参考链接:http://blog.csdn.net/lingshi210/article/details/52439050

mqtt 的ssl配置可以参阅 
http://houjixin.blog.163.com/blog/static/35628410201432205042955/

然后注意开启防火墙端口。

mqtt的命令和Java端的ssl 必须同时要带上ca.crt、clilent.crt、client.key三个文件,即CA证书、客户证书、客户私钥。

由于java 端不支持client.key的格式,需要命令进行转化

openssl pkcs8 -topk8 -in client.key -out client.pem -nocrypt

另外: 
不知为何ubuntu下关闭防火墙后还是握手失败,cenos下正常,抓包后已经看不到明文了。

Java部分:

1.核心部分只需要设置SSLSocketFactory

MqttConnectOptions options = new MqttConnectOptions();
SSLSocketFactory factory=getSSLSocktet("youpath/ca.crt","youpath/client.crt","youpath/client.pem","password"); options.setSocketFactory(factory);

2.自定义SSLSocketFactory (改进于http://gist.github.com/4104301

此处的密码应为生成证书的时候输入的密码,未认证。

private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception {
// CA certificate is used to authenticate server
CertificateFactory cAf = CertificateFactory.getInstance("X.509");
FileInputStream caIn = new FileInputStream(caPath);
X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
KeyStore caKs = KeyStore.getInstance("JKS");
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(caKs); CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream crtIn = new FileInputStream(crtPath);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close();
// client key and certificates are sent to server so it can authenticate
// us
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
// ks.load(caIn,password.toCharArray());
ks.load(null, null);
ks.setCertificateEntry("certificate", caCert);
ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(),
new java.security.cert.Certificate[]{caCert} );
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, password.toCharArray());
// keyIn.close(); // finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory();
}

Android上会报错,改进如下:

    private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception {
// CA certificate is used to authenticate server
CertificateFactory cAf = CertificateFactory.getInstance("X.509");
FileInputStream caIn = new FileInputStream(caPath);
X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(caKs);
caIn.close();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream crtIn = new FileInputStream(crtPath);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close();
// client key and certificates are sent to server so it can authenticate
// us
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
// ks.load(caIn,password.toCharArray());
ks.load(null, null);
ks.setCertificateEntry("certificate", caCert);
ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(),
new java.security.cert.Certificate[]{caCert} );
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
// keyIn.close(); // finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory();
}

3.获取私钥代码部分

由于只能读取PKCS8的格式,所以需要转成pem

    public PrivateKey getPrivateKey(String path) throws Exception{  

        org.apache.commons.codec.binary.Base64 base64=new Base64();
byte[] buffer= base64.decode(getPem(path)); PKCS8EncodedKeySpec keySpec= new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory= KeyFactory.getInstance("RSA");
return (RSAPrivateKey) keyFactory.generatePrivate(keySpec); }

附录:

package com;

import java.awt.BorderLayout;
import java.awt.Container;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import javax.swing.JTextArea; import org.apache.commons.codec.binary.Base64;
import org.eclipse.paho.client.mqttv3.IMqttDeliveryToken;
import org.eclipse.paho.client.mqttv3.MqttCallback;
import org.eclipse.paho.client.mqttv3.MqttClient;
import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
import org.eclipse.paho.client.mqttv3.MqttMessage;
import org.eclipse.paho.client.mqttv3.MqttTopic;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;
import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence; public class Server extends JFrame {
private static final long serialVersionUID = 1L;
private JPanel panel;
private JPanel panelText;
private JPanel panelText2;
private JButton button;
private JButton button2;
private JButton subscribeButton;
private JTextArea textHost;
private JTextArea textClientID;
private JTextArea textPublishMsg;
private JTextArea textTopic; private MqttClient client;
private String host = "ssl://192.168.10.233:1883"; private MqttTopic topic;
private MqttMessage message; private String userToken = "999999"; private String myTopicRoot = "test";
private String myTopic = null; private String clienID = "test1234567"; public Server() { Container container = this.getContentPane();
panel = new JPanel();
panelText = new JPanel();
panelText2 = new JPanel();
button = new JButton("发布主题消息");
button2 = new JButton("更换客户机地址和IP");
button.addActionListener(new ActionListener() { @Override
public void actionPerformed(ActionEvent ae) {
try {
host = textHost.getText();
clienID = textClientID.getText();
if (client == null) {
client = new MqttClient(host, clienID, new MemoryPersistence());
} if (!client.isConnected()) {
connect();
} publishMsg(textTopic.getText(), textPublishMsg.getText());
} catch (Exception e) {
e.printStackTrace();
showErrorMsg(e.toString());
}
}
}); button2.addActionListener(new ActionListener() { @Override
public void actionPerformed(ActionEvent arg0) {
// TODO Auto-generated method stub
host = textHost.getText();
clienID = textClientID.getText();
try {
if (client != null)
client.disconnectForcibly();
client = new MqttClient(host, clienID, new MemoryPersistence());
connect();
} catch (Exception e) {
e.printStackTrace();
showErrorMsg(e.toString());
}
}
}); subscribeButton = new JButton("订阅主题");
subscribeButton.addActionListener(new ActionListener() { @Override
public void actionPerformed(ActionEvent arg0) {
// TODO Auto-generated method stub
try {
if (client == null) {
client = new MqttClient(host, clienID, new MemoryPersistence());
} if (!client.isConnected()) {
connect();
}
if (myTopic != null && !myTopic.equals(textTopic.getText())) {
client.subscribe(myTopic);
}
client.subscribe(textTopic.getText());
myTopic = textTopic.getText(); } catch (Exception e) {
e.printStackTrace();
showErrorMsg(e.toString());
}
}
}); textHost = new JTextArea();
textHost.setText(host);
textClientID = new JTextArea();
textClientID.setText(clienID); panel.add(button);
panel.add(subscribeButton);
panelText.add(button2);
panelText.add(new JLabel("mqtt地址"));
panelText.add(textHost);
panelText.add(new JLabel("ClienId"));
panelText.add(textClientID);
panelText.add(new JLabel("主题"));
textTopic = new JTextArea(); textTopic.setText(myTopicRoot);
panelText.add(textTopic); textPublishMsg = new JTextArea();
textPublishMsg.setText("@" + userToken + "@E@5@" + userToken + "@");
panelText2.add(new JLabel("mqtt消息"));
panelText2.add(textPublishMsg); container.add(panel, BorderLayout.NORTH);
container.add(panelText, BorderLayout.CENTER);
container.add(panelText2, BorderLayout.SOUTH);
// try {
// client = new MqttClient(host, clienID,
// new MemoryPersistence());
// connect();
// } catch (Exception e) {
// showErrorMsg(e.toString());
// }
} private SSLSocketFactory getSSLSocktet(String caPath,String crtPath, String keyPath, String password) throws Exception {
// CA certificate is used to authenticate server
CertificateFactory cAf = CertificateFactory.getInstance("X.509");
FileInputStream caIn = new FileInputStream(caPath);
X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
KeyStore caKs = KeyStore.getInstance("JKS");
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(caKs); CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream crtIn = new FileInputStream(crtPath);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn); crtIn.close();
// client key and certificates are sent to server so it can authenticate
// us
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
// ks.load(caIn,password.toCharArray());
ks.load(null, null);
ks.setCertificateEntry("certificate", caCert);
ks.setKeyEntry("private-key", getPrivateKey(keyPath), password.toCharArray(),
new java.security.cert.Certificate[]{caCert} );
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, password.toCharArray());
// keyIn.close(); // finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(), new SecureRandom()); return context.getSocketFactory();
} private String getPem(String path) throws Exception{
FileInputStream fin=new FileInputStream(path);
BufferedReader br= new BufferedReader(new InputStreamReader(fin));
String readLine= null;
StringBuilder sb= new StringBuilder();
while((readLine= br.readLine())!=null){
if(readLine.charAt(0)=='-'){
continue;
}else{
sb.append(readLine);
sb.append('\r');
}
}
fin.close();
return sb.toString();
} public PrivateKey getPrivateKey(String path) throws Exception{ org.apache.commons.codec.binary.Base64 base64=new Base64();
byte[] buffer= base64.decode(getPem(path)); PKCS8EncodedKeySpec keySpec= new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory= KeyFactory.getInstance("RSA");
return (RSAPrivateKey) keyFactory.generatePrivate(keySpec); } private void connect() { MqttConnectOptions options = new MqttConnectOptions();
options.setCleanSession(false);
// options.setUserName(userName);
// options.setPassword(passWord.toCharArray());
// 设置超时时间
// options.setConnectionTimeout(10);
// 设置会话心跳时间
// options.setKeepAliveInterval(20);
// try {
// options.setWill("willtest", "SENDgpslost".getBytes(), 1, false);
// } catch (Exception e1) {
// // TODO Auto-generated catch block
// System.out.print(e1);
// }
try {
if (!SSLSocketFactoryFactory.isSupportedOnJVM()) {
System.out.print("isSupportedOnJVM=false");
} SSLSocketFactory factory=getSSLSocktet("F:/ssl/ca.crt","F:/ssl/client.crt","F:/ssl/client.pem","brt123"); options.setSocketFactory(factory);
client.setCallback(new MqttCallback() { @Override
public void connectionLost(Throwable cause) {
System.out.println("connectionLost-----------");
} @Override
public void deliveryComplete(IMqttDeliveryToken token) {
System.out.println("deliveryComplete---------" + token.isComplete());
} @Override
public void messageArrived(String topic, MqttMessage arg1) throws Exception {
System.out.println("messageArrived----------");
String msg = new String(arg1.getPayload());
showErrorMsg("主题:" + topic + "\r\n消息:" + msg);
}
}); topic = client.getTopic(myTopicRoot + userToken);
client.connect(options); } catch (Exception e) {
e.printStackTrace();
} } public void publishMsg(String topoc, String msg) {
message = new MqttMessage();
message.setQos(0);
message.setRetained(false);
System.out.println(message.isRetained() + "------ratained状态"); try {
message.setPayload(msg.getBytes("UTF-8"));
client.publish(topoc, message);
} catch (Exception e) {
e.printStackTrace();
showErrorMsg(e.toString());
}
} private void showErrorMsg(String msg) {
JOptionPane.showMessageDialog(null, msg);
} }

mqtt paho ssl java端代码的更多相关文章

  1. IOS IAP APP内支付 Java服务端代码

    IOS IAP APP内支付 Java服务端代码   场景:作为后台需要为app提供服务,在ios中,app内进行支付购买时需要进行二次验证. 基础:可以参考上一篇转载的博文In-App Purcha ...

  2. mqtt协议实现 java服务端推送功能(三)项目中给多个用户推送功能

    接着上一篇说,上一篇的TOPIC是写死的,然而在实际项目中要给不同用户 也就是不同的topic进行推送 所以要写活 package com.fh.controller.information.push ...

  3. openssl实现双向认证教程(服务端代码+客户端代码+证书生成)

    一.背景说明 1.1 面临问题 最近一份产品检测报告建议使用基于pki的认证方式,由于产品已实现https,商量之下认为其意思是使用双向认证以处理中间人形式攻击. <信息安全工程>中接触过 ...

  4. iOS 基于APNS消息推送原理与实现(包括JAVA后台代码)

    Push的原理: Push 的工作机制可以简单的概括为下图   图中,Provider是指某个iPhone软件的Push服务器,这篇文章我将使用.net作为Provider. APNS 是Apple ...

  5. 基于mosquitto的MQTT服务器---SSL/TLS 单向认证+双向认证

    基于mosquitto的MQTT服务器---SSL/TLS 单向认证+双向认证 摘自:https://blog.csdn.net/ty1121466568/article/details/811184 ...

  6. netty实现websocket客户端(附:测试服务端代码)

    1,客户端启动类 package test3; import io.netty.bootstrap.Bootstrap; import io.netty.buffer.Unpooled; import ...

  7. phpCAS::handleLogoutRequests()关于java端项目登出而php端项目检测不到的测试

    首先,假如你有做过cas,再假如你的cas里面有php项目,这个时候要让php项目拥有cas的sso功能,你需要改造你的项目,由于各人的项目不同,但是原理差不多,都是通过从cas服务器获取sessio ...

  8. Flex 对Java端返回Collection的处理方法

    将Flex与Spring集成后(BlazeDS 与Spring集成指南 ),第一个面临的问题就是:对于Java端返回的各种Java类型的对象,Flex中能否有相应的数据类型来映射. 处理,尤其是Lis ...

  9. android NDK 实用学习(三)- java端类对象的构造及使用

    1,读此文章前我假设你已经读过: android NDK 实用学习-获取java端类及其类变量 android NDK 实用学习-java端对象成员赋值和获取对象成员值 2,java端类对象的构造: ...

随机推荐

  1. comfirm 方法显示对话框

    comfirm 方法显示对话框 原理: confirm() 方法用于显示一个带有指定消息和 OK 及取消按钮的对话框 confirm(message): message:要在 window 上弹出的对 ...

  2. oracle 10g数据库下的 XDB组件的重新安装

    emmmm,这是一个不做死就不会的过程!!! 今天在导出数据库时,遇到了报错信息,其实开发说这个报错没关系了,但作死如楼主,一定要把这个错给解决了,然后就有了下面的作死过程. 错误关键字是:packa ...

  3. 基于Ubuntu的LNMP环境搭建

    装备的工具 Ubuntu16.04 , Xshell 使用Xshell链接到Ubuntu 使用xshell链接Ubuntu不是必须的,只是为了操作的方便,同时默认是你的Ubuntu已经安装好了 在Ub ...

  4. MYSQL数据库学习十四 存储过程和函数的操作

    14.1 为什么使用存储过程和函数 一个完整的操作会包含多条SQL语句,在执行过程中需要根据前面SQL语句的执行结果有选择的执行后面的SQL语句. 存储过程和函数的优点: 允许标准组件式编程,提高了S ...

  5. MYSQL数据库学习五 表的操作和约束

    5.1 表的基本概念 表示包含数据库中所有数据的数据库对象.一行代表唯一的记录,一列代表记录的一个字段. 列(Columns):属性列,创建表时必须指定列名和数据类型. 索引(Indexes):根据指 ...

  6. nginx+lua 根据指定路径反向代理

    location /imgproxytest{ if ($uri ~ ".*\.(jpg|png|jpeg|bmp|gif|swf|css)$"){ rewrite_by_lua ...

  7. 从 MVC 到前后端分离

    从 MVC 到前后端分离 1 理解 MVC MVC 是一种经典的设计模式,全名为 Model-View-Controller,即 模型-视图-控制器. 其中,模型 是用于封装数据的载体,例如,在 Ja ...

  8. NSURLSession http转Https

    1.设置代理 NSURLSession *sesson = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defa ...

  9. C#/AutoCAD 2018/ObjectArx/二次开发再说实体(六)

    这些函数对大家很有用,如果想获取详细源代码请加云幽学院yunyou.ke.qq.com报名免费课程,如果想学习更系统.更全面的知识请报名收费课程,有大量开发案例共享. 1.获取模型空间中所有实体 #r ...

  10. Spring之事务管理的好处

    在以往的JDBCTemplate中事务提交成功,异常处理都是通过Try/Catch 来完成,而在Spring中.Spring容器集成了TransactionTemplate,封装了所有对事务处理的功能 ...