search

sroebert / mqtt-nio

Non-blocking, event-driven Swift client for MQTT (3.1.1 and 5.0).
MIT License
53 stars 13 forks source link

Question: Possible to send an X509 certificate and key to a broker? #23

Closed michael-aiphone closed 1 month ago

michael-aiphone commented 2 months ago

I need to establish an authenticated connection with an AWS IoT broker. At runtime I am given a cert (as string) and a private key (as a string). I need to use these credentials to pass authentication. Is there a way to leverage this package to meet this need?

For reference here is what I get when I attempt to connect() with a default client configuration init with url. 

2024-06-12T13:11:06-0700 notice nl.roebert.MQTTNIO : target=host("redacted-ats.iot.us-east-2.amazonaws.com", port: 443) [MQTTNIO] Connecting to broker
2024-06-12T13:11:06-0700 notice nl.roebert.MQTTNIO : target=host("redacted-ats.iot.us-east-2.amazonaws.com", port: 443) [MQTTNIO] Connected to broker
2024-06-12T13:11:06-0700 notice nl.roebert.MQTTNIO : reasonCode=version5(MQTTNIO.MQTTPacket.ConnAck.ReasonCode5.notAuthorized) [MQTTNIO] Received: Connect Acknowledgement (Rejected)
2024-06-12T13:11:06-0700 error nl.roebert.MQTTNIO : error=server(MQTTNIO.MQTTConnectionError.ServerReason(code: MQTTNIO.MQTTConnectionError.ServerReason.Code.notAuthorized, message: Optional("CONNACK:Client is not authenticated/authorized to send the message:8c957bcb-dbce-56f2-cdc8-3a280e9f33f5"))) [MQTTNIO] Failed Connect request, shutting down channel
2024-06-12T13:11:06-0700 error nl.roebert.MQTTNIO : [MQTTNIO] Uncaught error: ioOnClosedChannel
2024-06-12T13:11:06-0700 notice nl.roebert.MQTTNIO : [MQTTNIO] Channel closed
2024-06-12T13:11:06-0700 notice nl.roebert.MQTTNIO : [MQTTNIO] Channel closed
2024-06-12T13:11:06-0700 error nl.roebert.MQTTNIO : error=server(MQTTNIO.MQTTConnectionError.ServerReason(code: MQTTNIO.MQTTConnectionError.ServerReason.Code.notAuthorized, message: Optional("CONNACK:Client is not authenticated/authorized to send the message:8c957bcb-dbce-56f2-cdc8-3a280e9f33f5"))) [MQTTNIO] Failed to connect to broker
sroebert commented 1 month ago

It should be possible using NIOSSLCertificate. You can see an example how to use it with this library here: https://github.com/sroebert/mqtt-nio/blob/36c3ff059a7ecfcea708a13b166bdd443b2f201b/Tests/MQTTNIOTests/Core/MQTTNIOTestCase.swift#L122

For more documentation on how to setup the SSL certificates, you can look at the docs (and possibly examples) in the niossl library: https://swiftpackageindex.com/apple/swift-nio-ssl/2.27.0/documentation/niossl