Skip to content

Commit

Permalink
Implement initial TLS support (#93)
Browse files Browse the repository at this point in the history
  • Loading branch information
DennisOSRM authored Feb 18, 2024
1 parent b3759da commit 05a81b8
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 2 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ env_logger = "0.11.0"
hms2mqtt = { path = "hms2mqtt" }
log = "0.4.20"
rumqttc = "0.23.0"
rustls-native-certs = "0.7.0"
serde = { version = "1.0.195", features = ["derive"] }
serde_derive = "1.0.195"
toml = "0.8.8"
Expand Down
1 change: 1 addition & 0 deletions hms2mqtt/src/mqtt_config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ pub struct MqttConfig {
pub port: Option<u16>,
pub username: Option<String>,
pub password: Option<String>,
pub tls: Option<bool>,
}
34 changes: 32 additions & 2 deletions src/bin/hms-mqtt-publish/rumqttc_wrapper.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,12 @@ use hms2mqtt::{
mqtt_wrapper::{self},
};
use log::warn;
use rumqttc::{Client, MqttOptions, QoS::AtMostOnce};
use rumqttc::{
tokio_rustls::{self, rustls::ClientConfig},
Client, MqttOptions,
QoS::AtMostOnce,
Transport,
};

pub struct RumqttcWrapper {
client: Client,
Expand Down Expand Up @@ -58,12 +63,37 @@ impl mqtt_wrapper::MqttWrapper for RumqttcWrapper {
}

fn new(config: &MqttConfig, suffix: &str) -> Self {
let use_tls = config.tls.is_some_and(|tls| tls);

let mut mqttoptions = MqttOptions::new(
"hms800wt2-mqtt-publisher".to_string() + suffix,
&config.host,
config.port.unwrap_or(1883),
config.port.unwrap_or_else(|| {
if use_tls {
return 8883;
}
1883
}),
);
mqttoptions.set_keep_alive(Duration::from_secs(5));
if use_tls {
// Use rustls-native-certs to load root certificates from the operating system.
let mut roots = tokio_rustls::rustls::RootCertStore::empty();
for cert in
rustls_native_certs::load_native_certs().expect("could not load platform certs")
{
roots
.add(&tokio_rustls::rustls::Certificate(cert.to_vec()))
.unwrap();
}

let client_config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(roots)
.with_no_client_auth();

mqttoptions.set_transport(Transport::tls_with_config(client_config.into()));
}

//parse the mqtt authentication options
if let Some((username, password)) = match (&config.username, &config.password) {
Expand Down
1 change: 1 addition & 0 deletions tests/integration_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ fn publish_one_message() {
port: Some(1234),
username: None,
password: None,
tls: None,
},
"-test",
);
Expand Down

0 comments on commit 05a81b8

Please sign in to comment.