堆栈内存溢出
  繁体   English   中英

Golang Mqtt 客户端 TLS 实现

[英]Golang Mqtt Client TLS Implementation

 原文  2022-01-03 17:19:28       go

问题描述

我尝试将 tls 配置添加到“github.com/eclipse/paho.mqtt.golang”客户端 package。 但是在配置文件中从文件加载。 我想使用 pem 作为字符串格式。 例如,object 具有“caPem”键,其值为 CA pem 作为字符串。

func NewTLSConfig(cACertificate, clientCertificate, clientKey string) *tls.Config {

    certpool := x509.NewCertPool()

    pemCerts, err := ioutil.ReadFile("/ca.pem")
    if err == nil {
        certpool.AppendCertsFromPEM(pemCerts)
    }

    cert, err := tls.LoadX509KeyPair("/client.pem", "/client.key")
    if err != nil {
        panic(err)
    }

    cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
    if err != nil {
        panic(err)
    }
    fmt.Println(cert.Leaf)

    return &tls.Config{

        RootCAs: certpool,

        ClientAuth: tls.RequestClientCert,

        ClientCAs: nil,

        InsecureSkipVerify: false,

        Certificates: []tls.Certificate{cert},
    }
}

正如您在上面的代码中看到的,pemCerts 从文件中获取公钥。 函数参数“caCertificate...”是字符串。 我只想像“pemCerts:= caCertificate”一样使用它们。 我怎样才能实现这个

1 个解决方案

解决方案1
 0  2022-01-03 20:53:39

做了一个例子,如何做到这一点。 它确实假设您在字符串中没有超过 1 个 PEM 块。 如果你这样做,你应该调整它以多次调用strPEMToPubCert

游乐场链接

package main

import (
    "crypto/x509"
    "encoding/pem"
    "errors"
    "fmt"
)

func main() {
    var pubPEMData = `-----BEGIN CERTIFICATE-----
MIIG9TCCBd2gAwIBAgISBLS106X/pLzr6OgL1QIQaFjHMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDUxNDE1NTJaFw0yMjAzMDUxNDE1NTFaMB4xHDAaBgNVBAMM
Eyouc3RhY2tleGNoYW5nZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCad2WyTsmxXwoyz/iQST49XuSAciGr8GcyUtrestK82l4uHvU0/eCsxkUa
nT6xpm60l9OaAXCjJHEl9+0qKOUQ8+FJzr4W9PuiALE1E6j5mpYk3FRERZwX+AFZ
dN2G1rSb+uZvDSiR9eUikj0ueR5TTA+ZUsNLaByE+/EzcUqja9Qxyq7zkizSolxy
/RVTRPB2BaDkGY4I46avu8PJPm6R3skp0L96MnWSDVtJhIGc5lisoUEozrlTbTuT
SfBvPAAIqFT6702LJqFIF5rW04++GrEBh6S1I+17IZxneTMcorx0sYmXVzRGvz6e
0nOfXo6a80hAFgs+vci3UWEze7vrAgMBAAGjggQXMIIEEzAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFMbQN0TT6bdr8CA4WpQ9UwT/XKTZMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMIIB5AYDVR0RBIIB2zCCAdeCDyouYXNrdWJ1bnR1LmNvbYISKi5ibG9n
b3ZlcmZsb3cuY29tghIqLm1hdGhvdmVyZmxvdy5uZXSCGCoubWV0YS5zdGFja2V4
Y2hhbmdlLmNvbYIYKi5tZXRhLnN0YWNrb3ZlcmZsb3cuY29tghEqLnNlcnZlcmZh
dWx0LmNvbYINKi5zc3RhdGljLm5ldIITKi5zdGFja2V4Y2hhbmdlLmNvbYITKi5z
dGFja292ZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsgg8qLnN1cGVy
dXNlci5jb22CDWFza3VidW50dS5jb22CEGJsb2dvdmVyZmxvdy5jb22CEG1hdGhv
dmVyZmxvdy5uZXSCFG9wZW5pZC5zdGFja2F1dGguY29tgg9zZXJ2ZXJmYXVsdC5j
b22CC3NzdGF0aWMubmV0gg1zdGFja2FwcHMuY29tgg1zdGFja2F1dGguY29tghFz
dGFja2V4Y2hhbmdlLmNvbYISc3RhY2tvdmVyZmxvdy5ibG9nghFzdGFja292ZXJm
bG93LmNvbYITc3RhY2tvdmVyZmxvdy5lbWFpbIIRc3RhY2tzbmlwcGV0cy5uZXSC
DXN1cGVydXNlci5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEF
BgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47
EsAgRFwqcwAAAX2LKmpMAAAEAwBIMEYCIQC1jB7OwpQiHacbVnEZgWegpCOksm6Z
TYkTjXCmIo9m1AIhAPjs+1PPNr/avFzSydhUROI+Rvqx0iZqXzNc24PIOXjBAHYA
KXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF9iypqRAAABAMARzBF
AiEA0oJ418l3aDXj4EVAtzf5o2nUdYiZiH7pLvA1hd7ZSKUCICFeACPl73NNLSzR
7yoKEV6nO7Zlk4rUd/fUyROY35OMMA0GCSqGSIb3DQEBCwUAA4IBAQB+hvmbEaHF
jEkSZiTllNe+XWtfz6TiWIugoqdDL67app49ZTTZ94oLRGxybm62nBIEX/2gCRgd
fqnDecg4BWIyl2jti73eKkmt9+pcCDqZ1JcbW8rDLmZJnzdcC0o739BGRq/ufP5R
Fb8qXAap2VH/29MQImxB166PsAb9rKdS1kNSfg4Zsu7nisg7q47dyzZMT9cTbajf
D/T6hl30nHOyJFvny5vYwDLtiNg5BJ2xZzZFh4B73mY53jjN2EXn4S5LI9J+0NmY
dic7TY+lsttvfrJ+cySMO7E1T1SkgEgHtfsadlRRWNFl80R91sS98FHbhBg/MSMk
yAm4xgff5rYD
-----END CERTIFICATE-----`

    crt, _, err := strPEMToPubCert(pubPEMData)
    if err != nil {
        panic(err)
    }

    fmt.Println(crt.DNSNames)
}

func strPEMToPubCert(pemStr string) (*x509.Certificate, []byte, error) {
    block, rest := pem.Decode([]byte(pemStr))
    if block == nil || block.Type != "CERTIFICATE" {
        return nil, rest, errors.New("failed to decode PEM block containing certificate")
    }

    cert, err := x509.ParseCertificate(block.Bytes)
    if err != nil {
        return nil, rest, err
    }

    return cert, rest, nil
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 TLS:使用 GoLang tls 客户端的握手失败 用于实现RTSP客户端的Golang库 Golang - TLS 相互认证 - 转储客户端证书 使用golang相互TLS身份验证信任特定客户端 golang:客户端tls.Conn关闭钩子 Golang HTTPS / TLS POST客户端/服务器 如何在Golang中更改客户端与代理之间的MQTT keepAlive(handshake)时间间隔? 带有证书的 Golang Opc UA 客户端实现 GRPC Golang服务器和NodeJS客户端。 TLS连接失败 Golang:如何在http客户端的TLS配置中指定证书
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM