TB-33: SSL tools improvements

application/src/main/resources/thingsboard.yml

@@ -81,7 +81,7 @@ mqtt:
     worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
 # Uncomment the following lines to enable ssl for MQTT
 #  ssl:
-#    key_store: keystore/mqttserver.jks
+#    key_store: mqttserver.jks
 #    key_store_password: server_ks_password
 #    key_password: server_key_password
 #    key_store_type: JKS

tools/src/main/python/one-way-ssl-mqtt-client.py

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 #
 # Copyright © 2016-2017 The Thingsboard Authors
 #
@@ -41,14 +42,12 @@ client.on_connect = on_connect
 client.on_message = on_message
 client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1)
 
-#client.tls_set(ca_certs="client_truststore.pem", certfile="mqttclient.nopass.pem", keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
-#               tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
                        tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 
-client.username_pw_set("B1_TEST_TOKEN")
+client.username_pw_set("TEST_TOKEN")
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 
 
 # Blocking call that processes network traffic, dispatches callbacks and

tools/src/main/python/two-way-ssl-mqtt-client.py

@@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem",
                        tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 
 
 # Blocking call that processes network traffic, dispatches callbacks and

tools/src/main/shell/client.keygen.sh

@@ -18,7 +18,7 @@
 usage() {
     echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file,"
     echo "and imports server public key to client keystore"
-    echo "usage: ./securemqttclient.keygen.sh [-p file]"
+    echo "usage: ./client.keygen.sh [-p file]"
     echo "    -p | --props | --properties file  Properties file. default value is ./keygen.properties"
 	echo "    -h | --help  | ?                  Show this message"
 }
@@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f
 then
 while :
    do
-       read -p "Output files from previous server.keygen.sh script run found. Overwrite?[yes]" response
+       read -p "Output files from previous server.keygen.sh script run found. Overwrite? [Y/N]: " response
        case $response in
         [nN]|[nN][oO])
             echo "Skipping"
@@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..."
 
 keytool -genkeypair -v \
   -alias $CLIENT_KEY_ALIAS \
-  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=Piscataway, ST=NJ, C=US" \
+  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=San Francisco, ST=CA, C=US" \
   -keystore $CLIENT_FILE_PREFIX.jks \
   -keypass $CLIENT_KEY_PASSWORD \
   -storepass $CLIENT_KEYSTORE_PASSWORD \

tools/src/main/shell/keygen.properties

@@ -17,8 +17,8 @@
 DOMAIN_SUFFIX="$(hostname)"
 ORGANIZATIONAL_UNIT=Thingsboard
 ORGANIZATION=Thingsboard
-CITY=Piscataway
-STATE_OR_PROVINCE=NJ
+CITY=San Francisco
+STATE_OR_PROVINCE=CA
 TWO_LETTER_COUNTRY_CODE=US
 
 SERVER_KEYSTORE_PASSWORD=server_ks_password
@@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password
 
 SERVER_KEY_ALIAS="serveralias"
 SERVER_FILE_PREFIX="mqttserver"
-SERVER_KEYSTORE_DIR="../../../../application/src/main/resources/keystore/"
+SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
 
-CLIENT_KEYSTORE_PASSWORD=client_ks_password
-CLIENT_KEY_PASSWORD=client_key_password
+CLIENT_KEYSTORE_PASSWORD=password
+CLIENT_KEY_PASSWORD=password
 
 CLIENT_KEY_ALIAS="clientalias"
 CLIENT_FILE_PREFIX="mqttclient"

tools/src/main/shell/server.keygen.sh

@@ -122,25 +122,25 @@ fi
 
 if [[ $COPY = true ]]; then
     if [[ -z "$COPY_DIR" ]]; then
-        read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory?[yes]" yn
-            while :
-            do
-                case $yn in
-                    [nN]|[nN][oO])
-                        break
-                        ;;
-                    [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")
-                        read -p "(Default: $SERVER_KEYSTORE_DIR): " dir
-                         if [[ !  -z  $dir  ]]; then
-                            DESTINATION=$dir;
-                         else
-                            DESTINATION=$SERVER_KEYSTORE_DIR
-                         fi;
-                         break;;
-                    *)  echo "Please reply 'yes' or 'no'"
-                        ;;
-                 esac
-             done
+        while :
+        do
+            read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory? [Y/N]: " yn
+            case $yn in
+                [nN]|[nN][oO])
+                    break
+                    ;;
+                [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")
+                    read -p "(Default: $SERVER_KEYSTORE_DIR): " dir
+                     if [[ !  -z  $dir  ]]; then
+                        DESTINATION=$dir;
+                     else
+                        DESTINATION=$SERVER_KEYSTORE_DIR
+                     fi;
+                     break;;
+                *)  echo "Please reply 'yes' or 'no'"
+                    ;;
+             esac
+         done
     else
         DESTINATION=$COPY_DIR
     fi