mqtt paho ssl java端代码

最新推荐文章于 2024-08-10 23:28:28 发布
最新推荐文章于 2024-08-10 23:28:28 发布
阅读量532 收藏
点赞数
文章标签: java 开发工具 移动开发

参考链接:http://blog.csdn.net/lingshi210/article/details/52439050

mqtt 的ssl配置可以参阅 
http://houjixin.blog.163.com/blog/static/35628410201432205042955/

然后注意开启防火墙端口。

mqtt的命令和Java端的ssl 必须同时要带上ca.crt、clilent.crt、client.key三个文件,即CA证书、客户证书、客户私钥。

由于java 端不支持client.key的格式,需要命令进行转化

openssl pkcs8 -topk8 -in client.key -out client.pem -nocrypt

另外: 
不知为何ubuntu下关闭防火墙后还是握手失败,cenos下正常,抓包后已经看不到明文了。

Java部分:

1.核心部分只需要设置SSLSocketFactory

MqttConnectOptions options = new MqttConnectOptions();
SSLSocketFactory factory=getSSLSocktet("youpath/ca.crt","youpath/client.crt","youpath/client.pem","password"); options.setSocketFactory(factory);

2.自定义SSLSocketFactory (改进于http://gist.github.com/4104301

此处的密码应为生成证书的时候输入的密码,未认证。

private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception {
        // CA certificate is used to authenticate server
        CertificateFactory cAf = CertificateFactory.getInstance("X.509");
        FileInputStream caIn = new FileInputStream(caPath);
        X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn); KeyStore caKs = KeyStore.getInstance("JKS"); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", ca); TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); tmf.init(caKs); CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream crtIn = new FileInputStream(crtPath); X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close(); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // ks.load(caIn,password.toCharArray()); ks.load(null, null); ks.setCertificateEntry("certificate", caCert); ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(), new java.security.cert.Certificate[]{caCert} ); KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX"); kmf.init(ks, password.toCharArray()); // keyIn.close(); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory(); }

Android上会报错,改进如下:

    private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception {
        // CA certificate is used to authenticate server
        CertificateFactory cAf = CertificateFactory.getInstance("X.509");
        FileInputStream caIn = new FileInputStream(caPath);
        X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn); KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", ca); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); caIn.close(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream crtIn = new FileInputStream(crtPath); X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close(); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // ks.load(caIn,password.toCharArray()); ks.load(null, null); ks.setCertificateEntry("certificate", caCert); ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(), new java.security.cert.Certificate[]{caCert} ); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // keyIn.close(); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory(); }

3.获取私钥代码部分

由于只能读取PKCS8的格式,所以需要转成pem

    public PrivateKey getPrivateKey(String path) throws Exception{  



        org.apache.commons.codec.binary.Base64 base64=new Base64();
        byte[] buffer= base64.decode(getPem(path)); PKCS8EncodedKeySpec keySpec= new PKCS8EncodedKeySpec(buffer); KeyFactory keyFactory= KeyFactory.getInstance("RSA"); return (RSAPrivateKey) keyFactory.generatePrivate(keySpec); }

 

附录:

package com;

import java.awt.BorderLayout;
import java.awt.Container;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.InputStream; import java.io.InputStreamReader; import java.security.KeyFactory; import java.security.KeyStore; import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; import java.security.spec.PKCS8EncodedKeySpec; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import javax.swing.JButton; import javax.swing.JFrame; import javax.swing.JLabel; import javax.swing.JOptionPane; import javax.swing.JPanel; import javax.swing.JTextArea; import org.apache.commons.codec.binary.Base64; import org.eclipse.paho.client.mqttv3.IMqttDeliveryToken; import org.eclipse.paho.client.mqttv3.MqttCallback; import org.eclipse.paho.client.mqttv3.MqttClient; import org.eclipse.paho.client.mqttv3.MqttConnectOptions; import org.eclipse.paho.client.mqttv3.MqttMessage; import org.eclipse.paho.client.mqttv3.MqttTopic; import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory; import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence; public class Server extends JFrame { private static final long serialVersionUID = 1L; private JPanel panel; private JPanel panelText; private JPanel panelText2; private JButton button; private JButton button2; private JButton subscribeButton; private JTextArea textHost; private JTextArea textClientID; private JTextArea textPublishMsg; private JTextArea textTopic; private MqttClient client; private String host = "ssl://192.168.10.233:1883"; private MqttTopic topic; private MqttMessage message; private String userToken = "999999"; private String myTopicRoot = "test"; private String myTopic = null; private String clienID = "test1234567"; public Server() { Container container = this.getContentPane(); panel = new JPanel(); panelText = new JPanel(); panelText2 = new JPanel(); button = new JButton("发布主题消息"); button2 = new JButton("更换客户机地址和IP"); button.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent ae) { try { host = textHost.getText(); clienID = textClientID.getText(); if (client == null) { client = new MqttClient(host, clienID, new MemoryPersistence()); } if (!client.isConnected()) { connect(); } publishMsg(textTopic.getText(), textPublishMsg.getText()); } catch (Exception e) { e.printStackTrace(); showErrorMsg(e.toString()); } } }); button2.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent arg0) { // TODO Auto-generated method stub host = textHost.getText(); clienID = textClientID.getText(); try { if (client != null) client.disconnectForcibly(); client = new MqttClient(host, clienID, new MemoryPersistence()); connect(); } catch (Exception e) { e.printStackTrace(); showErrorMsg(e.toString()); } } }); subscribeButton = new JButton("订阅主题"); subscribeButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent arg0) { // TODO Auto-generated method stub try { if (client == null) { client = new MqttClient(host, clienID, new MemoryPersistence()); } if (!client.isConnected()) { connect(); } if (myTopic != null && !myTopic.equals(textTopic.getText())) { client.subscribe(myTopic); } client.subscribe(textTopic.getText()); myTopic = textTopic.getText(); } catch (Exception e) { e.printStackTrace(); showErrorMsg(e.toString()); } } }); textHost = new JTextArea(); textHost.setText(host); textClientID = new JTextArea(); textClientID.setText(clienID); panel.add(button); panel.add(subscribeButton); panelText.add(button2); panelText.add(new JLabel("mqtt地址")); panelText.add(textHost); panelText.add(new JLabel("ClienId")); panelText.add(textClientID); panelText.add(new JLabel("主题")); textTopic = new JTextArea(); textTopic.setText(myTopicRoot); panelText.add(textTopic); textPublishMsg = new JTextArea(); textPublishMsg.setText("@" + userToken + "@E@5@" + userToken + "@"); panelText2.add(new JLabel("mqtt消息")); panelText2.add(textPublishMsg); container.add(panel, BorderLayout.NORTH); container.add(panelText, BorderLayout.CENTER); container.add(panelText2, BorderLayout.SOUTH); // try { // client = new MqttClient(host, clienID, // new MemoryPersistence()); // connect(); // } catch (Exception e) { // showErrorMsg(e.toString()); // } } private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception { // CA certificate is used to authenticate server CertificateFactory cAf = CertificateFactory.getInstance("X.509"); FileInputStream caIn = new FileInputStream(caPath); X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn); KeyStore caKs = KeyStore.getInstance("JKS"); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", ca); TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); tmf.init(caKs); CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream crtIn = new FileInputStream(crtPath); X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close(); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // ks.load(caIn,password.toCharArray()); ks.load(null, null); ks.setCertificateEntry("certificate", caCert); ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(), new java.security.cert.Certificate[]{caCert} ); KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX"); kmf.init(ks, password.toCharArray()); // keyIn.close(); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory(); } private String getPem(String path) throws Exception{ FileInputStream fin=new FileInputStream(path); BufferedReader br= new BufferedReader(new InputStreamReader(fin)); String readLine= null; StringBuilder sb= new StringBuilder(); while((readLine= br.readLine())!=null){ if(readLine.charAt(0)=='-'){ continue; }else{ sb.append(readLine); sb.append('\r'); } } fin.close(); return sb.toString(); } public PrivateKey getPrivateKey(String path) throws Exception{ org.apache.commons.codec.binary.Base64 base64=new Base64(); byte[] buffer= base64.decode(getPem(path)); PKCS8EncodedKeySpec keySpec= new PKCS8EncodedKeySpec(buffer); KeyFactory keyFactory= KeyFactory.getInstance("RSA"); return (RSAPrivateKey) keyFactory.generatePrivate(keySpec); } private void connect() { MqttConnectOptions options = new MqttConnectOptions(); options.setCleanSession(false); // options.setUserName(userName); // options.setPassword(passWord.toCharArray()); // 设置超时时间 // options.setConnectionTimeout(10); // 设置会话心跳时间 // options.setKeepAliveInterval(20); // try { // options.setWill("willtest", "SENDgpslost".getBytes(), 1, false); // } catch (Exception e1) { // // TODO Auto-generated catch block // System.out.print(e1); // } try { if (!SSLSocketFactoryFactory.isSupportedOnJVM()) { System.out.print("isSupportedOnJVM=false"); } SSLSocketFactory factory=getSSLSocktet("F:/ssl/ca.crt","F:/ssl/client.crt","F:/ssl/client.pem","brt123"); options.setSocketFactory(factory); client.setCallback(new MqttCallback() { @Override public void connectionLost(Throwable cause) { System.out.println("connectionLost-----------"); } @Override public void deliveryComplete(IMqttDeliveryToken token) { System.out.println("deliveryComplete---------" + token.isComplete()); } @Override public void messageArrived(String topic, MqttMessage arg1) throws Exception { System.out.println("messageArrived----------"); String msg = new String(arg1.getPayload()); showErrorMsg("主题:" + topic + "\r\n消息:" + msg); } }); topic = client.getTopic(myTopicRoot + userToken); client.connect(options); } catch (Exception e) { e.printStackTrace(); } } public void
weixin_34032779
关注
【项目实战】使用 Eclipse Paho JavaJava应用程序中实现MQTT通信协议
本本本添哥
07-17 2024
Eclipse Paho Java 是一个开源的,功能强大,易于使用 的 MQTT 客户库它提供了一个轻量级的客户,用于在Java应用程序中实现MQTT通信协议的功能。它可帮助 Java 开发人员快速实现 MQTT 通信协议的功能。它提供多个 API,简化 MQTT 协议的实现和使用,并支持多种 MQTT 版本。使用Eclipse Paho Java可以轻松创建MQTT客户,发送或接收消息。
JAVA使用ssl方式连接mqtt
热门推荐
我走路带风的博客
01-18 1万+
请确保你已经有证书了,且已经配置好了mqttssl支持。没有配置好的请看之前的文章:自制CA证书,自制客户,服务证书、mqtt配置使用ssl加密通信。按照这两篇文章操作之后接下来就可以编写java代码来使用ssl方式连接mqtt了。 作者是maven项目,所以添加一下依赖: <dependency> <groupId>com.alibaba...
Java使用ssl证书认证连接mqtt服务
half_bridge的博客
03-11 864
回调函数中引入业务层类,自动注解@Autowired 会使Spring容器无法加载,需手动引入bean。
Java使用MQTT协议
最新发布
dan_seek的博客
08-10 1497
MQTT(Message Queuing Telemetry Transport,消息队列遥测传输协议)是一种轻量级的、基于发布/订阅模式的物联网通信协议。它构建于TCP/IP协议之上,由IBM在1999年发布。MQTT协议通过简单的发布和订阅机制,实现了消息的可靠传输和分发,是物联网领域中的重要通信协议之一。
MQTT Paho Android 支持SSL/TLS(亲测有效)
chuyouyinghe的专栏
09-19 394
1. java中不支持pem证书加载,所以需要使用keytool工具将pem格式证书转成java/android支持的bks或者jks等。笔者项目中只支持单向验证,即客户验证服务,所以需要在客户加载服务证书用于ssl连接。项目中涉及的sample示例代码很值得一探究竟,对你掌握MQTT相关支持很有帮助喔!1. 证书中会涉及域名验证,如果证书中缺少这个字段,那么运行时候会报下面错误。口差异:tcp请求时,默认口。普通mqtt连接时候,前缀是。支持tls时,url前缀是。ssl请求时,默认口是。
java开发MQTTSSL连接)
baidu_33282782的博客
12-23 3131
SSLMQTT连接
java 框架mqtt协议_使用JAVAPaho框架开发原生MQTT接口
weixin_34902131的博客
02-25 1919
说明:阅读该文档之前需要对Mqtt有一定的了解,这里不对Mqtt知识作介绍,对Mqtt的了解请自行搜索学习。主要说明一下用一个简单的Demo样例,实现和IoT平台的对接,上报数据,下发命令等一、注册设备1. 开发中心 注册设备(1)查看产品信息产品信息中的 协议类型 必须为MQTT(2)注册设备设备管理—>新增真实设备—>选择上面开发好的产品—>接入方式选择 直连(3)注册设备成...
Android-AsyncMqttModule:使用 MQTT Paho for ANDROID 的异步中序消息传递
06-17
AsyncMqttModule 是 Paho Mqtt 库的包装器,用于连接 MQTT 代理并在其上执行其他操作。 该模块是为 Android 环境定制的。 以下是该项目的主要亮点。 所有操作都是异步的。 保持消息的顺序。 消息持久化是使用 ...
android MQTTSSL加密连接例子demo
06-26
在Android上,我们可以使用Paho MQTT客户库,它是Apache Eclipse Paho项目的一部分,为多种语言提供了MQTT连接支持,包括Java和Android。 接下来,我们讨论SSL/TLS。SSL/TLS是网络通信中的安全标准,用于在客户...
java连接mqtt(tcp、ssl单双向)
weixin_45851011的博客
11-28 1775
7.ssl证书的生成:必须具备主题备用名称(Subject Alternative Name)4.创建客户:发布客户、订阅客户。6.配置文件相关配置。
如何在 Java 中使用 MQTT
emqx_broker的博客
08-30 8542
本文主要介绍如何在Java项目中使用MQTT实现MQTT客户与服务器的连接、订阅和收发消息等功能。
java连接mqtt订阅消息 使用ssl 证书 ca.crt、client.crt、client.key
zdl wodeJava
07-11 727
因为以上报错 java不能直接读取 ca.crt、client.crt、client.key文件 连接 我们要将三个文件转换为文件连接。
java解析mqtt_Java连接MQTT服务-tcp方式
weixin_34355933的博客
12-23 508
1 packagecom.mao.mqtt;23 importjava.text.SimpleDateFormat;4 importjava.util.Date;56 importorg.eclipse.paho.client.mqttv3.IMqttDeliveryToken;7 importorg.eclipse.paho.client.mqttv3.MqttCallback;8 import...
Java中使用MQTT客户实现TLS/SSL加密通信的示例
weixin_41544125的博客
03-30 1199
在使用MQTT进行通信时,可以通过TLS/SSL加密来确保消息在传输过程中的安全性。首先,你需要添加Eclipse Paho MQTT的依赖到你的项目中。如果你使用Maven,可以在。
(二)MQTT+阿里云实现两个设备之间的通信。
m0_60752380的博客
03-03 4593
非常详细的介绍了如何使用MQTT+阿里云实现客户和客户之间的通信。
mqtt java ssl_mqtt paho ssl java代码
weixin_32432759的博客
02-13 557
然后注意开启防火墙口。mqtt的命令和Javassl 必须同时要带上ca.crt、clilent.crt、client.key三个文件,即CA证书、客户证书、客户私钥。由于java 不支持client.key的格式,需要命令进行转化openssl pkcs8 -topk8 -in client.key -out client.pem -nocrypt另外:不知为何ubuntu下关闭防火墙后...
mqtt java ssl_MQTT研究之EMQ:【SSL证书链验证】
weixin_33499715的博客
02-17 826
package com.taikang.iot.re.security;import org.apache.log4j.Logger;import org.bouncycastle.asn1.pkcs.RSAPrivateKey;import org.bouncycastle.util.io.pem.PemObject;import org.bouncycastle.util.io.pem.Pem...
mqtt java ssl_java通过ssl连接mqtt
weixin_36201981的博客
02-13 501
我这边java在没有通过ssl连接mqtt的时候是可以连接的(可以订阅与发布),但是通过ssl就不行了,发现是读取证书的时候出错了,错误是这样的:java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructorat ...
帮我写一个websocket实现连接到mqtt服务器的java代码
06-11
在上面的代码中,我们使用了Java WebSocket API(`org.java_websocket`)来创建WebSocket客户,并使用Eclipse Paho MQTT客户库来连接到MQTT服务器。在`main`方法中,我们首先创建一个`WebSocketClient`来连接到...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值