_Sleep(5, QAPI_TIMER_UNIT_SEC, true);
        /* main signal process */
        gina_uwlog_printf("MAIN EVENT WAIT FOR 0x%x", sig_mask);
        status = tx_event_flags_get(main_signal_hndl, sig_mask, TX_OR,
                                    &dss_event, TX_WAIT_FOREVER);
        gina_uwlog_printf("SIGNAL EVENT IS [0x%x] status=%d",
                          dss_event, status);

        if (dss_event & NETCTRL_SIG_EVT_INVALID_EVENT) {
            gina_uwlog_printf("NETCTRL_SIG_EVT_INVALID_EVENT Signal");
            break;
        }
        if (dss_event & NETCTRL_SIG_EVT_NOCONN_EVENT) {
            gina_uwlog_printf("NETCTRL_SIG_EVT_NOCONN_EVENT Signal");
            break;
        }
        if (dss_event & NETCTRL_SIG_EVT_CONNECTED_EVENT) {
            gina_uwlog_printf("NETCTRL_SIG_EVT_CONNECTED_EVENT Signal");
            /* run the mqtt test */
            ret = test_dam_mqtt_sample();
            break;
        }
        if (dss_event & NETCTRL_SIG_EVT_EXIT_EVENT) {
            gina_uwlog_printf("NETCTRL_SIG_EVT_EXIT_EVENT Signal");
            break;
        }
    }

    qapi_Timer_Sleep(10, QAPI_TIMER_UNIT_SEC, true);

    netctrl_stop();

    gina_uwlog_printf("MQTT Demo Finish And %s", ret?"Failed":"Success");

    return 0;
}

Like
0
Log in or register to post comments

Bartłomiej Gema...

May 6 2021 - 2:14pm

Hello,

Thank you for the update. I didn't get any hints from my college yet. So it's a good news that the problem is solved already.

Best regards,

Bartłomiej

Like
1
Log in or register to post comments

You are here

MQTT TLS error on EXS82-W | Telit Cinterion IoT Developer Community