dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add separate SSL channel for mqtt transport

Browse Source
This commit is contained in:
Igor Kulikov 2021-06-30 19:30:39 +03:00
parent 9f499d9188
commit b2d694f7ee
5 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
application/src/main/resources/thingsboard.yml
View File

@ -595,6 +595,10 @@ transport:
ssl: ssl:
# Enable/disable SSL support # Enable/disable SSL support
enabled: "${MQTT_SSL_ENABLED:false}" enabled: "${MQTT_SSL_ENABLED:false}"
# MQTT SSL bind address
bind_address: "${MQTT_SSL_BIND_ADDRESS:0.0.0.0}"
# MQTT SSL bind port
bind_port: "${MQTT_SSL_BIND_PORT:8883}"
# SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}" protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}"
# Path to the key store that holds the SSL certificate # Path to the key store that holds the SSL certificate

9
common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
View File

@ -73,7 +73,16 @@ public class MqttSslHandlerProvider {
@Autowired @Autowired
private TransportService transportService; private TransportService transportService;
private SslHandler sslHandler;
public SslHandler getSslHandler() { public SslHandler getSslHandler() {
if (sslHandler == null) {
sslHandler = createSslHandler();
}
return sslHandler;
}
private SslHandler createSslHandler() {
try { try {
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(keyStoreType); KeyStore trustStore = KeyStore.getInstance(keyStoreType);

6
common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportServerInitializer.java
View File

@ -28,16 +28,18 @@ import io.netty.handler.ssl.SslHandler;
public class MqttTransportServerInitializer extends ChannelInitializer<SocketChannel> { public class MqttTransportServerInitializer extends ChannelInitializer<SocketChannel> {
private final MqttTransportContext context; private final MqttTransportContext context;
private final boolean sslEnabled;
public MqttTransportServerInitializer(MqttTransportContext context) { public MqttTransportServerInitializer(MqttTransportContext context, boolean sslEnabled) {
this.context = context; this.context = context;
this.sslEnabled = sslEnabled;
} }
@Override @Override
public void initChannel(SocketChannel ch) { public void initChannel(SocketChannel ch) {
ChannelPipeline pipeline = ch.pipeline(); ChannelPipeline pipeline = ch.pipeline();
SslHandler sslHandler = null; SslHandler sslHandler = null;
if (context.getSslHandlerProvider() != null) { if (sslEnabled && context.getSslHandlerProvider() != null) {
sslHandler = context.getSslHandlerProvider().getSslHandler(); sslHandler = context.getSslHandlerProvider().getSslHandler();
pipeline.addLast(sslHandler); pipeline.addLast(sslHandler);
} }

22
common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportService.java
View File

@ -46,6 +46,14 @@ public class MqttTransportService implements TbTransportService {
@Value("${transport.mqtt.bind_port}") @Value("${transport.mqtt.bind_port}")
private Integer port; private Integer port;
@Value("${transport.mqtt.ssl.enabled}")
private boolean sslEnabled;
@Value("${transport.mqtt.ssl.bind_address}")
private String sslHost;
@Value("${transport.mqtt.ssl.bind_port}")
private Integer sslPort;
@Value("${transport.mqtt.netty.leak_detector_level}") @Value("${transport.mqtt.netty.leak_detector_level}")
private String leakDetectorLevel; private String leakDetectorLevel;
@Value("${transport.mqtt.netty.boss_group_thread_count}") @Value("${transport.mqtt.netty.boss_group_thread_count}")
@ -59,6 +67,7 @@ public class MqttTransportService implements TbTransportService {
private MqttTransportContext context; private MqttTransportContext context;
private Channel serverChannel; private Channel serverChannel;
private Channel sslServerChannel;
private EventLoopGroup bossGroup; private EventLoopGroup bossGroup;
private EventLoopGroup workerGroup; private EventLoopGroup workerGroup;
@ -73,10 +82,18 @@ public class MqttTransportService implements TbTransportService {
ServerBootstrap b = new ServerBootstrap(); ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup) b.group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class) .channel(NioServerSocketChannel.class)
.childHandler(new MqttTransportServerInitializer(context)) .childHandler(new MqttTransportServerInitializer(context, false))
.childOption(ChannelOption.SO_KEEPALIVE, keepAlive); .childOption(ChannelOption.SO_KEEPALIVE, keepAlive);
serverChannel = b.bind(host, port).sync().channel(); serverChannel = b.bind(host, port).sync().channel();
if (sslEnabled) {
b = new ServerBootstrap();
b.group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class)
.childHandler(new MqttTransportServerInitializer(context, true))
.childOption(ChannelOption.SO_KEEPALIVE, keepAlive);
sslServerChannel = b.bind(sslHost, sslPort).sync().channel();
}
log.info("Mqtt transport started!"); log.info("Mqtt transport started!");
} }
@ -85,6 +102,9 @@ public class MqttTransportService implements TbTransportService {
log.info("Stopping MQTT transport!"); log.info("Stopping MQTT transport!");
try { try {
serverChannel.close().sync(); serverChannel.close().sync();
if (sslEnabled) {
sslServerChannel.close().sync();
}
} finally { } finally {
workerGroup.shutdownGracefully(); workerGroup.shutdownGracefully();
bossGroup.shutdownGracefully(); bossGroup.shutdownGracefully();

4
transport/mqtt/src/main/resources/tb-mqtt-transport.yml
View File

@ -99,6 +99,10 @@ transport:
ssl: ssl:
# Enable/disable SSL support # Enable/disable SSL support
enabled: "${MQTT_SSL_ENABLED:false}" enabled: "${MQTT_SSL_ENABLED:false}"
# MQTT SSL bind address
bind_address: "${MQTT_SSL_BIND_ADDRESS:0.0.0.0}"
# MQTT SSL bind port
bind_port: "${MQTT_SSL_BIND_PORT:8883}"
# SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}" protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}"
# Path to the key store that holds the SSL certificate # Path to the key store that holds the SSL certificate