Search code examples
c++qtmqttqtmqtt

How do I perform a secure MQTT using QtMqtt and SSL?

I am trying to use a QtMQtt example project simpleclient. But I want to perform a secure MQTT. How do I approach this?

I have read this blog (https://www.qt.io/blog/2017/08/14/introducing-qtmqtt-protocol). But this does not help me much.

Do I have to use QsslSocket's connectToHostEncrypted() or should I use QTMQTT clients's connectToHostEncrypted()

If I use QTMQTT clients's connectToHostEncrypted(). It only allows me to set sslpeername. It does not allow me set certificate or private key

Or If I use QSSLSOCKECT's connectToHostEncrypted(). How do I notify my MQTT client that a connection has been made. And I should now be able to publish and subscribe

write now I am doing something like this:

connect(this->(QSslSockets's Object),SIGNAL(encrypted),this, SLOT(foo()))
void foo()
{
QTMQTTClient's object->connectToHostEncrypted("Hostname")
}

This does not let me publish or subscribe. If someone can point me in the right direction. Some documentation or examples that would really help me a lot

Solution

  • QMqttClient will use as a transport device to a QSslSocket if your Qt supports SSL, to verify if it supports SSL the QSslSocket::supportsSsl() function must return true. If it does not support it then you must enable it by following the guide: Enabling and Disabling SSL Support.

    Considering that the above works then you can set the certificate globally so that all QSslSocket uses it by default:

    QSslCertificate cert = QSslCertificate(...);
QSslSocket::addDefaultCaCertificate(cert);

QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();

    For example using http://test.mosquitto.org/:

    #include <QtMqtt>

const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";

int main(int argc, char *argv[]) {
    QCoreApplication a(argc, argv);

    const QString hostname{"test.mosquitto.org"};
    const quint16 port = 8883;
    const QMqttTopicName topic{"qtmqtt/ssl_test"};
    const QMqttTopicFilter filter{"qtmqtt/#"};

    QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
    QSslSocket::addDefaultCaCertificate(cert);

    QMqttClient client;
    client.setHostname(hostname);
    client.setPort(port);

    QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
        if(state == QMqttClient::Disconnected)
            qDebug() << " State: Disconnected";
        else if(state == QMqttClient::Connecting)
            qDebug() << " State: Connecting";
        else if(state == QMqttClient::Connected)
            qDebug() << " State: Connected";
    });

    QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
        qDebug() << error;

    });

    QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
        qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
    });

    QTimer timer;
    QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
        if(client.publish(topic,  QDateTime::currentDateTime().toString().toUtf8()) == -1)
            qDebug() << "Error: Could not publish message";
    });

    QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
        QMqttSubscription *subscription = client.subscribe(filter);
        if(!subscription)
            qDebug() << "Could not subscribe";
        timer.start(1000);
    });

    client.connectToHostEncrypted();

    return a.exec();
}

    Output:

     State: Connecting
 State: Connected
 Received Topic: "qtmqtt/ssl_test"  Message:  "Sat Sep 7 00:58:08 2019"
 Received Topic: "qtmqtt/ssl_test"  Message:  "Sat Sep 7 00:58:09 2019"
 Received Topic: "qtmqtt/ssl_test"  Message:  "Sat Sep 7 00:58:10 2019"
 Received Topic: "qtmqtt/ssl_test"  Message:  "Sat Sep 7 00:58:11 2019"
 Received Topic: "qtmqtt/ssl_test"  Message:  "Sat Sep 7 00:58:12 2019"
 ...

    You can also use QSslConfiguration to set the certificates and/or private key:

    QSslCertificate cert = QSslCertificate(...);
QSslConfiguration conf;
conf.setCaCertificates({cert});
// conf.setPrivateKey();
QSslConfiguration::setDefaultConfiguration(conf);

QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();

    You can also pass QSslSocket directly by setting it as a transport device:

    QSslCertificate cert = QSslCertificate(...);
QSslSocket socket;
socket.addCaCertificate(cert);
// conf.setPrivateKey();

QMqttClient client;
client.setHostname(...);
client.setPort(...);
client.setTransport(&socket, QMqttClient::SecureSocket);
// ...
client.connectToHostEncrypted();