[英]Cannot connect to aws-iot using paho-mqtt java client code
我在 AWS 核心上创建了东西。 然后也下载了证书、私钥和rootCa证书。 我的主要目标是发布和订阅 AWS 。 我尝试使用以下代码使用 paho mqtt java 客户端代码连接到 aws iot。
public class App{
public static void main(String args[]){
try{
String caFilePath = "/home/sanju/Documents/Windows Shared/Leron/runningProjects/dcuFirmwareUpload/certificates/MINI/rootca.crt";
String clientCrtFilePath = "/home/sanju/Documents/Windows Shared/Leron/runningProjects/dcuFirmwareUpload/certificates/MINI/7d6238abc3-certificate.pem.crt";
String clientKeyFilePath = "/home/sanju/Documents/Windows Shared/Leron/runningProjects/dcuFirmwareUpload/certificates/MINI/7d6238abc3-private.pem.key";
String topic = "ThingName/firmwareupdate";
String content = "Message from MqttPublishSample";
int qos = 2;
String broker = "ssl://xxxxxxxxxxxxxxxxx.iot.us-east-2.amazonaws.com:8883";
String clientId = "ThingName";
MemoryPersistence persistence = new MemoryPersistence();
MqttClient sampleClient = new MqttClient(broker, clientId, persistence);
MqttConnectOptions connOpts = new MqttConnectOptions();
/*connOpts.setCleanSession(true);*/
connOpts.setConnectionTimeout(60);
connOpts.setKeepAliveInterval(60);
SSLSocketFactory socketFactory = getSocketFactory(caFilePath,
clientCrtFilePath, clientKeyFilePath, "");
connOpts.setSocketFactory(socketFactory);
System.out.println("Connecting to broker: " + broker);
sampleClient.connect(connOpts);
sampleClient.subscribe("subscribeTopic", 1);
System.out.println("Connected");
System.out.println("Publish message: " + content);
MqttMessage message = new MqttMessage(content.getBytes());
message.setQos(qos);
sampleClient.setCallback(new SimpleCallback());
sampleClient.publish(topic, message);
System.out.println("Message published");
try {
Thread.sleep(5000);
sampleClient.disconnect();
} catch(Exception e) {
e.printStackTrace();
}
System.out.println("Disconnected");
System.exit(0);
}catch(MqttException me){
System.out.println("reason " + me.getReasonCode());
System.out.println("msg " + me.getMessage());
System.out.println("loc " + me.getLocalizedMessage());
System.out.println("cause " + me.getCause());
System.out.println("except " + me);
me.printStackTrace();
}catch(Exception e){
System.out.println("running: "+e);
}
}
private static SSLSocketFactory getSocketFactory(final String caCrtFile,
final String crtFile, final String keyFile, final String password)
throws Exception {
Security.addProvider(new BouncyCastleProvider());
// load CA certificate
PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))));
X509Certificate caCert = (X509Certificate)reader.readObject();
reader.close();
// load client certificate
reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile)))));
X509Certificate cert = (X509Certificate)reader.readObject();
reader.close();
// load client private key
reader = new PEMReader(
new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile)))),
new PasswordFinder() {
@Override
public char[] getPassword() {
return password.toCharArray();
}
}
);
KeyPair key = (KeyPair)reader.readObject();
reader.close();
// CA certificate is used to authenticate server
KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType());
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", caCert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(caKs);
// client key and certificates are sent to server so it can authenticate us
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
ks.setCertificateEntry("certificate", cert);
ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[]{cert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
// finally, create SSL socket factory
/*SSLContext context = SSLContext.getInstance("TLSv1");*/
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return context.getSocketFactory();
}
}
我收到以下日志和错误
连接到代理:ssl://aclugxc4jtbld-ats.iot.us-east-2.amazonaws.com:8883 reason 0 msg MqttException loc MqttException cause java.net.SocketTimeoutException: connect timed out except MqttException (0) - java.net .SocketTimeoutException: 连接超时 MqttException (0) - java.net.SocketTimeoutException: 连接超时在 org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) 在 org.eclipse.paho。 client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:715) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask. java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent。 java.util.concurren 处的 ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) t.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 原因:java.net.SocketTimeoutException: java.net.PlainSocketImpl.socketConnect( Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java .net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at org.eclipse.paho.client.mqttv3.internal.TCPNetworkModule.start(TCPNetworkModule.java:80 ) 在 org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:701) 的 org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:103) 。 .. 还有 7 个
想要连接到 aws IOT,以便我可以发布/订阅主题。
我没有使用 Java 客户端,但是当我看到 MQTT 的“连接超时”时,我会检查附加到设备证书的策略。 您的代码中的 MQTT 客户端名称是否与策略中的客户端名称匹配? 事物名称呢? 此外,请检查策略中的正确区域和帐户。
例如,下面的“RaspberryPi”应与云中的策略和您设备的代码相匹配:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "arn:aws:iot:REGION:ACCOUNT:client/RaspberryPi"
},
如果事情仍然不起作用,请尝试一个过于宽松的政策来进行健全性检查。 找到问题后,将策略限制为最低权限以使其更安全:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
}
]
}
AWS IoT 文档中的另一个很好的示例:在此处检查策略中的“iot:Connect”: https ://docs.aws.amazon.com/iot/latest/developerguide/iot-moisture-policy.html
以及代码中使用的“--clientId RaspberryPi”(MQTT 客户端)和“--thingName RaspberryPi”如何匹配使用策略的各自名称: https ://docs.aws.amazon.com/iot/latest/developerguide/ iot-moisture-raspi-setup.html 。
"Resource": "arn:aws:iot:REGION:ACCOUNT:client/RaspberryPi"
"Resource": "arn:aws:iot:REGION:ACCOUNT:thing/RaspberryPi"
请注意,MQTT 客户端的名称和事物的名称可以有不同的名称,但必须与策略中的名称相匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.