如何使用 QtMqtt 和 SSL 执行安全的 MQTT?
How do I perform a secure MQTT using QtMqtt and SSL?
我正在尝试使用 QtMQtt 示例项目 simpleclient。但我想执行安全的 MQTT。我该如何处理?
我已阅读此博客 (https://www.qt.io/blog/2017/08/14/introducing-qtmqtt-protocol)。但这对我帮助不大。
我必须使用 QsslSocket 的 connectToHostEncrypted() 还是应该使用 QTMQTT 客户端的 connectToHostEncrypted()
如果我使用 QTMQTT 客户端的 connectToHostEncrypted()。它只允许我设置 sslpeername。它不允许我设置证书或私钥
或者如果我使用
QSSLSOCKECT 的 connectToHostEncrypted()。如何通知我的 MQTT 客户端已建立连接。我现在应该可以发布和订阅了
现在写我正在做这样的事情:
connect(this->(QSslSockets's Object),SIGNAL(encrypted),this, SLOT(foo()))
void foo()
{
QTMQTTClient's object->connectToHostEncrypted("Hostname")
}
这不允许我发布或订阅。
如果有人能指出我正确的方向。一些对我有很大帮助的文档或示例
QMqttClient will use as a transport device to a QSslSocket if your Qt supports SSL, to verify if it supports SSL the QSslSocket::supportsSsl() function must return true. If it does not support it then you must enable it by following the guide: Enabling and Disabling SSL Support.
考虑到上面的工作,那么你可以全局设置证书,以便所有 QSslSocket 默认使用它:
QSslCertificate cert = QSslCertificate(...);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
例如使用http://test.mosquitto.org/:
#include <QtMqtt>
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
int main(int argc, char *argv[]) {
QCoreApplication a(argc, argv);
const QString hostname{"test.mosquitto.org"};
const quint16 port = 8883;
const QMqttTopicName topic{"qtmqtt/ssl_test"};
const QMqttTopicFilter filter{"qtmqtt/#"};
QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(hostname);
client.setPort(port);
QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
if(state == QMqttClient::Disconnected)
qDebug() << " State: Disconnected";
else if(state == QMqttClient::Connecting)
qDebug() << " State: Connecting";
else if(state == QMqttClient::Connected)
qDebug() << " State: Connected";
});
QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
qDebug() << error;
});
QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
});
QTimer timer;
QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
if(client.publish(topic, QDateTime::currentDateTime().toString().toUtf8()) == -1)
qDebug() << "Error: Could not publish message";
});
QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
QMqttSubscription *subscription = client.subscribe(filter);
if(!subscription)
qDebug() << "Could not subscribe";
timer.start(1000);
});
client.connectToHostEncrypted();
return a.exec();
}
输出:
State: Connecting
State: Connected
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:08 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:09 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:10 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:11 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:12 2019"
...
您还可以使用 QSslConfiguration 来设置证书 and/or 私钥:
QSslCertificate cert = QSslCertificate(...);
QSslConfiguration conf;
conf.setCaCertificates({cert});
// conf.setPrivateKey();
QSslConfiguration::setDefaultConfiguration(conf);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
也可以将QSslSocket设置为传输设备直接传递:
QSslCertificate cert = QSslCertificate(...);
QSslSocket socket;
socket.addCaCertificate(cert);
// conf.setPrivateKey();
QMqttClient client;
client.setHostname(...);
client.setPort(...);
client.setTransport(&socket, QMqttClient::SecureSocket);
// ...
client.connectToHostEncrypted();
如果您正在使用 setTransport(),那么您必须确保传递的套接字也已加密并已连接。或者如 https://bugreports.qt.io/browse/QTBUG-68031 中所述,用户有责任使传输处于有效和可用状态。
但是,如果您使用的是 Qt 5.14,您将能够简单地使用 QMqttClient::connectToHostEncrypted() 并将 QSslConfiguration 作为参数。看这里:
https://code.qt.io/cgit/qt/qtmqtt.git/tree/src/mqtt/qmqttclient.h?h=5.14#n137
我正在尝试使用 QtMQtt 示例项目 simpleclient。但我想执行安全的 MQTT。我该如何处理?
我已阅读此博客 (https://www.qt.io/blog/2017/08/14/introducing-qtmqtt-protocol)。但这对我帮助不大。
我必须使用 QsslSocket 的 connectToHostEncrypted() 还是应该使用 QTMQTT 客户端的 connectToHostEncrypted()
如果我使用 QTMQTT 客户端的 connectToHostEncrypted()。它只允许我设置 sslpeername。它不允许我设置证书或私钥
或者如果我使用 QSSLSOCKECT 的 connectToHostEncrypted()。如何通知我的 MQTT 客户端已建立连接。我现在应该可以发布和订阅了
现在写我正在做这样的事情:
connect(this->(QSslSockets's Object),SIGNAL(encrypted),this, SLOT(foo()))
void foo()
{
QTMQTTClient's object->connectToHostEncrypted("Hostname")
}
这不允许我发布或订阅。 如果有人能指出我正确的方向。一些对我有很大帮助的文档或示例
QMqttClient will use as a transport device to a QSslSocket if your Qt supports SSL, to verify if it supports SSL the QSslSocket::supportsSsl() function must return true. If it does not support it then you must enable it by following the guide: Enabling and Disabling SSL Support.
考虑到上面的工作,那么你可以全局设置证书,以便所有 QSslSocket 默认使用它:
QSslCertificate cert = QSslCertificate(...);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
例如使用http://test.mosquitto.org/:
#include <QtMqtt>
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
int main(int argc, char *argv[]) {
QCoreApplication a(argc, argv);
const QString hostname{"test.mosquitto.org"};
const quint16 port = 8883;
const QMqttTopicName topic{"qtmqtt/ssl_test"};
const QMqttTopicFilter filter{"qtmqtt/#"};
QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(hostname);
client.setPort(port);
QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
if(state == QMqttClient::Disconnected)
qDebug() << " State: Disconnected";
else if(state == QMqttClient::Connecting)
qDebug() << " State: Connecting";
else if(state == QMqttClient::Connected)
qDebug() << " State: Connected";
});
QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
qDebug() << error;
});
QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
});
QTimer timer;
QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
if(client.publish(topic, QDateTime::currentDateTime().toString().toUtf8()) == -1)
qDebug() << "Error: Could not publish message";
});
QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
QMqttSubscription *subscription = client.subscribe(filter);
if(!subscription)
qDebug() << "Could not subscribe";
timer.start(1000);
});
client.connectToHostEncrypted();
return a.exec();
}
输出:
State: Connecting
State: Connected
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:08 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:09 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:10 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:11 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:12 2019"
...
您还可以使用 QSslConfiguration 来设置证书 and/or 私钥:
QSslCertificate cert = QSslCertificate(...);
QSslConfiguration conf;
conf.setCaCertificates({cert});
// conf.setPrivateKey();
QSslConfiguration::setDefaultConfiguration(conf);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
也可以将QSslSocket设置为传输设备直接传递:
QSslCertificate cert = QSslCertificate(...);
QSslSocket socket;
socket.addCaCertificate(cert);
// conf.setPrivateKey();
QMqttClient client;
client.setHostname(...);
client.setPort(...);
client.setTransport(&socket, QMqttClient::SecureSocket);
// ...
client.connectToHostEncrypted();
如果您正在使用 setTransport(),那么您必须确保传递的套接字也已加密并已连接。或者如 https://bugreports.qt.io/browse/QTBUG-68031 中所述,用户有责任使传输处于有效和可用状态。
但是,如果您使用的是 Qt 5.14,您将能够简单地使用 QMqttClient::connectToHostEncrypted() 并将 QSslConfiguration 作为参数。看这里: https://code.qt.io/cgit/qt/qtmqtt.git/tree/src/mqtt/qmqttclient.h?h=5.14#n137