MQTT Paho Android 支持SSL/TLS(亲测有效)

MQTT Paho Android 支持SSL/TLS(亲测有效)

登录时支持ssl的交互

这是调测登录界面设计

代码中对ssl/tls的支持

使用MqttAndroidClient配置mqtt客户端请求时,不加密及加密方式连接存在以下几点差异:

url及端口差异

kt 复制代码
 val uri: String = if (tlsConnection) {
                "ssl://$host:$port"
            } else {
                "tcp://$host:$port"
            }

支持tls时,url前缀是ssl:

普通mqtt连接时候,前缀是tcp

端口差异:

tcp请求时,默认端口1883

ssl请求时,默认端口是8883

socketFactory配置项

笔者项目中只支持单向验证,即客户端验证服务端,所以需要在客户端加载服务端证书用于ssl连接

kt 复制代码
 if(connection.isSSL == 1){
            //单项验证,客户端验证服务端,onenet提供的.pem证书,需要用keytool转成java支持的bks、或者jks等
            connOpts.socketFactory = connection.client.getSSLSocketFactory(context.assets.open("MQTTS-certificate.bks"), "12345678")
            connOpts.isHttpsHostnameVerificationEnabled = false
            connOpts.setSSLHostnameVerifier { _, _ -> true  }
        }

说明:

  1. java中不支持pem证书加载,所以需要使用keytool工具将pem格式证书转成java/android支持的bks或者jks等
bash 复制代码
 keytool -importcert -v -trustcacerts -file ./MQTTS-certificate.pem -alias ca -keystore ./mqtt.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ./bcprov-ext-jdk18on-176.jar

bcprov-ext-jdk18on-176.jar需要从以下地址下载

https://www.bouncycastle.org/latest_releases.html

  1. 证书中会涉及域名验证,如果证书中缺少这个字段,那么运行时候会报下面错误
    MqttException (0) - javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match
    解决办法是跳过域名及host验证的流程
kt 复制代码
connOpts.isHttpsHostnameVerificationEnabled = false
connOpts.setSSLHostnameVerifier { _, _ -> true  }

client.getSSLSocketFactory实现

下面我们看看MqttAndroidClient创建sslSocketFactory的具体实现代码。

kt 复制代码
//info.mqtt.android.service.MqttAndroidClient
 /**
     * Get the SSLSocketFactory using SSL key store and password
     * A convenience method, which will help user to create a SSLSocketFactory
     * object
     *
     * @param keyStore the SSL key store which is generated by some SSL key tool,
     * such as keytool in Java JDK
     * @param password the password of the key store which is set when the key store
     * is generated
     * @return SSLSocketFactory used to connect to the server with SSL
     * authentication
     * @throws MqttSecurityException if there was any error when getting the SSLSocketFactory
     */
    @Throws(MqttSecurityException::class)
    fun getSSLSocketFactory(keyStore: InputStream?, password: String): SSLSocketFactory {
        return try {
            val sslSockFactory: SSLSocketFactory
            val ts: KeyStore = KeyStore.getInstance("BKS")
            ts.load(keyStore, password.toCharArray())
            val tmf = TrustManagerFactory.getInstance("X509")
            tmf.init(ts)
            val tm = tmf.trustManagers
            val ctx: SSLContext = SSLContext.getInstance("TLSv1")
            ctx.init(null, tm, null)
            sslSockFactory = ctx.socketFactory
            sslSockFactory
        } catch (e: KeyStoreException) {
            throw MqttSecurityException(e)
        } catch (e: CertificateException) {
            throw MqttSecurityException(e)
        } catch (e: IOException) {
            throw MqttSecurityException(e)
        } catch (e: NoSuchAlgorithmException) {
            throw MqttSecurityException(e)
        } catch (e: KeyManagementException) {
            throw MqttSecurityException(e)
        }
    }

Github

https://github.com/hannesa2/paho.mqtt.android

https://github.com/eclipse/paho.mqtt.android

项目中涉及的sample示例代码很值得一探究竟,对你掌握MQTT相关支持很有帮助喔!

相关推荐
m0_548514772 小时前
2024.12.10——攻防世界Web_php_include
android·前端·php
凤邪摩羯2 小时前
Android-性能优化-03-启动优化-启动耗时
android
凤邪摩羯2 小时前
Android-性能优化-02-内存优化-LeakCanary原理解析
android
喀什酱豆腐3 小时前
Handle
android
a_weng083 小时前
CS 144 check6: buiding an IP router
网络·网络协议·计算机网络
码农丁丁4 小时前
[前端]HTTP库Axios
前端·网络协议·http·aixos
carterslam4 小时前
解决:websocket 1002 connection rejected 426upgrade required
网络·websocket·网络协议
G丶AEOM4 小时前
UDP基本了解
网络·网络协议
m0_748232924 小时前
Android Https和WebView
android·网络协议·https
m0_748251724 小时前
Android webview 打开本地H5项目(Cocos游戏以及Unity游戏)
android·游戏·unity