问题
I am trying to use a QtMQtt example project simpleclient. But I want to perform a secure MQTT. How do I approach this?
I have read this blog (https://www.qt.io/blog/2017/08/14/introducing-qtmqtt-protocol). But this does not help me much.
Do I have to use QsslSocket's connectToHostEncrypted() or should I use QTMQTT clients's connectToHostEncrypted()
If I use QTMQTT clients's connectToHostEncrypted(). It only allows me to set sslpeername. It does not allow me set certificate or private key
Or If I use QSSLSOCKECT's connectToHostEncrypted(). How do I notify my MQTT client that a connection has been made. And I should now be able to publish and subscribe
write now I am doing something like this:
connect(this->(QSslSockets's Object),SIGNAL(encrypted),this, SLOT(foo()))
void foo()
{
QTMQTTClient's object->connectToHostEncrypted("Hostname")
}
This does not let me publish or subscribe. If someone can point me in the right direction. Some documentation or examples that would really help me a lot
回答1:
QMqttClient will use as a transport device to a QSslSocket if your Qt supports SSL, to verify if it supports SSL the QSslSocket::supportsSsl() function must return true. If it does not support it then you must enable it by following the guide: Enabling and Disabling SSL Support.
Considering that the above works then you can set the certificate globally so that all QSslSocket uses it by default:
QSslCertificate cert = QSslCertificate(...);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
For example using http://test.mosquitto.org/:
#include <QtMqtt>
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
int main(int argc, char *argv[]) {
QCoreApplication a(argc, argv);
const QString hostname{"test.mosquitto.org"};
const quint16 port = 8883;
const QMqttTopicName topic{"qtmqtt/ssl_test"};
const QMqttTopicFilter filter{"qtmqtt/#"};
QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(hostname);
client.setPort(port);
QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
if(state == QMqttClient::Disconnected)
qDebug() << " State: Disconnected";
else if(state == QMqttClient::Connecting)
qDebug() << " State: Connecting";
else if(state == QMqttClient::Connected)
qDebug() << " State: Connected";
});
QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
qDebug() << error;
});
QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
});
QTimer timer;
QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
if(client.publish(topic, QDateTime::currentDateTime().toString().toUtf8()) == -1)
qDebug() << "Error: Could not publish message";
});
QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
QMqttSubscription *subscription = client.subscribe(filter);
if(!subscription)
qDebug() << "Could not subscribe";
timer.start(1000);
});
client.connectToHostEncrypted();
return a.exec();
}
Output:
State: Connecting
State: Connected
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:08 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:09 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:10 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:11 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:12 2019"
...
You can also use QSslConfiguration to set the certificates and/or private key:
QSslCertificate cert = QSslCertificate(...);
QSslConfiguration conf;
conf.setCaCertificates({cert});
// conf.setPrivateKey();
QSslConfiguration::setDefaultConfiguration(conf);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();
You can also pass QSslSocket directly by setting it as a transport device:
QSslCertificate cert = QSslCertificate(...);
QSslSocket socket;
socket.addCaCertificate(cert);
// conf.setPrivateKey();
QMqttClient client;
client.setHostname(...);
client.setPort(...);
client.setTransport(&socket, QMqttClient::SecureSocket);
// ...
client.connectToHostEncrypted();
回答2:
If you are using setTransport(), then you have to make sure that the passed socket is also already encrypted and connected. Or as mentioned in https://bugreports.qt.io/browse/QTBUG-68031 it is the user's responsibility to have the transport in a valid and usable state.
However, if you are using Qt 5.14, you will be able to simply use QMqttClient::connectToHostEncrypted() with a QSslConfiguration as argument. See here: https://code.qt.io/cgit/qt/qtmqtt.git/tree/src/mqtt/qmqttclient.h?h=5.14#n137
来源:https://stackoverflow.com/questions/57829480/how-do-i-perform-a-secure-mqtt-using-qtmqtt-and-ssl