Comments (6)
Hi @aiden-francois and thank you for your issue! :)
I could trace this down as CLI-only bug - It should definetly work fine if you use the MQTT-Client-Library.
On to the actual bug for future reference:
If we build build the KeyStore for a Client in SslOptions.java
buildSslConfig
, we are not taking into consideration the full certificate chain because FileToCertificateConverter
only returns the first certificate in the chain for now.
To fix this we would need to use bouncycastle CertifcateFactory
in the CertificateConverterUtils
class and return an array of certificates in the FileToCertificateConverter
:
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory().engineGenerateCertificates(new FileInputStream(keyFile)).forEach()
FileToCertifcateConverter
must then return the array of certifcates:
public X509Certificate[] convert()
And in SslOptions
the clientCertifate should now be an array of certifcates:
private X509Certificate[] clientCertificates;
Now we can use the whole certicate chain in buildSslConfig
:
private KeyManagerFactory buildKeyManagerFactory(final @NotNull X509Certificate[] certs, final @NotNull PrivateKey key) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableKeyException {
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
ks.setKeyEntry("mykey", key, null, certs);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(ks, null);
return keyManagerFactory;
}
from mqtt-cli.
My best guess is that in Java 8 or less one of the following calls of KeyStore
throws an IllegalArgumentException
if the password passed to it is null:
ks.load(null, null);
ks.setKeyEntry("mykey", key, null, certs);
from mqtt-cli.
I will test that specifically then, on the platform where it fails.
However just like you said, the MQTT-Client-Library connect just fine to AWS IoT Core MQTT broker (tested on Android API 29) once providing the desired TrustManagerFactory and KeyManagerFactory.
from mqtt-cli.
Hi @gitseti, thanks for the quick investigation!
I rebuilt from the intermediate-certificates-are-ignored branch which includes #193 and it still fails although differently for shell connect.
- connect from the shell returns
Could not build SSL configuration
immediately instead of what was observed previously:password can't be null
thenTimeout while waiting for CONNACK
after a delay. - mqtt test fails the same with
Could not build SSL config - password can't be null
Am I possibly using the wrong command line parameters?
from mqtt-cli.
Hmm, could you also verify the problem for Java 11?
from mqtt-cli.
Good catch @gitseti !
It's connecting just fine with shell and test on OS: Mac OS X 10.14.6 x86_64
with
JVM: 11.0.2 (Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9)
JVM: 13.0.1 (Oracle Corporation OpenJDK 64-Bit Server VM 13.0.1+9)
So the issue is specific to Mac OS current Oracle Java 1.8 runtime.
from mqtt-cli.
Related Issues (20)
- Upgrading hivemq/mqtt-cli/mqtt-cli 4.4.2 -> 4.4.3 with brew fails on MacOS 11 HOT 1
- -l option doesn't work for con/connect command HOT 3
- Unable to read client key file HOT 1
- Add possibility to send an empty payload HOT 2
- Error while running mqtt swarm on uBuntu 18.04 HOT 2
- Can't install deb package on systems with a headless jre HOT 1
- Use private key in DER format HOT 1
- Can't pipe to `head`
- Problems using secure connection HOT 1
- Cannot connect to AWS IoT core: "Exception while decoding CONNACK: remaining length too short" HOT 1
- Windows Command Line Verbiage Gibberish HOT 3
- Allow publish with empty payload to delete a retained message
- PUBACK missing in debug/verbose mode
- Unable to run on Windows - JRE 1.8 required HOT 1
- GraalVM Native Image in addition to runnable jar HOT 1
- Tests red, on local source code build HOT 3
- Test Command: username/password from config.properties ignored HOT 1
- Print topic for incoming messages HOT 1
- Link points to the oldest version HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mqtt-cli.