EMQTT(EMQX) SSL/TLS单向认证及JAVA代码

采用部署架构

安装NGINX

安装EMQX

引入JAR

    org.eclipse.paho
    org.eclipse.paho.client.mqttv3
    1.2.1

String brokerUrl = "ssl://liucc.com:8884" ;
MqttDefaultFilePersistence dataStore = new MqttDefaultFilePersistence("/User/dd/data");
MqttConnectOptions conOpt = new MqttConnectOptions();
conOpt.setCleanSession(true);
conOpt.setSocketFactory(SslUtil.getSSLSocktet(properties.getCrtPath()));
MqttClient client = new MqttClient(brokerUrl,properties.getClientId(), dataStore);
client.setCallback(new MqttClientCallback());
client.connect(conOpt);

   public static SSLSocketFactory getSSLSocktet(String caPath) throws Exception {
        // CA certificate is used to authenticate server
        CertificateFactory cAf = CertificateFactory.getInstance("X.509");
        FileInputStream caIn = new FileInputStream(caPath);
        X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
        KeyStore caKs = KeyStore.getInstance("JKS");
        caKs.load(null, null);
        caKs.setCertificateEntry("ca-certificate", ca);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
        tmf.init(caKs);

        // finally, create SSL socket factory
        SSLContext context = SSLContext.getInstance("TLSv1");
        context.init(null, tmf.getTrustManagers(), new SecureRandom());

        return context.getSocketFactory();
    }

注意：caPath = /Users/chengcai/Desktop/docker/ca/ca.crt