Added SSL

openlumi · May 3, 2023 · a8d4d0d · a8d4d0d
1 parent 445ed87
commit a8d4d0d
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/lumimqtt/__main__.py b/lumimqtt/__main__.py
@@ -72,6 +72,9 @@ async def amain():
         port=config['mqtt_port'],
         user=config.get('mqtt_user'),
         password=config.get('mqtt_password'),
+        ca=config.get('mqtt_ca'),
+        cert=config.get('mqtt_cert'),
+        key=config.get('mqtt_key'),
         auto_discovery=config['auto_discovery'],
         sensor_retain=config.get('sensor_retain', False),
         sensor_threshold=int(config['sensor_threshold']),

diff --git a/lumimqtt/lumimqtt.py b/lumimqtt/lumimqtt.py
@@ -9,6 +9,7 @@
 from dataclasses import dataclass
 from datetime import datetime
 
+import ssl
 import aio_mqtt
 
 from .__version__ import version
@@ -39,6 +40,9 @@ def __init__(
             port: int = None,
             user: ty.Optional[str] = None,
             password: ty.Optional[str] = None,
+            ca: ty.Optional[str] = None,
+            cert: ty.Optional[str] = None,
+            key: ty.Optional[str] = None,
             reconnection_interval: int = 10,
             *,
             auto_discovery: bool,
@@ -55,6 +59,9 @@ def __init__(
         self._mqtt_port = port
         self._mqtt_user = user
         self._mqtt_password = password
+        self._mqtt_ca = ca
+        self._mqtt_cert = cert
+        self._mqtt_key = key
 
         self._will_message = aio_mqtt.PublishableMessage(
             topic_name=self._topic_lwt,
@@ -465,9 +472,16 @@ async def _connect_forever(self) -> None:
         while True:
             try:
                 client_id = f'lumimqtt_{self.dev_id}'
+                context = None
+                if self._mqtt_cert is not None and self._mqtt_key is not None:
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+                    if self._mqtt_ca is not None:
+                        context.load_verify_locations(self._mqtt_ca)
+                    context.load_cert_chain(self._mqtt_cert, self._mqtt_key)
                 connect_result = await self._client.connect(
                     host=self._mqtt_host,
                     port=self._mqtt_port,
+                    ssl=context,
                     username=self._mqtt_user,
                     password=self._mqtt_password,
                     client_id=client_id,