From bfb27e87bd9789b4e43b82c2be5fb194aa414fec Mon Sep 17 00:00:00 2001 From: Andrew Shvayka Date: Sun, 29 Jan 2017 03:08:08 +0200 Subject: [PATCH] TB-33: SSL tools improvements --- .../src/main/resources/thingsboard.yml | 2 +- .../one-way-ssl-mqtt-client.py} | 7 ++-- .../simple-mqtt-client.py} | 0 .../two-way-ssl-mqtt-client.py} | 2 +- ...emqttclient.keygen.sh => client.keygen.sh} | 6 +-- tools/src/main/shell/keygen.properties | 10 ++--- tools/src/main/shell/server.keygen.sh | 38 +++++++++---------- 7 files changed, 32 insertions(+), 33 deletions(-) rename tools/src/main/{shell/onewaysslmqttclient.py => python/one-way-ssl-mqtt-client.py} (88%) rename tools/src/main/{shell/simplemqttclient.py => python/simple-mqtt-client.py} (100%) rename tools/src/main/{shell/twowaysslmqttclient.py => python/two-way-ssl-mqtt-client.py} (97%) rename tools/src/main/shell/{securemqttclient.keygen.sh => client.keygen.sh} (95%) diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index a3ca9d0c16..d2cac80101 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -81,7 +81,7 @@ mqtt: worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}" # Uncomment the following lines to enable ssl for MQTT # ssl: -# key_store: keystore/mqttserver.jks +# key_store: mqttserver.jks # key_store_password: server_ks_password # key_password: server_key_password # key_store_type: JKS diff --git a/tools/src/main/shell/onewaysslmqttclient.py b/tools/src/main/python/one-way-ssl-mqtt-client.py similarity index 88% rename from tools/src/main/shell/onewaysslmqttclient.py rename to tools/src/main/python/one-way-ssl-mqtt-client.py index d06face509..9266fbfc0b 100644 --- a/tools/src/main/shell/onewaysslmqttclient.py +++ b/tools/src/main/python/one-way-ssl-mqtt-client.py @@ -1,3 +1,4 @@ +# -*- coding: utf-8 -*- # # Copyright © 2016-2017 The Thingsboard Authors # @@ -41,14 +42,12 @@ client.on_connect = on_connect client.on_message = on_message client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1) -#client.tls_set(ca_certs="client_truststore.pem", certfile="mqttclient.nopass.pem", keyfile=None, cert_reqs=ssl.CERT_REQUIRED, -# tls_version=ssl.PROTOCOL_TLSv1, ciphers=None); client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1, ciphers=None); -client.username_pw_set("B1_TEST_TOKEN") +client.username_pw_set("TEST_TOKEN") client.tls_insecure_set(False) -client.connect(socket.gethostname(), 1883, 1) +client.connect(socket.gethostname(), 8883, 1) # Blocking call that processes network traffic, dispatches callbacks and diff --git a/tools/src/main/shell/simplemqttclient.py b/tools/src/main/python/simple-mqtt-client.py similarity index 100% rename from tools/src/main/shell/simplemqttclient.py rename to tools/src/main/python/simple-mqtt-client.py diff --git a/tools/src/main/shell/twowaysslmqttclient.py b/tools/src/main/python/two-way-ssl-mqtt-client.py similarity index 97% rename from tools/src/main/shell/twowaysslmqttclient.py rename to tools/src/main/python/two-way-ssl-mqtt-client.py index a2fa8b617e..d3b32423e1 100644 --- a/tools/src/main/shell/twowaysslmqttclient.py +++ b/tools/src/main/python/two-way-ssl-mqtt-client.py @@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem", tls_version=ssl.PROTOCOL_TLSv1, ciphers=None); client.tls_insecure_set(False) -client.connect(socket.gethostname(), 1883, 1) +client.connect(socket.gethostname(), 8883, 1) # Blocking call that processes network traffic, dispatches callbacks and diff --git a/tools/src/main/shell/securemqttclient.keygen.sh b/tools/src/main/shell/client.keygen.sh similarity index 95% rename from tools/src/main/shell/securemqttclient.keygen.sh rename to tools/src/main/shell/client.keygen.sh index f69dd52ba5..500cd0eaa5 100755 --- a/tools/src/main/shell/securemqttclient.keygen.sh +++ b/tools/src/main/shell/client.keygen.sh @@ -18,7 +18,7 @@ usage() { echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file," echo "and imports server public key to client keystore" - echo "usage: ./securemqttclient.keygen.sh [-p file]" + echo "usage: ./client.keygen.sh [-p file]" echo " -p | --props | --properties file Properties file. default value is ./keygen.properties" echo " -h | --help | ? Show this message" } @@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f then while : do - read -p "Output files from previous server.keygen.sh script run found. Overwrite?[yes]" response + read -p "Output files from previous server.keygen.sh script run found. Overwrite? [Y/N]: " response case $response in [nN]|[nN][oO]) echo "Skipping" @@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..." keytool -genkeypair -v \ -alias $CLIENT_KEY_ALIAS \ - -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=Piscataway, ST=NJ, C=US" \ + -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=San Francisco, ST=CA, C=US" \ -keystore $CLIENT_FILE_PREFIX.jks \ -keypass $CLIENT_KEY_PASSWORD \ -storepass $CLIENT_KEYSTORE_PASSWORD \ diff --git a/tools/src/main/shell/keygen.properties b/tools/src/main/shell/keygen.properties index 9435746faf..8dd11f2ea4 100644 --- a/tools/src/main/shell/keygen.properties +++ b/tools/src/main/shell/keygen.properties @@ -17,8 +17,8 @@ DOMAIN_SUFFIX="$(hostname)" ORGANIZATIONAL_UNIT=Thingsboard ORGANIZATION=Thingsboard -CITY=Piscataway -STATE_OR_PROVINCE=NJ +CITY=San Francisco +STATE_OR_PROVINCE=CA TWO_LETTER_COUNTRY_CODE=US SERVER_KEYSTORE_PASSWORD=server_ks_password @@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password SERVER_KEY_ALIAS="serveralias" SERVER_FILE_PREFIX="mqttserver" -SERVER_KEYSTORE_DIR="../../../../application/src/main/resources/keystore/" +SERVER_KEYSTORE_DIR="/etc/thingsboard/conf" -CLIENT_KEYSTORE_PASSWORD=client_ks_password -CLIENT_KEY_PASSWORD=client_key_password +CLIENT_KEYSTORE_PASSWORD=password +CLIENT_KEY_PASSWORD=password CLIENT_KEY_ALIAS="clientalias" CLIENT_FILE_PREFIX="mqttclient" diff --git a/tools/src/main/shell/server.keygen.sh b/tools/src/main/shell/server.keygen.sh index cfeaa0c501..cfa46837e8 100755 --- a/tools/src/main/shell/server.keygen.sh +++ b/tools/src/main/shell/server.keygen.sh @@ -122,25 +122,25 @@ fi if [[ $COPY = true ]]; then if [[ -z "$COPY_DIR" ]]; then - read -p "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory?[yes]" yn - while : - do - case $yn in - [nN]|[nN][oO]) - break - ;; - [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"") - read -p "(Default: $SERVER_KEYSTORE_DIR): " dir - if [[ ! -z $dir ]]; then - DESTINATION=$dir; - else - DESTINATION=$SERVER_KEYSTORE_DIR - fi; - break;; - *) echo "Please reply 'yes' or 'no'" - ;; - esac - done + while : + do + read -p "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory? [Y/N]: " yn + case $yn in + [nN]|[nN][oO]) + break + ;; + [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"") + read -p "(Default: $SERVER_KEYSTORE_DIR): " dir + if [[ ! -z $dir ]]; then + DESTINATION=$dir; + else + DESTINATION=$SERVER_KEYSTORE_DIR + fi; + break;; + *) echo "Please reply 'yes' or 'no'" + ;; + esac + done else DESTINATION=$COPY_DIR fi