jimrok · February 2, 2025 23:23 · choutianxius · Feb 2, 2025
diff --git a/TestMQTT.java b/TestMQTT.java
 package test_mqtt;

 import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.FileReader;
 import java.security.KeyPair;
 import java.security.KeyStore;
 import java.security.Security;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;

 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;

 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMDecryptorProvider;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
 import org.eclipse.paho.client.mqttv3.MqttClient;
 import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
 import org.eclipse.paho.client.mqttv3.MqttException;

 public class TestMQTT {

 	public static void main(String[] args) {
 		
 		String serverUrl = "ssl://serverip:1883";
 		String caFilePath = "/your_ssl/cacert.pem";
 		String clientCrtFilePath = "/your_ssl/client.pem";
 		String clientKeyFilePath = "/your_ssl/client.key";
 		String mqttUserName = "guest";
 		String mqttPassword = "123123";
 		
 		MqttClient client;
 		try {
 			client = new MqttClient(serverUrl, "2");
 			MqttConnectOptions options = new MqttConnectOptions();
 			options.setUserName(mqttUserName);
 			options.setPassword(mqttPassword.toCharArray());
 			
 			options.setConnectionTimeout(60);
 			options.setKeepAliveInterval(60);
 			options.setMqttVersion(MqttConnectOptions.MQTT_VERSION_3_1);

 			
 			SSLSocketFactory socketFactory = getSocketFactory(caFilePath,
 					clientCrtFilePath, clientKeyFilePath, "");
 			options.setSocketFactory(socketFactory);

 			System.out.println("starting connect the server...");
 			client.connect(options);
 			System.out.println("connected!");
 			Thread.sleep(1000);

 			client.subscribe(
 					"/u/56ca327d17531d08e76bddd4a215e37f5fd6082f7442151c4d3f1d100a0ffd4e",
 					0);
 			client.disconnect();
 			System.out.println("disconnected!");


 		} catch (MqttException e) {
 			e.printStackTrace();
 		} catch (Exception e) {
 			e.printStackTrace();
 		}

 	}

 	private static SSLSocketFactory getSocketFactory(final String caCrtFile,
 			final String crtFile, final String keyFile, final String password)
 			throws Exception {
 		Security.addProvider(new BouncyCastleProvider());

 		// load CA certificate
 		X509Certificate caCert = null;

 		FileInputStream fis = new FileInputStream(caCrtFile);
 		BufferedInputStream bis = new BufferedInputStream(fis);
 		CertificateFactory cf = CertificateFactory.getInstance("X.509");

 		while (bis.available() > 0) {
 			caCert = (X509Certificate) cf.generateCertificate(bis);
 			// System.out.println(caCert.toString());
 		}

 		// load client certificate
 		bis = new BufferedInputStream(new FileInputStream(crtFile));
 		X509Certificate cert = null;
 		while (bis.available() > 0) {
 			cert = (X509Certificate) cf.generateCertificate(bis);
 			// System.out.println(caCert.toString());
 		}

 		// load client private key
 		PEMParser pemParser = new PEMParser(new FileReader(keyFile));
 		Object object = pemParser.readObject();
 		PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
 				.build(password.toCharArray());
 		JcaPEMKeyConverter converter = new JcaPEMKeyConverter()
 				.setProvider("BC");
 		KeyPair key;
 		if (object instanceof PEMEncryptedKeyPair) {
 			System.out.println("Encrypted key - we will use provided password");
 			key = converter.getKeyPair(((PEMEncryptedKeyPair) object)
 					.decryptKeyPair(decProv));
 		} else {
 			System.out.println("Unencrypted key - no password needed");
 			key = converter.getKeyPair((PEMKeyPair) object);
 		}
 		pemParser.close();

 		// CA certificate is used to authenticate server
 		KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
 		caKs.load(null, null);
 		caKs.setCertificateEntry("ca-certificate", caCert);
 		TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
 		tmf.init(caKs);

 		// client key and certificates are sent to server so it can authenticate
 		// us
 		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
 		ks.load(null, null);
 		ks.setCertificateEntry("certificate", cert);
 		ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(),
 				new java.security.cert.Certificate[] { cert });
 		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
 				.getDefaultAlgorithm());
 		kmf.init(ks, password.toCharArray());

 		// finally, create SSL socket factory
 		SSLContext context = SSLContext.getInstance("TLSv1.2");
 		context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

 		return context.getSocketFactory();
 	}

 }
	package test_mqtt;

	import java.io.BufferedInputStream;
	import java.io.FileInputStream;
	import java.io.FileReader;
	import java.security.KeyPair;
	import java.security.KeyStore;
	import java.security.Security;
	import java.security.cert.CertificateFactory;
	import java.security.cert.X509Certificate;

	import javax.net.ssl.KeyManagerFactory;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManagerFactory;

	import org.bouncycastle.jce.provider.BouncyCastleProvider;
	import org.bouncycastle.openssl.PEMDecryptorProvider;
	import org.bouncycastle.openssl.PEMEncryptedKeyPair;
	import org.bouncycastle.openssl.PEMKeyPair;
	import org.bouncycastle.openssl.PEMParser;
	import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
	import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
	import org.eclipse.paho.client.mqttv3.MqttClient;
	import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
	import org.eclipse.paho.client.mqttv3.MqttException;

	public class TestMQTT {

	public static void main(String[] args) {

	String serverUrl = "ssl://serverip:1883";
	String caFilePath = "/your_ssl/cacert.pem";
	String clientCrtFilePath = "/your_ssl/client.pem";
	String clientKeyFilePath = "/your_ssl/client.key";
	String mqttUserName = "guest";
	String mqttPassword = "123123";

	MqttClient client;
	try {
	client = new MqttClient(serverUrl, "2");
	MqttConnectOptions options = new MqttConnectOptions();
	options.setUserName(mqttUserName);
	options.setPassword(mqttPassword.toCharArray());

	options.setConnectionTimeout(60);
	options.setKeepAliveInterval(60);
	options.setMqttVersion(MqttConnectOptions.MQTT_VERSION_3_1);


	SSLSocketFactory socketFactory = getSocketFactory(caFilePath,
	clientCrtFilePath, clientKeyFilePath, "");
	options.setSocketFactory(socketFactory);

	System.out.println("starting connect the server...");
	client.connect(options);
	System.out.println("connected!");
	Thread.sleep(1000);

	client.subscribe(
	"/u/56ca327d17531d08e76bddd4a215e37f5fd6082f7442151c4d3f1d100a0ffd4e",
	0);
	client.disconnect();
	System.out.println("disconnected!");


	} catch (MqttException e) {
	e.printStackTrace();
	} catch (Exception e) {
	e.printStackTrace();
	}

	}

	private static SSLSocketFactory getSocketFactory(final String caCrtFile,
	final String crtFile, final String keyFile, final String password)
	throws Exception {
	Security.addProvider(new BouncyCastleProvider());

	// load CA certificate
	X509Certificate caCert = null;

	FileInputStream fis = new FileInputStream(caCrtFile);
	BufferedInputStream bis = new BufferedInputStream(fis);
	CertificateFactory cf = CertificateFactory.getInstance("X.509");

	while (bis.available() > 0) {
	caCert = (X509Certificate) cf.generateCertificate(bis);
	// System.out.println(caCert.toString());
	}

	// load client certificate
	bis = new BufferedInputStream(new FileInputStream(crtFile));
	X509Certificate cert = null;
	while (bis.available() > 0) {
	cert = (X509Certificate) cf.generateCertificate(bis);
	// System.out.println(caCert.toString());
	}

	// load client private key
	PEMParser pemParser = new PEMParser(new FileReader(keyFile));
	Object object = pemParser.readObject();
	PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
	.build(password.toCharArray());
	JcaPEMKeyConverter converter = new JcaPEMKeyConverter()
	.setProvider("BC");
	KeyPair key;
	if (object instanceof PEMEncryptedKeyPair) {
	System.out.println("Encrypted key - we will use provided password");
	key = converter.getKeyPair(((PEMEncryptedKeyPair) object)
	.decryptKeyPair(decProv));
	} else {
	System.out.println("Unencrypted key - no password needed");
	key = converter.getKeyPair((PEMKeyPair) object);
	}
	pemParser.close();

	// CA certificate is used to authenticate server
	KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
	caKs.load(null, null);
	caKs.setCertificateEntry("ca-certificate", caCert);
	TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
	tmf.init(caKs);

	// client key and certificates are sent to server so it can authenticate
	// us
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(null, null);
	ks.setCertificateEntry("certificate", cert);
	ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(),
	new java.security.cert.Certificate[] { cert });
	KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
	.getDefaultAlgorithm());
	kmf.init(ks, password.toCharArray());

	// finally, create SSL socket factory
	SSLContext context = SSLContext.getInstance("TLSv1.2");
	context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

	return context.getSocketFactory();
	}

	}