TB-33: SSL tools improvements

2017-01-29 03:08:08 +02:00 · 2017-01-29 03:08:08 +02:00 · bfb27e87bd
commit bfb27e87bd
parent 0c5ff6efdc
7 changed files with 32 additions and 33 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -81,7 +81,7 @@ mqtt:
    worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
 # Uncomment the following lines to enable ssl for MQTT
 #  ssl:
-#    key_store: keystore/mqttserver.jks
+#    key_store: mqttserver.jks
 #    key_store_password: server_ks_password
 #    key_password: server_key_password
 #    key_store_type: JKS
--- a/tools/src/main/python/one-way-ssl-mqtt-client.py
+++ b/tools/src/main/python/one-way-ssl-mqtt-client.py
@ -1,3 +1,4 @@
 # -*- coding: utf-8 -*-
 #
 # Copyright © 2016-2017 The Thingsboard Authors
 #
@ -41,14 +42,12 @@ client.on_connect = on_connect
 client.on_message = on_message
 client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1)
 #client.tls_set(ca_certs="client_truststore.pem", certfile="mqttclient.nopass.pem", keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
 #               tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
                       tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
-client.username_pw_set("B1_TEST_TOKEN")
+client.username_pw_set("TEST_TOKEN")
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 # Blocking call that processes network traffic, dispatches callbacks and
--- a/tools/src/main/python/simple-mqtt-client.py
+++ b/tools/src/main/python/simple-mqtt-client.py
--- a/tools/src/main/python/two-way-ssl-mqtt-client.py
+++ b/tools/src/main/python/two-way-ssl-mqtt-client.py
@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem",
                       tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
 client.tls_insecure_set(False)
-client.connect(socket.gethostname(), 1883, 1)
+client.connect(socket.gethostname(), 8883, 1)
 # Blocking call that processes network traffic, dispatches callbacks and
--- a/tools/src/main/shell/securemqttclient.keygen.sh
+++ b/tools/src/main/shell/securemqttclient.keygen.sh
@ -18,7 +18,7 @@
 usage() {
    echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file,"
    echo "and imports server public key to client keystore"
-    echo "usage: ./securemqttclient.keygen.sh [-p file]"
+    echo "usage: ./client.keygen.sh [-p file]"
    echo "    -p | --props | --properties file  Properties file. default value is ./keygen.properties"
 	echo "    -h | --help  | ?                  Show this message"
 }
@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f
 then
 while :
   do
-       read -p "Output files from previous server.keygen.sh script run found. Overwrite?[yes]" response
+       read -p "Output files from previous server.keygen.sh script run found. Overwrite? [Y/N]: " response
       case $response in
        [nN]|[nN][oO])
            echo "Skipping"
@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..."
 keytool -genkeypair -v \
  -alias $CLIENT_KEY_ALIAS \
-  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=Piscataway, ST=NJ, C=US" \
+  -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=San Francisco, ST=CA, C=US" \
  -keystore $CLIENT_FILE_PREFIX.jks \
  -keypass $CLIENT_KEY_PASSWORD \
  -storepass $CLIENT_KEYSTORE_PASSWORD \
--- a/tools/src/main/shell/keygen.properties
+++ b/tools/src/main/shell/keygen.properties
@ -17,8 +17,8 @@
 DOMAIN_SUFFIX="$(hostname)"
 ORGANIZATIONAL_UNIT=Thingsboard
 ORGANIZATION=Thingsboard
-CITY=Piscataway
+CITY=San Francisco
-STATE_OR_PROVINCE=NJ
+STATE_OR_PROVINCE=CA
 TWO_LETTER_COUNTRY_CODE=US
 SERVER_KEYSTORE_PASSWORD=server_ks_password
@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password
 SERVER_KEY_ALIAS="serveralias"
 SERVER_FILE_PREFIX="mqttserver"
-SERVER_KEYSTORE_DIR="../../../../application/src/main/resources/keystore/"
+SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
-CLIENT_KEYSTORE_PASSWORD=client_ks_password
+CLIENT_KEYSTORE_PASSWORD=password
-CLIENT_KEY_PASSWORD=client_key_password
+CLIENT_KEY_PASSWORD=password
 CLIENT_KEY_ALIAS="clientalias"
 CLIENT_FILE_PREFIX="mqttclient"
--- a/tools/src/main/shell/server.keygen.sh
+++ b/tools/src/main/shell/server.keygen.sh
@ -122,25 +122,25 @@ fi
 if [[ $COPY = true ]]; then
    if [[ -z "$COPY_DIR" ]]; then
-        read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory?[yes]" yn
+        while :
-            while :
+        do
-            do
+            read -p  "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory? [Y/N]: " yn
-                case $yn in
+            case $yn in
-                    [nN]|[nN][oO])
+                [nN]|[nN][oO])
-                        break
+                    break
-                        ;;
+                    ;;
-                    [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")
+                [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")
-                        read -p "(Default: $SERVER_KEYSTORE_DIR): " dir
+                    read -p "(Default: $SERVER_KEYSTORE_DIR): " dir
-                         if [[ !  -z  $dir  ]]; then
+                     if [[ !  -z  $dir  ]]; then
-                            DESTINATION=$dir;
+                        DESTINATION=$dir;
-                         else
+                     else
-                            DESTINATION=$SERVER_KEYSTORE_DIR
+                        DESTINATION=$SERVER_KEYSTORE_DIR
-                         fi;
+                     fi;
-                         break;;
+                     break;;
-                    *)  echo "Please reply 'yes' or 'no'"
+                *)  echo "Please reply 'yes' or 'no'"
-                        ;;
+                    ;;
-                 esac
+             esac
-             done
+         done
    else
        DESTINATION=$COPY_DIR
    fi