Fatal编程技术网
  • angular/
  • Angular 使用mqtt ngx通过websocket连接tls中的代理

Angular 使用mqtt ngx通过websocket连接tls中的代理

angular mqtt

Angular 使用mqtt ngx通过websocket连接tls中的代理,angular,mqtt,angular8,Angular,Mqtt,Angular8,我有一个远程MOSQUITO代理(在带有windows的aws ec2实例上),一切正常:端口可以访问,我可以使用acl的规则发布和订阅。 我已将发布操作限制在.net核心服务器(具有identityserver 4)上,而使用ngx mqtt的angular8应用程序正在订阅 现在我正在尝试启用tls,但它在连接上一直失败 main-es2015.42b21e2ecd07be623604.js:1 WebSocket connection to 'wss://myserver/mqtt' fa

我有一个远程MOSQUITO代理(在带有windows的aws ec2实例上),一切正常:端口可以访问,我可以使用acl的规则发布和订阅。 我已将发布操作限制在.net核心服务器(具有identityserver 4)上,而使用ngx mqtt的angular8应用程序正在订阅

现在我正在尝试启用tls,但它在连接上一直失败

main-es2015.42b21e2ecd07be623604.js:1 WebSocket connection to 'wss://myserver/mqtt' failed: Error in connection establishment: net::ERR_CERT_INVALID
我的域有一个有效的证书,angular应用程序使用https连接。 对于mosquitto,我已经按照mosquitto上的文档对ca、服务器和客户端证书进行了自签名,但我仍然无法确定我缺少了什么:我应该在客户端登录后将证书和密钥发送给客户端吗?我应该实现什么样的流程

acl:

mosquitto.conf

port 1883
listener 8883
protocol websockets

connection_messages true

allow_anonymous false

acl_file C:\Program Files\mosquitto\aclfile.example

cafile C:\Program Files\mosquitto\certs\certificate_authority.crt

# Path to the PEM encoded server certificate.
certfile C:\Program Files\mosquitto\certs\broker.crt

# Path to the PEM encoded keyfile.
keyfile C:\Program Files\mosquitto\certs\broker.key

tls_version tlsv1.2

log_dest file C:\logs_and_keys\mosquitto.log
log_type error
log_type warning
log_type notice
log_type information
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S
要连接的ngx mqtt选项:

  this.mqttService.connect({
      hostname: environment.mqttHost,
      port: environment.mqttPort,
      path: environment.mqttBasePath,
      protocol: 'wss',
      username: username,
      password: 'useless-password',
      ca: certificate,
      cert: cert.toString(),
      key: key.toString()
    });
在测试的同时,我还硬编码ca.crt、client.crt和client.key

    const certificate = `-----BEGIN CERTIFICATE-----
MIIDPjCCAiagAwIBAgIJALRVA1uL1EqdMA0GCSqGSIb3DQEBCwUAMDQxCzAJBgNV
BAYTAklUMQ4wDAYDVQQKDAVTYXJpeDEVMBMGA1UEAwwMZ2V0YXRhYmxlLmV1MB4X
DTE5MTIxNzE0MTc0N1oXDTIwMTIxNjE0MTc0N1owNDELMAkGA1UEBhMCSVQxDjAM
BgNVBAoMBVNhcml4MRUwEwYDVQQDDAxnZXRhdGFibGUuZXUwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC48q3wA6gv9apIQnHlQzXcWJCCsdz2bdAsBUsp
H1uIuW7C1Syx4BDRx4gHL5gMP1b0NuN0qwSl7rzDpJwZvNHCW4TKjE2KTHipIr5P
uZqt/1fU1pyraE9T9ULRBOHkMM94GpJNn12pVhu66+qVtqryCuuaplW5tlXmCM+M
4pLdmQws9XllTTaUqyR1WbWIcKhUqyATPKYbl3KqztgR4rUfKN2IpAwfvOit4Riy
ARdV3r0EVel+KFpkelWacy36XRtLTLpIh+6X0PGFVo6/prI5XtIvQEcbsZqbHPgG
+zsNL7o4fPM3Onimz65iukKffCAvjFYVpD2vgRKc50bUAkkFAgMBAAGjUzBRMB0G
A1UdDgQWBBQwBtrjPKRj2l6fxBsBN+jt3CGk6TAfBgNVHSMEGDAWgBQwBtrjPKRj
2l6fxBsBN+jt3CGk6TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAuQH7ohstjB7imn2GS7ZhooOabt315+wHiQXQqfINfQqfTqTNs6+qZzCg3fq1T
CQFlrnzYZhLmlvFYNlRrp8aczBb6byu/LeM8RJpkmG0+JtL3qDgsjsWIRnlulVLP
4idSU+whOSw3/mn7foLcw1e23dbOJXDX2aRtM1ax/uTJVXQSGAmisgV9Y9Q24+5J
SOzMKXkTqUkE40J4BVJaNa6mn97I9ygUnOu+TGCZ3EnlgAK5ZUPPafaJAPPPqnE0
cMsep9LlpCyuSXW/BOci8FKbCNtZpalk2/7un3nwpiwQgxu77LXVgWqx3HTRqhrI
FGaN1WaNJW87mI49Jx+/HAJl
-----END CERTIFICATE-----
`;
    const key = `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A7B0480427C73B4E

iEbs8Zcgjmq/VFj/EnvUAsuqbNjlq2X/n/ofcP7ghNBLvwXPZp7Dy58uwZaKifm1
J/uJGPu6P+AJHfXMAPnBspaxScVUIWGJNBFJftlgm2T46yBjs3yyw1meI4Uq9emF
d5ZI3v94X31ySAm9grQ/SCJL4vEixouRvwn3Qq1Cbd99kH7sgYSLTCI5nF09a/s2
5zc8HI2grr1nsCwJlJPBH4Gx6fYHsaFAMG9eLhru9Evt6xvFqYcCJTYl+RfNuGyh
wavL6EpIJKriKq4rnpci2rdVLjxKC5648OSFR++/m1iFSWKSeS0dEfZwl4RhO3ea
eSvafCfOlK8jcKbGzqYYTNo2v4MK4KBxy/tgbWwpk1RlkcRo3qQYo3FoZVMY+wUh
C3NBlgxXEjBekaPlAd7k3Mzbx69Y++ISMH5b3eknwXJR60cVkvxr0MU6KpoL9ATJ
1oQjbL4FBQVFJwD7awdMiKQ7xeFzgpQ3M+Qy/ButisFQRjHeJm7uOb6x91tVpbXY
MzzAiaQcwdppnLHH/PE8v1bZ338vEpyLmslZKyCpgzI11bHaIvBdkLrRMkbP3tng
b0VcldQMTFMy9trSNHQw4QGE1iaHH8HBOVIqbEuaDbn67KfQHnmR2w9ITdc3ZKis
Ga9bd3gIdvrx2ZDFymBnXPv7eOdp9zq6eZmkRCQpFhuKpexBDVIZKiQtyWaUi9pV
/eXJbEqEM8JL+SGNv03YqbkqYK7ztl4fNZKMMyrm435e90swKP22k2cCWebTbPoH
qTs4c0f7RtijMjBQuI87jyTXOEiMh79aRNr+qrQqcahub5rtM6nQOFWTXRCawNNI
Yj3wowdHoGSpe8/cEkvf3uGHza+K4rzpSnHZDA9GoErFMDlDUq8ZOU+a85G4Zh7V
MgHAQBRHCfebmbEJ2/Uhjt6yZHgZZvtelI8tkbTXl+wVKEH2Qg0VT5WzTNDVUC0+
a+7+PVQyubEWEMytqtWTmp7N+Ev9X6TS2J1EQHJbrr2mpUdlCn9ozN6bZPcZjw4a
ghVPW6T51K6tBkpkBIxACU1Vzj1G/s1jFZsGjHkaNVoZc8yxohRGnENOxzAzsyV8
Khf8Hs87788kZ2WY3ejOBBRKFKcQYfY3TXos7rWg3s//qFB3Ty3p8yXqqhiaakz8
79vAVqS1SkUiT1UOUqdouOOENoOlZ6UAkViiHXI74+BgxBweaylbY6iiwbaz8xGJ
+slBgglFR1w/temT7nxxoz/MmzebPi9omL8msR0miGw5tdCu/6urhS8Q7ZEAhAV/
TYFYa+zB9BrSNOHhlbWwgsLwLza6pT/eocVbhP8JiA3o3mt+DpBBP1RjzSeBEp6B
88+icU15bClEmub6zge3vLTNNOtSxCzDY/Max+typIzPlvR3WkJG8HCXnej2E7kY
Cp647atWEAE6wP+mEGT3lluBJBfhd3HiAzku+/e3Cjmt7WMB6CK1tFgSxxN07cX1
Jn9pd9q1+UAFCZE9FRlNLPYTEK8nku2ylownkBZ2iO+fzRNwlUUqYKFMMJjMGNv7
P5r1as/ukj86BCKooe1fqgxHdi7/0q0iZK2AztlLAuKeFNKTWaoQfaKM8qO8qve/
-----END RSA PRIVATE KEY-----
`;
    const cert = `-----BEGIN CERTIFICATE-----
MIIC9TCCAd0CCQDvMeKoPNMUxDANBgkqhkiG9w0BAQsFADA0MQswCQYDVQQGEwJJ
VDEOMAwGA1UECgwFU2FyaXgxFTATBgNVBAMMDGdldGF0YWJsZS5ldTAeFw0xOTEy
MTcxNTMwMzhaFw0yMDEyMTYxNTMwMzhaMEUxCzAJBgNVBAYTAklUMRMwEQYDVQQI
DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxse2z+BFkfjMYDWc6qOB
VUR6OUuKLFvKYZvXcqbyUKGZhL/xBnHKmwO2ij0Umk1f3Ovd8h4BP6UaPdVILeVG
vBFLxI3vvkWtSHS/SumdVoMQYdwRAiRL3kKb9WtnIaL9lP9cHgBrGu979l4MnwrT
0VRkPDk2d8gpRNr6ezFw1IfpC8ULR0+p8uk8lB6BaGJ1/o9JaVyXHsegPrS04iPk
SVsVak/mxKZm0rlcCvBTzKOnWtIcpc1rfX5yX5bqworz4YtY00LAsCshajPTQTB4
jUG1S2Bpj+7DJcKI+PrJZX1sAAGG6izArEtQlFJHI6Z0/VtuBITEElfKPrnUuLV9
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJtQK9posyJ9+h8gCb/2RtKo2R75YTb7
VkaiJ1TDmfgLOpcm/1Jshq1CjQWSsTrgpmllHBN6UMEDJn6NsNvFekB/+26nDrRX
266I0tDgRPTA9Fughk0BQx63aRqVRXLasq6I5DhqLNSIcS/7SSZm1S7uG8cVoEqg
qjMCiUZWhe9LKF6PCuUmZQkDv5zpuD6vLUXOvEi1AGInsxtShJBHoxd5slmCOHUT
db3gC8kONOPRuU3F+mGasesbF38c1qx9jcPNC+wSFGIPBBFUCcikUkCnmsOX8NKh
sTne6BiSJ9NsIUb+A3cw9Nnv5wjI1EdICKMAoAMGW2oCUAgcAIbJhLs=
-----END CERTIFICATE-----
`;
提前感谢

在将近一年之后,对项目进行了大量更改,这与我最初描述的场景不同。 我现在有一个无服务后端,因此mosquitto代理不是我托管的(因此我目前使用mosquitto的公共代理),我已经将Angular升级到第10个版本(当时使用的是Angular 8)

现在,我只需使用以下配置,即可正常工作:

hostname: 'test.mosquitto.org',
port: 8081,
protocol: 'wss',
path: '/mqtt'
你可能会觉得有用。我的理解是,不能通过浏览器JS接口为websocket连接指定客户端证书(请参阅)。使用JWT或类似的东西可能是一种选择。感谢您的建议,但我已经阅读了这些文章和问题,但没有成功。您说得对,使用mqtt.js无法指定证书,但是我想不出一种方法使其工作。我能够(至少)在tls中连接到mqtt.fx,但在浏览器中我无法看到我期望看到的情况-浏览器不提供javascript代码在启动连接时指定证书的能力,因此,使用mqtt.js(或任何其他基于浏览器的系统)不可能做到这一点。我相信您可以手动安装证书,但无法扩展。因此,您需要一种不同的方法,传递JWT是一种方法-请参阅以获取一个选项, 
hostname: 'test.mosquitto.org',
port: 8081,
protocol: 'wss',
path: '/mqtt'