/
main.go
130 lines (110 loc) · 3.57 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
* Copyright (c) 2021 IBM Corp and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v2.0
* and Eclipse Distribution License v1.0 which accompany this distribution.
*
* The Eclipse Public License is available at
* https://www.eclipse.org/legal/epl-2.0/
* and the Eclipse Distribution License is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* Contributors:
* Seth Hoenig
* Allan Stockdill-Mander
* Mike Robertson
*/
/*
To run this sample, The following certificates
must be created:
rootCA-crt.pem - root certificate authority that is used
to sign and verify the client and server
certificates.
rootCA-key.pem - keyfile for the rootCA.
server-crt.pem - server certificate signed by the CA.
server-key.pem - keyfile for the server certificate.
client-crt.pem - client certificate signed by the CA.
client-key.pem - keyfile for the client certificate.
CAfile.pem - file containing concatenated CA certificates
if there is more than 1 in the chain.
(e.g. root CA -> intermediate CA -> server cert)
Instead of creating CAfile.pem, rootCA-crt.pem can be added
to the default openssl CA certificate bundle. To find the
default CA bundle used, check:
$GO_ROOT/src/pks/crypto/x509/root_unix.go
To use this CA bundle, just set tls.Config.RootCAs = nil.
*/
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"time"
MQTT "github.com/eclipse/paho.mqtt.golang"
)
func NewTLSConfig() *tls.Config {
// Import trusted certificates from CAfile.pem.
// Alternatively, manually add CA certificates to
// default openssl CA bundle.
certpool := x509.NewCertPool()
pemCerts, err := ioutil.ReadFile("samplecerts/CAfile.pem")
if err == nil {
certpool.AppendCertsFromPEM(pemCerts)
}
// Import client certificate/key pair
cert, err := tls.LoadX509KeyPair("samplecerts/client-crt.pem", "samplecerts/client-key.pem")
if err != nil {
panic(err)
}
// Just to print out the client certificate..
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
panic(err)
}
fmt.Println(cert.Leaf)
// Create tls.Config with desired tls properties
return &tls.Config{
// RootCAs = certs used to verify server cert.
RootCAs: certpool,
// ClientAuth = whether to request cert from server.
// Since the server is set up for SSL, this happens
// anyways.
ClientAuth: tls.NoClientCert,
// ClientCAs = certs used to validate client cert.
ClientCAs: nil,
// InsecureSkipVerify = verify that cert contents
// match server. IP matches what is in cert etc.
InsecureSkipVerify: true,
// Certificates = list of certs client sends to server.
Certificates: []tls.Certificate{cert},
}
}
var f MQTT.MessageHandler = func(client MQTT.Client, msg MQTT.Message) {
fmt.Printf("TOPIC: %s\n", msg.Topic())
fmt.Printf("MSG: %s\n", msg.Payload())
}
func main() {
tlsconfig := NewTLSConfig()
opts := MQTT.NewClientOptions()
opts.AddBroker("ssl://iot.eclipse.org:8883")
opts.SetClientID("ssl-sample").SetTLSConfig(tlsconfig)
opts.SetDefaultPublishHandler(f)
// Start the connection
c := MQTT.NewClient(opts)
if token := c.Connect(); token.Wait() && token.Error() != nil {
panic(token.Error())
}
c.Subscribe("/go-mqtt/sample", 0, nil)
i := 0
for range time.Tick(time.Duration(1) * time.Second) {
if i == 5 {
break
}
text := fmt.Sprintf("this is msg #%d!", i)
c.Publish("/go-mqtt/sample", 0, false, text)
i++
}
c.Disconnect(250)
}