Hello, I'm able to connect to library and everything work smoothly.

On google not core I setup specific state topic related to pub/sub

projects/registry1/topics/temp | temp
projects/registry/topics/ledstate | led

Now, I'm wondering how to write and get notified about those specific topics.

Getting an "Error, client state: -2" error. I'm unsure where to start looking for the root cause, as the CloudIoTCoreMQTTClient::mqttConnect() function doesn't make it clear where 'state' is set.

I think it may be related to a JWT auth issue, as when I turn on debug, get the generated JWT, and run it through a debugger (https://jwt.io/#debugger) the signature is invalid with my private key.

Is there any more verbose debug logging that can be used to find out what the cause of an abnormal client state could be?

when compiled into esp-idf structure I obtain this errors:

google-cloud-iot-arduino/src/CloudIoTCoreMQTTClient.cpp:94:46: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'int' [-Werror=format=]
     Serial.printf("Waiting: %ld\n", currDelay);

google-cloud-iot-arduino/src/CloudIoTCoreMQTTClient.cpp:147:1: error: control reaches end of non-void function [-Werror=return-type]
 }
 ^

in jwt.cpp:
there is this:

String CreateJwt(String project_id, long long int time, NN_DIGIT *priv_key) {
  CreateJwt(project_id, time, priv_key, 3600); // one hour default
}

the correct is this:

String CreateJwt(String project_id, long long int time, NN_DIGIT *priv_key) {
  return CreateJwt(project_id, time, priv_key, 3600); // one hour default
}

I made the trivial corrections :P, so excuse me if I don't make a PR

I am able to successfully communicate with the HTTP example. However, after running the code for about 5mins or so, I get an exception. Any idea why?

Exception (29):
epc1=0x402155d6 epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000004 depc=0x00000000
ctx: cont
sp: 3fff0d70 end: 3fff1290 offset: 01a0

Trying to understand how to use Libraries with another board (for ex. Arduino Uno + Ethernet Shield).
Is that possible to do myself with not lots of knowledge?
But, at first, I just can't compile any example because of header issue: cstring in some h-files.
Compiling with Arduino IDE 1.8.7 on Mac OS.

Hi :)

Testing the flow of configuration everything work ok . I’m able to send config to device via console or nodejs cloud function without problem .

Data arrive to the device , I do stuffs (ex power up the led ) and so on

Only point Is that I probably not understand how the device acknowledge the conf . Looking at registry console in fact looks like configuration is never confirmed from device .

Do I need to send back special ack message ?

https://ibb.co/Gd4bX8d

Also would add an esp32 specific problem resolution. Seems that power management on esp32 WiFi make the connection lag like hell and generating ex hearbeat problem over long period. Setting :

WiFi.setSleep(false)

Before WiFi begin would improve so much the reliability and speed of connection . This unfortunately happen on esp32 only , esp2866 is not affected

Hi Gus,

working a lot on this library, you made a really nice job!
I'm actually facing of other pair of points I could not understand:

• JWT refresh: Actually IoT Core need need to refresh key maximum every 24 hours. looking at code seems this is actually not covered I'm saying wrong ?
• Timing. I'm trying (successfully ) to set device config via cloud functions. it works but has a really hi delay ( about 9 sec). would u suggest put my attention on firmware side or this kind of delays are normal into Mqtt enviroments?

I have some problems trying to connect the microcontroller sparkfun esp32 thing to google cloud iot. My objetive is to send telemetry from the groove data sensor to google cloud iot. In my case, I am using the DTH11 sensor to send both temperature and humidity.

Here is the error on Arduino Ide program as a result of executing the google cloud iot library skectch obviously changing some values to fulfill my requirements:

Connecting to WiFi
Waiting on time sync…
Connecting to cloudiotdevice.googleapis.com
Verifying certificate
Error: Certificate not verified! Perhaps the fingerprint is outdated.
GET /v1/projects/product12/locations/europe-west1/registries/iot-sample-registry/devices/iot-sample-device/config?local_version=0 HTTP/1.1

Connecting to cloudiotdevice.googleapis.com
Waiting for response…
headers received
7b

{
“error”: {
“code”: 401,
“message”: “No \”authorization\” header found.”,
“status”: “UNAUTHENTICATED”
}
}

My doubt is when I create the certificates , Do I need to save them at any directory at my pc? It looks like it doesn’t find the certificates when is connecting to google cloud iot once I runned the script at Arduino IDE.

I can send you my scripts on Arduino IDE with those changes, so you can understand better my problem.

If it seems difficult to do, I could try to use Mongoose Os which is a firmware that supports ESP32 and can upload telemtry to google cloud iot, but I don't know if it supports groove sensors.

Thank you!

I could setup a working example with publish telemetry but I still cannot make the publish state work .
Actually , for test , I used same payload of telemetry and, on server side , I used the same “telemetry topic” for the state . Looking on iot core interface look like device never sent an information state , the code on device look running well . Am I missing something ?

In google cloud IoT Core the heartbeats (PINGREQ) are billed.
In my test (see the screenshot) with this librari I've 8 heartbeats/minute!!!

I tested with 60seconds (the default is 10 seconds) but the results are the same: 8 heartbeats/minute!!!
How to reduce these useless heartbeats?

I am trying the MKR1000 lwMQTT example.
I created everything in the GCP following the commands in README.md, and added the correct values in ciotc_config.h.
The board connects to wifi, is refreshing the JWT, but doesn't exit the while loop after the "connecting" message.
The loop returns "0" for both, the lastError and returnCode.
I also printed the returned jwt before the lastError and returnCode, and it looks correct.
There are no logs in the GCP's Stackdrive.
I don't understand why the device doesn't connect.

Hi,

We have WeMos D1 R2 mini connected to the Arduino board. Our setup works well with BLYNK app but we would like a customized solution using GC. However, we receive 403 error as follows:

{
  "error": {
    "code": 403,
    "message": "The caller does not have permission",
    "status": "PERMISSION_DENIED"
  }
}

We followed all the instructions related to devices, pub/sub registrations.

You can see IAM config below:
IAM Members: https://imgur.com/luq0hkF
IAM Roles: https://imgur.com/a/rYD7hjc

I also set certificate expiry to 12 hours just in case.

For example, should we add a certificate to registries section?
https://imgur.com/CB0uRJ2

We'll appreciate for your help.

I tried to use the MQTT ESP32 sample and simplify it.

A call to mqttClient.setCallback(callback); in the setup() should be enough.
By logging the address of callback in PubSubClient.cpp, I realized that the address changed between the PubSubClient::setCallback() and the PubSubClient::loop().
The example resets the callback pointer just before subscribing to the config topic.
If you comment that, the example will crash when calling the callback.

I lost a lot of time before understanding that.
I do not know where the memory get corrupt.

I have other projects using PubSubClient and a Mosquitto server without any issue.
I think it's related to the IoT Core layer.

Refreshing JWT

ets Jan 8 2013,rst cause:4, boot mode:(3,7)

wdt reset

Hi,
I use heltek wifi kit 32 device and Esp32-ssd1306 example to connect to google iot.
Following the steps, it's good for me to connect to google cloud.
Unfortunately, I get trouble when I like to refresh jwt.
After many trouble shooting, I find a question that the jwt string produced from createJWT function is invalid signature at https://jwt.io(The header and payload look good from the jwt string).
I try to use the signature verified jwt string which is produced from https://jwt.io to connect to google iot and refresh jwt, it does work fine.
Does the invalid signature jwt cause the refresh failed? or Do I have something wrongs?
Could you please give me a hand, thank you very much.

I can not connect MQTT and I receive an error is : " last error :-10 return code : 5". Could someone tell me where I am wrong?

Please support publishTelemetry with binary data (aka const uint8_t* payload, unsigned int plength, like PubSub library)

Trying to run esp32-mqtt compiling give this error:
CloudIoTCoreDevice.cpp: In member function 'void CloudIoTCoreDevice::fillPrivateKey()':
CloudIoTCoreDevice.cpp:91:13: error: array subscript is above array bounds [-Werror=array-bounds]
priv_key[8] = 0;

in CloudIoTCoreDevice.h:30, priv_key is declared:
NN_DIGIT priv_key[8];

So this does seem to be an out of bound memory access on CloudIoTCoreDevice.cpp:91.

Commenting this line out solves the problem but I'm not sure the intent of this assignment.

1. The key has to be in hex format
2. It has to be typecasted to unit_8* format
3. The key size has to be passed as second parameter.

Solution : use the "xxd" command on DER format of the public key.

I'm trying to run the esp8266 mqtt sample but cannot get my device to connect. I assume this is because I did not change the ca.crt file that is in the data folder before uploading it to my microcontroller. Which root crt should I be using?

Hello, this may be a silly question, but I'm newbie in iot.
Recently I try to upload esp8266-http example in node mcu ESP8266MOD,
and it give error

where can i get this rBase64 header file

Hello

I am trying out the v1.1.0 esp32-lwmqtt sample with the following board with connection denied on mqtt_connect

https://www.cnx-software.com/2017/10/13/this-ttgo-board-combines-esp32-lora-radio-and-oled-display-for-just-10/
I rechecked my device, registry, project and private key ciotc config. Infact I follow the same commands (even the names) in readme to tryout things first time by keeping it simple.

On the root certifcate part, the openssl command in the instructions of ciotc returns a certifcate chain with two certificates in the gcould shell and I am not sure which one to copy. I just tried with the first certificate.

And also it says to copy the content to root.cert. I do not understand where the root.cert should be placed (or flashed into esp32 with some tool?!?!)

Any help is appreciated. Thanks

We originally were targeting the ATmega328p, which constrained us to Elliptic Curve, with faster MCUs available, it should be feasible to also support RSA-256 keys.

This issue is to capture any progress and requirements for RSA.

in the esp32-mqtt example I obtain always this result. I'm using platformio with platform espressif 32 v1.5.0.

All of the code where devices connect needs to use exponential backoff to prevent DOS-style connection attempts in the case of large numbers of devices being unable to connect.

[bytes have been changed to protect the innocent]

depending on the keygen, the step to get an encoded private string for MQTT example:

openssl ec -in ec_private.pem -noout -text

generates hex string of a different number of bytes:

const char* private_key_str =
    "63:dc:3c:27:fe:4c:11:c4:a1:21:f2:90:70:b4:42:"
    "e0:02:12:95:25:2a:cf:31:fc:78:95:9f:99:54:4d:"
    "2b:a9";    

const char* private_key_str =   
    "00:ab:64:4a:10:ed:7e:d8:4b:8a:0f:ac:12:94:27:"
    "2d:61:10:02:fc:45:06:8c:ab:bc:07:cd:50:05:ef:"
    "32:a1:15";    

The shorter form works, the longer form does not.

fill_priv_key is at least one of the functions that would need to be modified, not sure about others.

I understand you have mentioned that you have no idea why error 403 pops up. I keep getting this error whenever I try to run the http code.
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Do you think this error is because of some key mismanagement?

This async MQTT library supports SSL+TLS. If it possible to use MQTT provided by this library to connect to Google IoT? All I see is the example for MQTT for ESP32.

If the boards support it, add enterprise configuration:

#define EAP_ANONYMOUS_IDENTITY "[email protected]"
#define EAP_IDENTITY "[email protected]"
#define EAP_PASSWORD "password"

And use it when starting WiFi:

  esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EAP_ANONYMOUS_IDENTITY, strlen(EAP_ANONYMOUS_IDENTITY)); 
  esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EAP_IDENTITY, strlen(EAP_IDENTITY));
  esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EAP_PASSWORD, strlen(EAP_PASSWORD));
  esp_wpa2_config_t config = WPA2_CONFIG_INIT_DEFAULT();
  esp_wifi_sta_wpa2_ent_enable(&config); //set config settings to enable function

After getting header-not-found compile errors in my dev environment (linux, building for ESP32), I discovered that pull_crypto.sh is changing all includes of string.h in src/crypto to String.h. Switching these back to string.h resolved the problem.

Is there a reason this conversion is being done? My understanding is that the string.h desired here is the standard C string.h with prototypes for memcpy and the like. All of the instances of this file I have in my Arduino IDE are all lowercase.

I am getting error:
Arduino: 1.8.1 (Windows 10), Board: "WeMos D1(Retired), 80 MHz, 921600, 4M (3M SPIFFS)"

C:\Users\kashy\Documents\Arduino\libraries\google-cloud-iot-arduino-master\src\crypto\nn.cpp: In function 'void NN_Assign(NN_DIGIT*, NN_DIGIT*, NN_UINT)':

C:\Users\kashy\Documents\Arduino\libraries\google-cloud-iot-arduino-master\src\crypto\nn.cpp:85:35: error: 'memcpy' was not declared in this scope

memcpy(a, b, digits*NN_DIGIT_LEN);

                               ^

C:\Users\kashy\Documents\Arduino\libraries\google-cloud-iot-arduino-master\src\crypto\nn.cpp: In function 'void NN_Div(NN_DIGIT*, NN_DIGIT*, NN_DIGIT*, NN_UINT, NN_DIGIT*, NN_UINT)':

C:\Users\kashy\Documents\Arduino\libraries\google-cloud-iot-arduino-master\src\crypto\nn.cpp:248:11: error: 'NULL' was not declared in this scope

if(a != NULL) {

Couple of comments from someone who has just recently been able to get this client to work with an ESP32. Perhaps a README update might be helpful for others?

I ran into 2 issues which were resolved by PubSubClient fixes...

1. In the README for Google Cloud IoT JWT, it says to comment out line 266 of the PubSubClient.cpp. That line is now actually line 272; might be better to say which code needs to be commented out

2. I was receiving a very frustrating error in my device info in IOT Core - "mqtt: SERVER: The connection was closed because MQTT keep-alive check failed.". I updated the MQTT_KEEPALIVE in PubSubClient.h, however that didn't help. It turns out the non-intuitive root cause was that my MQTT payload was too big... updating the MQTT_MAX_PACKET_SIZE from 128 to 256 solved the problem.

Hi, thanks so much for all your work on this.

Advanced apologies as the following is most likely due to my lack of understanding rather than anything being wrong with the code - I'm new to Arduino...

I'm trying to run the Basic MKR example - it seems to run as far as Refreshing JWT and returning a string but then jumps over to printing time and LED OFF. My IoT Core console doesn't seem to be registering the connection as under last seen it's showing -- so I assume somethings going wrong in the fill private key section and it's eventually timing out and jumping on to the next bit of code?

Here's what my serial reads:

Connecting to WiFi
14:11:02.445 -> Waiting on time sync...
Connecting to: cloudiotdevice.googleapis.com
Getting jwt.
14:11:03.477 -> Refreshing JWT
eyJhbGciO......

14:11:12.114 ->
14:11:12.114 -> LED OFF

14:11:16.110 ->
14:11:16.110 -> LED OFF

14:11:20.159 ->
14:11:20.159 -> LED OFF

Any pointers would be greatly appreciated,

Many thanks,

Sam

hi gus,

still exploring your code. I see in device a variable called:

CONFIG_CALLBACK_SIGNATURE_PARAM

can u explain what is used for in case is not NULL ?

Actually WiFi and pubsub instances are declared inside the class, privately . For the project i’m making I need to create those instances outside in my setup() and access it . So , could WiFi and pubsub be passed as parameter whe I create the device object in my code ?

As I mentioned on the PR #4, I use PlatformIO for embedded environment. I never used for developing a library but I think that we can have a lot of advantages, like declaring the project dependencies from Git or from other Arduino Libraries. This way the current "compile" flow on the jwt folder can be changed to use PlatformIO.

http://docs.platformio.org/en/latest/librarymanager/config.html

Also, we can also how to configure a CI environment to test the library on different boards the project. An example of this can be seen in the PubsubClient project:

https://github.com/knolleary/pubsubclient

What do you think of this? Make sense for this project?

Hi,
I have seen the examples/Basic-MKR1000/ but there isn't any publish data.
I have tried to use the CloudIoTCoreMQTTClient on MKR1000 but the class use WiFiClientSecure and the code doesn't compile.

Someone have an example to publishTelemetry/State with MKR1000?

thanks

when i try to compile example Esp32 mqtt, it gives error

error: 'NN_DIGIT' does not name a type

Basically I added XTaskCreate(sendHumidity, "sendHumidity", 10000, Null, 3,NULL) in the setup() from the example, but somehow esp32 is unable to connect to Google cloud over mqtt because of this, but when I change the task priority from 3 to 1, then it connects...
What might be the cause for this? I also tried other examples as well and they all seem to have the same issue as long as I change the task pirotiry to 1 then it works.
I am using PlatformIO.

In CloudIoTCoreDevice we should add:

• A common exponential backoff function based on ESP8266 / ESP32 HTTP examples
• Creates a common set of headers for GetConfig, SetState, and SendTelemetry

We should then create an HTTP equivalent to the MQTT client type that:

• Manages lifecycle of the HTTP connection
• Can be constructed from our supported device types

Going off the Esp32-lwmqtt sample I am trying to connect my Adafruit ESP32 Huzzah board. Previously I had it working with using a RSA256 key that I would get from an AppEngine endpoint but I want the device to be able to generate the JWT to remove the app engine endpoint call.

I used openssl to create the public/private ec.pem keys
Replaced the private_key_str with the priv value from running the command

openssl ec -in ec_private.pem -noout -text

When I run the program I print the JWT to serial and put it in jwt.io and it says the JWT has a "Invalid Signature" so naturally the mqtt library kicks back saying back username or password.

Did I miss something?

Also what is the root_cert used for? I dont see it being used anywhere in the esp32 files

The current example sketch shows how to publish to pubsub, but does the current library have support for a device to subscribe to a separate topic in Google Cloud IoT?

Hi Man :)

tested the new esp32 advanced and got this strange behaviour. I'm using exactly same previous ctcio_config with working key. Seems to connect then die then reconnect and so on ...

I have not touched code except for CTCIO . saw u put a waiting new waiting method in code, btw any way to have more info on debug ?

Publish message
Connecting to mqtt.googleapis.com
MQTT connecting ...
JWT now:
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDU0MTExNjAsImV4cCI6MTU0NTQxNDc2MCwiYXVkIjoiY2hhcmdlc3BsIn0=.m6ZyoAWPmyumJZB6ZsXmKcpW1HgPZSsx/r7+8OHpXImXoy9A+Ww/RLkbpVhQbVEGgWZIj1jwfIGhrF07BbKKgw==
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDU0MTExNjAsImV4cCI6MTU0NTQxNDc2MCwiYXVkIjoiY2hhcmdlc3BsIn0=.m6ZyoAWPmyumJZB6ZsXmKcpW1HgPZSsx/r7+8OHpXImXoy9A+Ww/RLkbpVhQbVEGgWZIj1jwfIGhrF07BbKKgw==
Waiting: 5542
Connecting to mqtt.googleapis.com
MQTT connecting ...
JWT now:
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDU0MTExNjcsImV4cCI6MTU0NTQxNDc2NywiYXVkIjoiY2hhcmdlc3BsIn0=.BOSlS4ZR4j/JatL7nA4NiQ3A6iTK0pF1R3XK2Tc0OBmsrfjLcsuLbUg2NM2hYWH0jbWBJAoVB7misybBnNKhvw==
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02
eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1NDU0MTExNjcsImV4cCI6MTU0NTQxNDc2NywiYXVkIjoiY2hhcmdlc3BsIn0=.BOSlS4ZR4j/JatL7nA4NiQ3A6iTK0pF1R3XK2Tc0OBmsrfjLcsuLbUg2NM2hYWH0jbWBJAoVB7misybBnNKhvw==
Waiting: 5083
Publish message
Connecting to mqtt.googleapis.com
MQTT connecting ...
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02

Waiting: 5309
Connecting to mqtt.googleapis.com
MQTT connecting ...
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02

Waiting: 5768
Publish message
Connecting to mqtt.googleapis.com
MQTT connecting ...
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02

Waiting: 5309
Connecting to mqtt.googleapis.com
MQTT connecting ...
projects/spl/locations/europe-west1/registries/pipger/devices/esp32_02

Waiting: 5268

Mqtt code crashes while executing getjwt. This is caused when the CPU heavy crypto code is executed.

Solution: Disable CPU watchdog before getJWT and enable atfer returning from getJWT.

Fingerprints are deprecated.
The Following code in the Http example's config has to be changed.
const char* fingerprint =
"7C:D4:99:11:FE:FC:0D:78:C0:A9:C1:18:52:1D:3F:0B:8B:38:C9:90";

Solution: Instead use RSA/EC key in Binary format.

Use "xxd" command on der format of the public key to obtain the Hex format of the key aling with its length. : https://www.poftut.com/use-linux-xxd-command-tutorial-hex-binary-operations-example/

Since February 21, 2018 (https://cloud.google.com/iot/docs/release-notes) "device registries can now have multiple associated Cloud Pub/Sub topics". Your API support only one topic. I'm in wrong?

https://cloud.google.com/iot/docs/how-tos/devices#creating_a_device_registry_with_multiple_pubsub_topics

To make it more convenient and faster for local NTP, move NTP to ciotc_config.h.

I tried to follow documents on here and generated RSA-256. And uploaded public key in the cloud. but when I try to do
openssl ec -in rsa_private.pem -noout -text

I get this.

read EC key
unable to load Key
140735833293704:error:0608308E:digital envelope routines:EVP_PKEY_get1_EC_KEY:expecting a ec key:p_lib.c:328:

how do I go with this ? I am embedded engineer I don't understand a lot of openssl :P I am just starting to use google IoT core. I have previously used AWS IoT. but those generate certs and keys online also some steps you can generate locally but ca cert needs to be added to AWS IoT.

Originally posted by @gguuss in #27 (comment)

Mqtt crashes at multiple points. The callback function pointer is found to be Null and crashes. I suspect memory over write or mishandling of the call back pointer.