add(mqtt bridging): add ssl enable

MrHKing · Mar 18, 2022 · 066db2b · 066db2b
1 parent dec761b
commit 066db2b
Show file tree

Hide file tree

Showing 21 changed files with 110 additions and 10 deletions.
diff --git a/.flattened-pom.xml b/.flattened-pom.xml
@@ -113,6 +113,7 @@
     <log4j.version>2.13.3</log4j.version>
     <maven-surefire-plugin.version>2.20</maven-surefire-plugin.version>
     <servlet-api.version>3.0</servlet-api.version>
+    <bouncycastle.version>1.46</bouncycastle.version>
     <spring-boot-dependencies.version>2.1.6.RELEASE</spring-boot-dependencies.version>
     <revision>1.1.1</revision>
   </properties>
@@ -165,6 +166,11 @@
         <artifactId>mmq-web</artifactId>
         <version>${project.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk16</artifactId>
+        <version>${bouncycastle.version}</version>
+      </dependency>
       <dependency>
         <groupId>io.jsonwebtoken</groupId>
         <artifactId>jjwt-api</artifactId>

diff --git a/distribution/conf/application.properties b/distribution/conf/application.properties
@@ -23,7 +23,7 @@ server.port=8888
 #*************** mqtt broker Configurations ***************#
 mmq.broker.websocketPort=2883
 mmq.broker.port=3883
-mmq.broker.ssl.password=mmq@123
+mmq.broker.ssl.password=mmq
 mmq.broker.ssl.certPath=cert/mmq.pfx
 mmq.broker.ssl.port=1663
 mmq.broker.ssl.websocketPort=2663

diff --git a/mmq-config/.flattened-pom.xml b/mmq-config/.flattened-pom.xml
@@ -78,6 +78,12 @@
       <version>1.1.1</version>
       <scope>compile</scope>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk16</artifactId>
+      <version>1.46</version>
+      <scope>compile</scope>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>

diff --git a/mmq-config/pom.xml b/mmq-config/pom.xml
@@ -54,5 +54,9 @@
             <groupId>${project.groupId}</groupId>
             <artifactId>mmq-rule-engine</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk16</artifactId>
+        </dependency>
     </dependencies>
 </project>
diff --git a/mmq-config/src/main/java/org/monkey/mmq/config/driver/MQTTDriver.java b/mmq-config/src/main/java/org/monkey/mmq/config/driver/MQTTDriver.java
@@ -1,13 +1,26 @@
 package org.monkey.mmq.config.driver;
 
 import com.alibaba.fastjson.JSON;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
 import org.eclipse.paho.client.mqttv3.*;
 import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence;
 import org.monkey.mmq.config.matedata.ResourcesMateData;
 import org.monkey.mmq.core.exception.MmqException;
 import org.monkey.mmq.core.utils.StringUtils;
 import org.springframework.stereotype.Component;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.ByteArrayInputStream;
+import java.io.InputStreamReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.X509Certificate;
 import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
@@ -56,11 +69,20 @@ public void addDriver(String resourceId, Map<String, Object> resource) {
             options.setConnectionTimeout(connectionTimeout);
             // 设置会话心跳时间 单位为秒 服务器会每隔1.5*20秒的时间向客户端发送个消息判断客户端是否在线，但这个方法并没有重连的机制
             options.setKeepAliveInterval(keepAliveInterval);
+            // 判断是否启用SSL
+            if (resource.get("sslEnable") != null) {
+                boolean sslEnable = Boolean.parseBoolean(resource.get("sslEnable").toString());
+                if (sslEnable) {
+                    options.setSocketFactory(getSocketFactorySingle(new InputStreamReader(this.getClass().getClassLoader().getResourceAsStream("cert/mmq.cer")),""));
+                }
+            }
             // 连接服务器
             mqttClient.connect(options);
             mqttClientConcurrentHashMap.put(resourceId, mqttClient);
         } catch (MqttException e) {
             return;
+        } catch (Exception exception) {
+            return;
         }
     }
 
@@ -120,11 +142,18 @@ public void deliveryComplete(IMqttDeliveryToken token){
             options.setConnectionTimeout(1);
             // 设置会话心跳时间 单位为秒 服务器会每隔1.5*20秒的时间向客户端发送个消息判断客户端是否在线，但这个方法并没有重连的机制
             options.setKeepAliveInterval(keepAliveInterval);
+            // 判断是否启用SSL
+            if (resourcesMateData.getResource().get("sslEnable") != null) {
+                boolean sslEnable = Boolean.parseBoolean(resourcesMateData.getResource().get("sslEnable").toString());
+                if (sslEnable) {
+                    options.setSocketFactory(getSocketFactorySingle(new InputStreamReader(this.getClass().getClassLoader().getResourceAsStream("cert/mmq.cer")),""));
+                }
+            }
             // 连接服务器
             mqttClient.connect(options);
 
             return true;
-        } catch (MqttException e) {
+        } catch (Exception e) {
             return false;
         }
     }
@@ -145,4 +174,27 @@ public void handle(Map property, ResourcesMateData resourcesMateData,
             throw new MmqException(e.hashCode(), e.getMessage());
         }
     }
+
+    public static SSLSocketFactory getSocketFactorySingle(final InputStreamReader caCertStr, String protocol) throws Exception {
+        Security.addProvider(new BouncyCastleProvider());
+
+        // load CA certificate
+        PEMReader reader = new PEMReader(caCertStr);
+//        PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(caCertStr.getBytes())));
+        X509Certificate caCert = (X509Certificate)reader.readObject();
+        reader.close();
+        // client key and certificates are sent to server so it can authenticate us
+        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());//"JKS"
+        ks.load(null, null);
+        ks.setCertificateEntry("ca-certificate", caCert);
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());//"PKIX"
+        tmf.init(ks);
+        // finally, create SSL socket factory
+        if(StringUtils.isBlank(protocol)){
+            protocol= "TLSv1.1";
+        }
+        SSLContext context = SSLContext.getInstance(protocol);//"TLSv1.1"
+        context.init(null, tmf.getTrustManagers(), new SecureRandom());
+        return context.getSocketFactory();
+    }
 }
diff --git a/mmq-ui/src/views/ruleEngine/modules/ResourceModel.vue b/mmq-ui/src/views/ruleEngine/modules/ResourceModel.vue
@@ -204,14 +204,32 @@
                 v-decorator="[
                   'resource.server',
                   {
-                    rules: [{ required: type === 'MQTT_BROKER' ? true : false, message: '请输入MQTT服务' }]
+                    rules: [{ required: type === 'MQTT_BROKER' ? true : false, message: '请输入MQTT服务地址' }]
                   }
                 ]"
-                placeholder="请输入MQTT服务"
+                placeholder="[ssl://ip:port] OR [tcp://ip:port]"
               />
             </a-form-item>
           </a-col>
-          <a-col :span="12"> </a-col>
+          <a-col :span="12">
+            <a-form-item label="SSL启用">
+              <a-select
+                v-decorator="[
+                  'resource.sslEnable',
+                  {
+                    rules: [{ required: false, message: '请输入SSL启用' }]
+                  }
+                ]"
+              >
+                <a-select-option value="true">
+                  true
+                </a-select-option>
+                <a-select-option value="false">
+                  false
+                </a-select-option>
+              </a-select>
+            </a-form-item>
+          </a-col>
         </a-row>
         <a-row :gutter="16">
           <a-col :span="12">
@@ -301,6 +319,7 @@ export default {
       this.form.resetFields()
       this.visible = true
       if (record) {
+        console.log(record)
         this.curResourceID = record.resourceID
         this.setFieldsValueByType(record.type, record)
       }
@@ -350,13 +369,19 @@ export default {
               resource: {
                 server: record.resource.server,
                 password: record.resource.password,
-                username: record.resource.username
+                username: record.resource.username,
+                sslEnable: record.resource.sslEnable ? record.resource.sslEnable : 'false'
               }
             })
           })
           break
       }
     },
+    beforeUpload(flie) {
+      console.log(flie)
+      this.form.setFieldsValue('resource.caCertStr', flie)
+      return false
+    },
     typeChange(value) {
       this.type = value
     },

diff --git a/mmq-web/src/main/resources/application.properties b/mmq-web/src/main/resources/application.properties
@@ -26,7 +26,7 @@ mmq.broker.port=1883
 mmq.broker.ssl.password=mmq
 mmq.broker.ssl.certPath=cert/mmq.pfx
 mmq.broker.ssl.port=17733
-mmq.broker.ssl.websocketPort=26633
+mmq.broker.ssl.websocketPort=36633
 mmq.broker.default.user=admin
 mmq.broker.default.password=admin@mmq
 mmq.broker.default.anonymous=true

diff --git a/mmq-web/src/main/resources/static/index.html b/mmq-web/src/main/resources/static/index.html
@@ -92,4 +92,4 @@
             to {
                 opacity: 1
             }
-        }</style><link href="/css/chunk-08eb694d.c1692233.css" rel="prefetch"><link href="/css/chunk-199b3a26.54530e73.css" rel="prefetch"><link href="/css/chunk-24a0b0bc.e728df71.css" rel="prefetch"><link href="/css/chunk-8c4d6b48.8acdde5c.css" rel="prefetch"><link href="/css/user.7020778c.css" rel="prefetch"><link href="/js/chunk-00a4fb94.ac21a632.js" rel="prefetch"><link href="/js/chunk-08eb694d.603dd9ee.js" rel="prefetch"><link href="/js/chunk-0c55d5dd.3e6892d4.js" rel="prefetch"><link href="/js/chunk-199b3a26.54c8064a.js" rel="prefetch"><link href="/js/chunk-24a0b0bc.aa3b8650.js" rel="prefetch"><link href="/js/chunk-2d0dd3d0.c0202474.js" rel="prefetch"><link href="/js/chunk-341e83a4.94b4469e.js" rel="prefetch"><link href="/js/chunk-8c4d6b48.c59f8bd7.js" rel="prefetch"><link href="/js/fail.391541cf.js" rel="prefetch"><link href="/js/lang-zh-CN-account-settings.c67af352.js" rel="prefetch"><link href="/js/lang-zh-CN-account.cdd30c11.js" rel="prefetch"><link href="/js/lang-zh-CN-dashboard-analysis.2fc3e69f.js" rel="prefetch"><link href="/js/lang-zh-CN-dashboard.8f35078c.js" rel="prefetch"><link href="/js/lang-zh-CN-form-basicForm.7b3d704b.js" rel="prefetch"><link href="/js/lang-zh-CN-form.1d20b004.js" rel="prefetch"><link href="/js/lang-zh-CN-global.2ab19788.js" rel="prefetch"><link href="/js/lang-zh-CN-menu.1e5410f1.js" rel="prefetch"><link href="/js/lang-zh-CN-overview.5670809e.js" rel="prefetch"><link href="/js/lang-zh-CN-result-fail.e3747840.js" rel="prefetch"><link href="/js/lang-zh-CN-result-success.349556c5.js" rel="prefetch"><link href="/js/lang-zh-CN-result.6915e7e4.js" rel="prefetch"><link href="/js/lang-zh-CN-setting.78d9e9d1.js" rel="prefetch"><link href="/js/lang-zh-CN-user.8df3e5de.js" rel="prefetch"><link href="/js/lang-zh-CN.fdffb1ff.js" rel="prefetch"><link href="/js/user.00b632de.js" rel="prefetch"><link href="/css/app.11637a61.css" rel="preload" as="style"><link href="/css/chunk-vendors.8ebf8fd7.css" rel="preload" as="style"><link href="/js/app.defb417a.js" rel="preload" as="script"><link href="/js/chunk-vendors.8a0a835e.js" rel="preload" as="script"><link href="/css/chunk-vendors.8ebf8fd7.css" rel="stylesheet"><link href="/css/app.11637a61.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but vue-antd-pro doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"><div class="first-loading-wrp"><h1>MMQ</h1><div class="loading-wrp"><span class="dot dot-spin"><i></i><i></i><i></i><i></i></span></div><div style="display: flex; justify-content: center; align-items: center;">MQTT Broker</div></div></div><script src="/js/chunk-vendors.8a0a835e.js"></script><script src="/js/app.defb417a.js"></script></body></html>
+        }</style><link href="/css/chunk-08eb694d.c1692233.css" rel="prefetch"><link href="/css/chunk-199b3a26.54530e73.css" rel="prefetch"><link href="/css/chunk-24a0b0bc.e728df71.css" rel="prefetch"><link href="/css/chunk-8c4d6b48.8acdde5c.css" rel="prefetch"><link href="/css/user.7020778c.css" rel="prefetch"><link href="/js/chunk-00a4fb94.214e2208.js" rel="prefetch"><link href="/js/chunk-08eb694d.35696d76.js" rel="prefetch"><link href="/js/chunk-0c55d5dd.c8425a0d.js" rel="prefetch"><link href="/js/chunk-199b3a26.93bd4366.js" rel="prefetch"><link href="/js/chunk-24a0b0bc.1b2f6a26.js" rel="prefetch"><link href="/js/chunk-2d0dd3d0.10b4db87.js" rel="prefetch"><link href="/js/chunk-341e83a4.e9773f94.js" rel="prefetch"><link href="/js/chunk-8c4d6b48.10460cf0.js" rel="prefetch"><link href="/js/fail.0ebc7f0d.js" rel="prefetch"><link href="/js/lang-zh-CN-account-settings.c67af352.js" rel="prefetch"><link href="/js/lang-zh-CN-account.cdd30c11.js" rel="prefetch"><link href="/js/lang-zh-CN-dashboard-analysis.2fc3e69f.js" rel="prefetch"><link href="/js/lang-zh-CN-dashboard.8f35078c.js" rel="prefetch"><link href="/js/lang-zh-CN-form-basicForm.7b3d704b.js" rel="prefetch"><link href="/js/lang-zh-CN-form.1d20b004.js" rel="prefetch"><link href="/js/lang-zh-CN-global.2ab19788.js" rel="prefetch"><link href="/js/lang-zh-CN-menu.1e5410f1.js" rel="prefetch"><link href="/js/lang-zh-CN-overview.5670809e.js" rel="prefetch"><link href="/js/lang-zh-CN-result-fail.e3747840.js" rel="prefetch"><link href="/js/lang-zh-CN-result-success.349556c5.js" rel="prefetch"><link href="/js/lang-zh-CN-result.6915e7e4.js" rel="prefetch"><link href="/js/lang-zh-CN-setting.78d9e9d1.js" rel="prefetch"><link href="/js/lang-zh-CN-user.8df3e5de.js" rel="prefetch"><link href="/js/lang-zh-CN.fdffb1ff.js" rel="prefetch"><link href="/js/user.6068d9fc.js" rel="prefetch"><link href="/css/app.11637a61.css" rel="preload" as="style"><link href="/css/chunk-vendors.8ebf8fd7.css" rel="preload" as="style"><link href="/js/app.c49c5fca.js" rel="preload" as="script"><link href="/js/chunk-vendors.8a0a835e.js" rel="preload" as="script"><link href="/css/chunk-vendors.8ebf8fd7.css" rel="stylesheet"><link href="/css/app.11637a61.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but vue-antd-pro doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"><div class="first-loading-wrp"><h1>MMQ</h1><div class="loading-wrp"><span class="dot dot-spin"><i></i><i></i><i></i><i></i></span></div><div style="display: flex; justify-content: center; align-items: center;">MQTT Broker</div></div></div><script src="/js/chunk-vendors.8a0a835e.js"></script><script src="/js/app.c49c5fca.js"></script></body></html>
diff --git a/mmq-web/src/main/resources/static/js/app.c49c5fca.js b/mmq-web/src/main/resources/static/js/app.c49c5fca.js
diff --git a/mmq-web/src/main/resources/static/js/app.defb417a.js b/mmq-web/src/main/resources/static/js/app.defb417a.js
diff --git a/...rces/static/js/chunk-00a4fb94.ac21a632.js → ...rces/static/js/chunk-00a4fb94.214e2208.js b/...rces/static/js/chunk-00a4fb94.ac21a632.js → ...rces/static/js/chunk-00a4fb94.214e2208.js
diff --git a/...rces/static/js/chunk-08eb694d.603dd9ee.js → ...rces/static/js/chunk-08eb694d.35696d76.js b/...rces/static/js/chunk-08eb694d.603dd9ee.js → ...rces/static/js/chunk-08eb694d.35696d76.js
diff --git a/...rces/static/js/chunk-0c55d5dd.3e6892d4.js → ...rces/static/js/chunk-0c55d5dd.c8425a0d.js b/...rces/static/js/chunk-0c55d5dd.3e6892d4.js → ...rces/static/js/chunk-0c55d5dd.c8425a0d.js
diff --git a/...rces/static/js/chunk-199b3a26.54c8064a.js → ...rces/static/js/chunk-199b3a26.93bd4366.js b/...rces/static/js/chunk-199b3a26.54c8064a.js → ...rces/static/js/chunk-199b3a26.93bd4366.js
diff --git a/...rces/static/js/chunk-24a0b0bc.aa3b8650.js → ...rces/static/js/chunk-24a0b0bc.1b2f6a26.js b/...rces/static/js/chunk-24a0b0bc.aa3b8650.js → ...rces/static/js/chunk-24a0b0bc.1b2f6a26.js
diff --git a/...rces/static/js/chunk-2d0dd3d0.c0202474.js → ...rces/static/js/chunk-2d0dd3d0.10b4db87.js b/...rces/static/js/chunk-2d0dd3d0.c0202474.js → ...rces/static/js/chunk-2d0dd3d0.10b4db87.js
diff --git a/...rces/static/js/chunk-341e83a4.94b4469e.js → ...rces/static/js/chunk-341e83a4.e9773f94.js b/...rces/static/js/chunk-341e83a4.94b4469e.js → ...rces/static/js/chunk-341e83a4.e9773f94.js