[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [paho-dev] How to use Android Paho java client to create SSL/TLS connection to mosquitto
|
Good morning everyone!
I would suggest you looking at the following piece of code for establishing SSL connections to Mosquitto with Java:
https://gist.github.com/sharonbn/4104301
I used this as a basis for mine a good while back. From what I remember, I had to tweak it some for the newer version of the bouncy castle libraries but I did get it working.
Dwayne Bradley
Technology Development Manager
Emerging Technology Office
Office - (704) 382-7142
Cell - (704) 817-0910
CONFIDENTIALITY NOTICE
The preceding e-mail message (including any attachments) contains information that may be confidential, may be protected by the attorney-client or other applicable privileges, or may constitute non-public information. It is intended to be conveyed only to the designated recipient(s). If you are not an intended recipient of this message, please notify the sender by replying to this message and then delete it from your system. Use, dissemination, distribution, or reproduction of this message by unintended recipients is not authorized and may be unlawful.
-----Original Message-----
From: paho-dev-bounces@xxxxxxxxxxx [mailto:paho-dev-bounces@xxxxxxxxxxx] On Behalf Of Al Stockdill-Mander
Sent: Monday, September 29, 2014 6:40 AM
To: paho-dev@xxxxxxxxxxx
Subject: Re: [paho-dev] How to use Android Paho java client to create SSL/TLS connection to mosquitto
*** This is an EXTERNAL email. Exercise caution. DO NOT open attachments or click links from unknown senders or unexpected email. ***
Romu,
I'm not sure about the details of connecting with mutual auth and TLS, but looking at the android service tests (AndroidServiceTest.java) there are a couple of tests there that test connecting via SSL, it seems they are only for server cert authentication but it would probably be good to see if you can get that going first then try to extend it with mutual auth, hopefully the test material can be helpful.
Al
On 29/09/14 11:22, Romu Hu wrote:
> Hi,
>
> I have been using
> org.eclipse.paho.android.service/org.eclipse.paho.android.service.samp
> le/src/org/eclipse/paho/android/service/sample/ClientConnections.java
> to test SSL/TLS connection to mosquitto. The connection always fail,
> the log on the mosquitto broker side is:
>
> 1411985829: New connection from xx.xx.xx.xx on port 8883.
> 1411985829: OpenSSL Error: error:1408A10B:SSL
> routines:SSL3_GET_CLIENT_HELLO:wrong version number
>
> But I could use the following mosquitto_sub command line to
> successfully connect to the mosquitto broker (8883):
>
> # mosquitto_sub -c -d -h xxx.xxx.xxx.xxx -p 8883 --cafile ca.crt -i
> myclientid -q 1 -t mytopic -v
>
> Below is the listener config of my mosquitto broker:
>
> # Default listener
> bind_address xxx.xxx.xxx.xxx
> port 8883
> max_connections -1
> cafile /etc/mosquitto/ca.crt
> certfile /etc/mosquitto/server.crt
> keyfile /etc/mosquitto/server.key
> tls_version tlsv1.2
>
> Below is my modification to ClientConnections.java:
>
> diff --git
> a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sa
> mple/src/org/eclipse/paho/android/service/sample/ClientConnections.jav
> a
> b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sa
> mple/src/org/eclipse/paho/android/service/sample/ClientConnections.jav
> a
>
> index c3133c5..a6af9a6 100644
> ---
> a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sa
> mple/src/org/eclipse/paho/android/service/sample/ClientConnections.jav
> a
>
> +++
> b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sa
> mple/src/org/eclipse/paho/android/service/sample/ClientConnections.jav
> a
>
> @@ -238,6 +238,20 @@ public class ClientConnections extends ListActivity {
> Log.e("SSLConnection", "Doing an SSL Connect");
> uri = "ssl://";
>
> + try {
> + SSLContext context;
> + KeyStore ts = KeyStore.getInstance("bks");
> + ts.load(getResources().openRawResource(R.raw.ca),
> "123456".toCharArray());
> + TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
> + tmf.init(ts);
> + TrustManager[] tm = tmf.getTrustManagers();
> + context = SSLContext.getInstance("TLSv1.2");
> + context.init(null, tm, null);
> + SocketFactory factory = context.getSocketFactory();
> + conOpt.setSocketFactory(factory);
> + } catch (Exception e) {
> + // TODO: handle exception
> + }
> }
> else {
> uri = "tcp://";
>
> I used the following command to convert ca.crt (generated by openssl)
> to
> ca.bks:
>
> keytool -importcert -keystore C:\Users\shengli\Desktop\ca.bks -file
> C:\Users\shengli\Desktop\ca.crt -storetype BKS -provider
> org.bouncycastle.jce.provider.BouncyCastleProvider
>
> Passphrase of the bks is set to 123456.
>
> Any idea?
>
> Thanks
> Romu
>
> On 2014/9/25 17:41, Romu Hu wrote:
>> Hi,
>>
>> I've been trying to use Android Paho java client to create SSL/TLS
>> connection to mosquitto. My mosquitto broker has two TLS listeners,
>> one requires client certificate, the other one does not.
>>
>> How to connect to the listener that requires client certificate? How
>> to connect to the one that does not? The ca certificate, client
>> certificate and client key are stored in the Android device. Any
>> third-party java libraries needed? Any code examples?
>>
>> Thanks
>> Romu
>
> _______________________________________________
> paho-dev mailing list
> paho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or
> unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/paho-dev
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/paho-dev
