feat(java): add one way tls/ssl sample (emqx#100)

Catgok · web-flow · commit 27419375c14e · 2023-05-19T16:10:46.000+08:00
diff --git a/mqtt-client-Java/README.md b/mqtt-client-Java/README.md
@@ -8,6 +8,12 @@
 mvn compile
 ```
 
+## Run one way TLS authentication sample
+
+```bash
+mvn exec:java -Dexec.mainClass="io.emqx.mqtt.MqttOneWayTlsSample"
+```
+
 ## Run two way TLS authentication sample
 
 ```bash
diff --git a/mqtt-client-Java/README_ZH.md b/mqtt-client-Java/README_ZH.md
@@ -8,6 +8,12 @@
 mvn compile
 ```
 
+## 运行单向 TLS 认证示例
+
+```bash
+mvn exec:java -Dexec.mainClass="io.emqx.mqtt.MqttOneWayTlsSample"
+```
+
 ## 运行双向 TLS 认证示例
 
 ```bash
diff --git a/mqtt-client-Java/src/main/java/io/emqx/mqtt/MqttOneWayTlsSample.java b/mqtt-client-Java/src/main/java/io/emqx/mqtt/MqttOneWayTlsSample.java
@@ -0,0 +1,117 @@
+package io.emqx.mqtt;
+
+import org.eclipse.paho.client.mqttv3.*;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.FileInputStream;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.text.MessageFormat;
+import java.util.Arrays;
+
+public class MqttOneWayTlsSample {
+    private static final String BROKER = "broker.emqx.io";
+    private static final String PORT = "8883";
+    private static final String CLIENT_ID = MqttClient.generateClientId();
+    private static final String USERNAME = "emqx";
+    private static final String PASSWORD = "public";
+    private static final int CONNECT_TIMEOUT = 300;
+    private static final boolean CLEAN_SESSION = true;
+    private static final String TOPIC = "java-mqtt/tls";
+    private static final int QoS = 1;
+    private static final String PAYLOAD = "Enjoy the sample";
+    private static final String CA_CERT_PATH = MqttOneWayTlsSample.class.getResource("").getPath()+"./broker.emqx.io-ca.crt";
+
+    public static void main(String args[]) {
+        MqttClient client = null;
+        try {
+            String server = "ssl://" + BROKER + ":" + PORT;
+            client = new MqttClient(server, CLIENT_ID);
+
+            client.setCallback(new MqttCallback() {
+
+                @Override
+                public void connectionLost(Throwable cause) {
+                    System.out.println(MessageFormat.format("Connection lost. Cause: {0}", cause));
+                }
+
+                @Override
+                public void messageArrived(String topic, MqttMessage message) throws Exception {
+                    System.out.println(MessageFormat.format("Callback: received message from topic {0}: {1}",
+                            topic, message.toString()));
+                }
+
+                @Override
+                public void deliveryComplete(IMqttDeliveryToken token) {
+                    try {
+                        System.out.println(MessageFormat.format("Callback: delivered message to topics {0}",
+                                Arrays.asList(token.getTopics())));
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                    }
+                }
+
+            });
+
+            MqttConnectOptions options = new MqttConnectOptions();
+            options.setUserName(USERNAME);
+            options.setPassword(PASSWORD.toCharArray());
+            options.setConnectionTimeout(CONNECT_TIMEOUT);
+            options.setCleanSession(CLEAN_SESSION);
+            options.setSocketFactory(getSocketFactory(CA_CERT_PATH));
+
+            System.out.println("Connecting to broker: " + server);
+            client.connect(options);
+
+            if (!client.isConnected()) {
+                System.out.println("Failed to connect to broker: " + server);
+                return;
+            }
+            System.out.println("Connected to broker: " + server);
+
+            client.subscribe(TOPIC, QoS);
+            System.out.println("Subscribed to topic: " + TOPIC);
+
+            MqttMessage msg = new MqttMessage(PAYLOAD.getBytes("UTF-8"));
+            msg.setQos(QoS);
+            client.publish(TOPIC, msg);
+
+            System.out.println("Disconnect from broker: " + server);
+            client.disconnect();
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        } finally {
+            if (client != null) {
+                try {
+                    client.close();
+                } catch (MqttException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+    }
+
+    public static SSLSocketFactory getSocketFactory(String caCertPath) throws Exception {
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+
+        // load CA certificate into keystore to authenticate server
+        Certificate caCert = certFactory.generateCertificate(new FileInputStream(caCertPath));
+        X509Certificate x509CaCert = (X509Certificate) caCert;
+
+        KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        caKeyStore.load(null, null);
+        caKeyStore.setCertificateEntry("cacert", x509CaCert);
+
+        TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmFactory.init(caKeyStore);
+
+        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
+        sslContext.init(null, tmFactory.getTrustManagers(), null);
+
+        return sslContext.getSocketFactory();
+    }
+}
diff --git a/mqtt-client-Java/src/main/java/io/emqx/mqtt/SSLUtils.java b/mqtt-client-Java/src/main/java/io/emqx/mqtt/SSLUtils.java
@@ -19,10 +19,12 @@
 
 public class SSLUtils {
 
-    public static SSLSocketFactory getSingleSocketFactory(InputStream caCrtFileInputStream) throws Exception {
+    public static SSLSocketFactory getSingleSocketFactory(final String caCrtFile) throws Exception {
         Security.addProvider(new BouncyCastleProvider());
         X509Certificate caCert = null;
 
+        FileInputStream caCrtFileInputStream = new FileInputStream(caCrtFile);
+
         BufferedInputStream bis = new BufferedInputStream(caCrtFileInputStream);
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
 
diff --git a/mqtt-client-Java/src/main/resources/io/emqx/mqtt/broker.emqx.io-ca.crt b/mqtt-client-Java/src/main/resources/io/emqx/mqtt/broker.emqx.io-ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
