TB-33: SSL tools improvements

2017-01-29 03:08:08 +02:00 · 2017-01-29 03:08:08 +02:00 · bfb27e87bd
commit bfb27e87bd
parent 0c5ff6efdc
7 changed files with 32 additions and 33 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -81,7 +81,7 @@ mqtt:
    worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
 # Uncomment the following lines to enable ssl for MQTT
 #  ssl:
-#    key_store: keystore/mqttserver.jks
+#    key_store: mqttserver.jks
 #    key_store_password: server_ks_password
 #    key_password: server_key_password
 #    key_store_type: JKS
--- a/tools/src/main/python/one-way-ssl-mqtt-client.py
+++ b/tools/src/main/python/one-way-ssl-mqtt-client.py
@ -1,3 +1,4 @@
 # -*- coding: utf-8 -*-
 #
 # Copyright © 2016-2017 The Thingsboard Authors
 #
@ -41,14 +42,12 @@ client.on_connect = on_connect
 client.on_message = on_message
 client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1)
 #client.tls_set(ca_certs="client_truststore.pem", certfile="mqttclient.nopass.pem", keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
 #               tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
                       tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
-client.username_pw_set("B1_TEST_TOKEN")
+client.username_pw_set("TEST_TOKEN")
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 # Blocking call that processes network traffic, dispatches callbacks and
--- a/tools/src/main/python/simple-mqtt-client.py
+++ b/tools/src/main/python/simple-mqtt-client.py
--- a/tools/src/main/python/two-way-ssl-mqtt-client.py
+++ b/tools/src/main/python/two-way-ssl-mqtt-client.py
@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem",
                       tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 # Blocking call that processes network traffic, dispatches callbacks and
--- a/tools/src/main/shell/securemqttclient.keygen.sh
+++ b/tools/src/main/shell/securemqttclient.keygen.sh
@ -18,7 +18,7 @@
 usage() {
    echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file,"
    echo "and imports server public key to client keystore"
-    echo "usage: ./securemqttclient.keygen.sh [-p file]"
+    echo "usage: ./client.keygen.sh [-p file]"
    echo "    -p | --props | --properties file  Properties file. default value is ./keygen.properties"
 	echo "    -h | --help  | ?                  Show this message"
 }
@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f
 then
 while :
   do
-       read -p "Output files from previous server.keygen.sh script run found. Overwrite?[yes]" response
+       read -p "Output files from previous server.keygen.sh script run found. Overwrite? [Y/N]: " response
       case $response in
        [nN]|[nN][oO])
            echo "Skipping"
@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..."
 keytool -genkeypair -v \
  -alias $CLIENT_KEY_ALIAS \
-  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=Piscataway, ST=NJ, C=US" \
+  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=San Francisco, ST=CA, C=US" \
  -keystore $CLIENT_FILE_PREFIX.jks \
  -keypass $CLIENT_KEY_PASSWORD \
  -storepass $CLIENT_KEYSTORE_PASSWORD \
--- a/tools/src/main/shell/keygen.properties
+++ b/tools/src/main/shell/keygen.properties
@ -17,8 +17,8 @@
 DOMAIN_SUFFIX="$(hostname)"
 ORGANIZATIONAL_UNIT=Thingsboard
 ORGANIZATION=Thingsboard
-CITY=Piscataway
+CITY=San Francisco
-STATE_OR_PROVINCE=NJ
+STATE_OR_PROVINCE=CA
 TWO_LETTER_COUNTRY_CODE=US
 SERVER_KEYSTORE_PASSWORD=server_ks_password
@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password
 SERVER_KEY_ALIAS="serveralias"
 SERVER_FILE_PREFIX="mqttserver"
-SERVER_KEYSTORE_DIR="../../../../application/src/main/resources/keystore/"
+SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
-CLIENT_KEYSTORE_PASSWORD=client_ks_password
+CLIENT_KEYSTORE_PASSWORD=password
-CLIENT_KEY_PASSWORD=client_key_password
+CLIENT_KEY_PASSWORD=password
 CLIENT_KEY_ALIAS="clientalias"
 CLIENT_FILE_PREFIX="mqttclient"
--- a/tools/src/main/shell/server.keygen.sh
+++ b/tools/src/main/shell/server.keygen.sh
@ -122,9 +122,9 @@ fi
 if [[ $COPY = true ]]; then
    if [[ -z "$COPY_DIR" ]]; then
        read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory?[yes]" yn
        while :
        do
            read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory? [Y/N]: " yn
            case $yn in
                [nN]|[nN][oO])
                    break