简柏林 / thingskit · Commits

Commit bfb27e87bd9789b4e43b82c2be5fb194aa414fec

Authored by Andrew Shvayka
1 parent 0c5ff6ef

TB-33: SSL tools improvements

Inline Side-by-side
Showing 7 changed files with 32 additions and 33 deletions
@@ -81,7 +81,7 @@ mqtt: @@ -81,7 +81,7 @@ mqtt:
81 worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}" 81 worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
82 # Uncomment the following lines to enable ssl for MQTT 82 # Uncomment the following lines to enable ssl for MQTT
83 # ssl: 83 # ssl:
84 -# key_store: keystore/mqttserver.jks 84 +# key_store: mqttserver.jks
85 # key_store_password: server_ks_password 85 # key_store_password: server_ks_password
86 # key_password: server_key_password 86 # key_password: server_key_password
87 # key_store_type: JKS 87 # key_store_type: JKS
tools/src/main/python/one-way-ssl-mqtt-client.py renamed from tools/src/main/shell/onewaysslmqttclient.py
  1 +# -*- coding: utf-8 -*-
1 # 2 #
2 # Copyright © 2016-2017 The Thingsboard Authors 3 # Copyright © 2016-2017 The Thingsboard Authors
3 # 4 #
@@ -41,14 +42,12 @@ client.on_connect = on_connect @@ -41,14 +42,12 @@ client.on_connect = on_connect
41 client.on_message = on_message 42 client.on_message = on_message
42 client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1) 43 client.publish('v1/devices/me/attributes/request/1', "{\"clientKeys\":\"model\"}", 1)
43 44
44 -#client.tls_set(ca_certs="client_truststore.pem", certfile="mqttclient.nopass.pem", keyfile=None, cert_reqs=ssl.CERT_REQUIRED,  
45 -# tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);  
46 client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED, 45 client.tls_set(ca_certs="mqttserver.pub.pem", certfile=None, keyfile=None, cert_reqs=ssl.CERT_REQUIRED,
47 tls_version=ssl.PROTOCOL_TLSv1, ciphers=None); 46 tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
48 47
49 -client.username_pw_set("B1_TEST_TOKEN") 48 +client.username_pw_set("TEST_TOKEN")
50 client.tls_insecure_set(False) 49 client.tls_insecure_set(False)
51 -client.connect(socket.gethostname(), 1883, 1) 50 +client.connect(socket.gethostname(), 8883, 1)
52 51
53 52
54 # Blocking call that processes network traffic, dispatches callbacks and 53 # Blocking call that processes network traffic, dispatches callbacks and
tools/src/main/python/simple-mqtt-client.py renamed from tools/src/main/shell/simplemqttclient.py
tools/src/main/python/two-way-ssl-mqtt-client.py renamed from tools/src/main/shell/twowaysslmqttclient.py
@@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem", @@ -46,7 +46,7 @@ client.tls_set(ca_certs="mqttserver.pub.pem", certfile="mqttclient.nopass.pem",
46 tls_version=ssl.PROTOCOL_TLSv1, ciphers=None); 46 tls_version=ssl.PROTOCOL_TLSv1, ciphers=None);
47 47
48 client.tls_insecure_set(False) 48 client.tls_insecure_set(False)
49 -client.connect(socket.gethostname(), 1883, 1) 49 +client.connect(socket.gethostname(), 8883, 1)
50 50
51 51
52 # Blocking call that processes network traffic, dispatches callbacks and 52 # Blocking call that processes network traffic, dispatches callbacks and
tools/src/main/shell/client.keygen.sh renamed from tools/src/main/shell/securemqttclient.keygen.sh
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
18 usage() { 18 usage() {
19 echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file," 19 echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file,"
20 echo "and imports server public key to client keystore" 20 echo "and imports server public key to client keystore"
21 - echo "usage: ./securemqttclient.keygen.sh [-p file]" 21 + echo "usage: ./client.keygen.sh [-p file]"
22 echo " -p | --props | --properties file Properties file. default value is ./keygen.properties" 22 echo " -p | --props | --properties file Properties file. default value is ./keygen.properties"
23 echo " -h | --help | ? Show this message" 23 echo " -h | --help | ? Show this message"
24 } 24 }
@@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f @@ -48,7 +48,7 @@ if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f
48 then 48 then
49 while : 49 while :
50 do 50 do
51 - read -p "Output files from previous server.keygen.sh script run found. Overwrite?[yes]" response 51 + read -p "Output files from previous server.keygen.sh script run found. Overwrite? [Y/N]: " response
52 case $response in 52 case $response in
53 [nN]|[nN][oO]) 53 [nN]|[nN][oO])
54 echo "Skipping" 54 echo "Skipping"
@@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..." @@ -74,7 +74,7 @@ echo "Generating SSL Key Pair..."
74 74
75 keytool -genkeypair -v \ 75 keytool -genkeypair -v \
76 -alias $CLIENT_KEY_ALIAS \ 76 -alias $CLIENT_KEY_ALIAS \
77 - -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=Piscataway, ST=NJ, C=US" \ 77 + -dname "CN=$DOMAIN_SUFFIX, OU=Thingsboard, O=Thingsboard, L=San Francisco, ST=CA, C=US" \
78 -keystore $CLIENT_FILE_PREFIX.jks \ 78 -keystore $CLIENT_FILE_PREFIX.jks \
79 -keypass $CLIENT_KEY_PASSWORD \ 79 -keypass $CLIENT_KEY_PASSWORD \
80 -storepass $CLIENT_KEYSTORE_PASSWORD \ 80 -storepass $CLIENT_KEYSTORE_PASSWORD \
@@ -17,8 +17,8 @@ @@ -17,8 +17,8 @@
17 DOMAIN_SUFFIX="$(hostname)" 17 DOMAIN_SUFFIX="$(hostname)"
18 ORGANIZATIONAL_UNIT=Thingsboard 18 ORGANIZATIONAL_UNIT=Thingsboard
19 ORGANIZATION=Thingsboard 19 ORGANIZATION=Thingsboard
20 -CITY=Piscataway  
21 -STATE_OR_PROVINCE=NJ 20 +CITY=San Francisco
  21 +STATE_OR_PROVINCE=CA
22 TWO_LETTER_COUNTRY_CODE=US 22 TWO_LETTER_COUNTRY_CODE=US
23 23
24 SERVER_KEYSTORE_PASSWORD=server_ks_password 24 SERVER_KEYSTORE_PASSWORD=server_ks_password
@@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password @@ -26,10 +26,10 @@ SERVER_KEY_PASSWORD=server_key_password
26 26
27 SERVER_KEY_ALIAS="serveralias" 27 SERVER_KEY_ALIAS="serveralias"
28 SERVER_FILE_PREFIX="mqttserver" 28 SERVER_FILE_PREFIX="mqttserver"
29 -SERVER_KEYSTORE_DIR="../../../../application/src/main/resources/keystore/" 29 +SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
30 30
31 -CLIENT_KEYSTORE_PASSWORD=client_ks_password  
32 -CLIENT_KEY_PASSWORD=client_key_password 31 +CLIENT_KEYSTORE_PASSWORD=password
  32 +CLIENT_KEY_PASSWORD=password
33 33
34 CLIENT_KEY_ALIAS="clientalias" 34 CLIENT_KEY_ALIAS="clientalias"
35 CLIENT_FILE_PREFIX="mqttclient" 35 CLIENT_FILE_PREFIX="mqttclient"
@@ -122,25 +122,25 @@ fi @@ -122,25 +122,25 @@ fi
122 122
123 if [[ $COPY = true ]]; then 123 if [[ $COPY = true ]]; then
124 if [[ -z "$COPY_DIR" ]]; then 124 if [[ -z "$COPY_DIR" ]]; then
125 - read -p "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory?[yes]" yn  
126 - while :  
127 - do  
128 - case $yn in  
129 - [nN]|[nN][oO])  
130 - break  
131 - ;;  
132 - [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")  
133 - read -p "(Default: $SERVER_KEYSTORE_DIR): " dir  
134 - if [[ ! -z $dir ]]; then  
135 - DESTINATION=$dir;  
136 - else  
137 - DESTINATION=$SERVER_KEYSTORE_DIR  
138 - fi;  
139 - break;;  
140 - *) echo "Please reply 'yes' or 'no'"  
141 - ;;  
142 - esac  
143 - done 125 + while :
  126 + do
  127 + read -p "Do you want to copy $SERVER_FILE_PREFIX.jks to server directory? [Y/N]: " yn
  128 + case $yn in
  129 + [nN]|[nN][oO])
  130 + break
  131 + ;;
  132 + [yY]|[yY][eE]|[yY][eE]|[sS]|[yY]|"")
  133 + read -p "(Default: $SERVER_KEYSTORE_DIR): " dir
  134 + if [[ ! -z $dir ]]; then
  135 + DESTINATION=$dir;
  136 + else
  137 + DESTINATION=$SERVER_KEYSTORE_DIR
  138 + fi;
  139 + break;;
  140 + *) echo "Please reply 'yes' or 'no'"
  141 + ;;
  142 + esac
  143 + done
144 else 144 else
145 DESTINATION=$COPY_DIR 145 DESTINATION=$COPY_DIR
146 fi 146 fi