From 5f4e62047cf7ec596fae4ddcb2c44ad3323784c1 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 06:59:21 +0200
Subject: [PATCH 01/12] Add app flag CAFILE

---
 cmd/lora-gateway-bridge/main.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/lora-gateway-bridge/main.go b/cmd/lora-gateway-bridge/main.go
index b03fe715..1ef220ce 100644
--- a/cmd/lora-gateway-bridge/main.go
+++ b/cmd/lora-gateway-bridge/main.go
@@ -28,7 +28,7 @@ func run(c *cli.Context) error {
 	var pubsub *mqttpubsub.Backend
 	for {
 		var err error
-		pubsub, err = mqttpubsub.NewBackend(c.String("mqtt-server"), c.String("mqtt-username"), c.String("mqtt-password"))
+		pubsub, err = mqttpubsub.NewBackend(c.String("mqtt-server"), c.String("mqtt-username"), c.String("mqtt-password"), c.String("cafile"))
 		if err == nil {
 			break
 		}
@@ -113,6 +113,11 @@ func main() {
 			Usage:  "mqtt server password (optional)",
 			EnvVar: "MQTT_PASSWORD",
 		},
+		cli.StringFlag{
+			Name:   "cafile",
+			Usage:  "CA certificate file (optional)",
+			EnvVar: "CAFILE",
+		},
 		cli.BoolFlag{
 			Name:   "skip-crc-check",
 			Usage:  "skip the CRC status-check of received packets",

From df3a18d17b82ddfc4323fb7f44cf64f1d5269f8a Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 07:15:21 +0200
Subject: [PATCH 02/12] Update backend.go

---
 backend/mqttpubsub/backend.go | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/backend/mqttpubsub/backend.go b/backend/mqttpubsub/backend.go
index bcce1dc8..91c0c867 100644
--- a/backend/mqttpubsub/backend.go
+++ b/backend/mqttpubsub/backend.go
@@ -22,6 +22,11 @@ type Backend struct {
 
 // NewBackend creates a new Backend.
 func NewBackend(server, username, password string) (*Backend, error) {
+	return NewBackend(server, username, password, "")
+}
+
+// NewBackend creates a new Backend.
+func NewBackend(server, username, password, cafile string) (*Backend, error) {
 	b := Backend{
 		txPacketChan: make(chan gw.TXPacketBytes),
 		gateways:     make(map[lorawan.EUI64]struct{}),
@@ -33,7 +38,14 @@ func NewBackend(server, username, password string) (*Backend, error) {
 	opts.SetPassword(password)
 	opts.SetOnConnectHandler(b.onConnected)
 	opts.SetConnectionLostHandler(b.onConnectionLost)
-
+	
+	if len(cafile) != 0 {
+		tlsconfig := NewTLSConfig(cafile)
+		if(tlsconfig != nil) {
+			opts.SetClientID("ssl-client").SetTLSConfig(tlsconfig)
+		}
+	}
+	
 	log.WithField("server", server).Info("backend: connecting to mqtt broker")
 	b.conn = mqtt.NewClient(opts)
 	if token := b.conn.Connect(); token.Wait() && token.Error() != nil {
@@ -43,6 +55,25 @@ func NewBackend(server, username, password string) (*Backend, error) {
 	return &b, nil
 }
 
+func NewTLSConfig(cafile string) (*tls.Config, error) {
+	// Import trusted certificates from CAfile.pem.
+	
+	cert, err := ioutil.ReadFile(cafile)
+	if err != nil {
+		log.Errorf("backend: couldn't load cafile", err)
+		return nil, err
+	}
+	
+	certpool := x509.NewCertPool()
+	certpool.AppendCertsFromPEM(cert)
+	
+	// Create tls.Config with desired tls properties
+	return &tls.Config{
+		// RootCAs = certs used to verify server cert.
+		RootCAs: certpool,
+	}, nil
+}
+
 // Close closes the backend.
 func (b *Backend) Close() {
 	b.conn.Disconnect(250) // wait 250 milisec to complete pending actions

From 3eeb18cd8a5dafac50ea2d055d6f6f1a84569884 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 07:22:22 +0200
Subject: [PATCH 03/12] Update backend.go

---
 backend/mqttpubsub/backend.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/backend/mqttpubsub/backend.go b/backend/mqttpubsub/backend.go
index 91c0c867..6d599758 100644
--- a/backend/mqttpubsub/backend.go
+++ b/backend/mqttpubsub/backend.go
@@ -20,11 +20,6 @@ type Backend struct {
 	mutex        sync.RWMutex
 }
 
-// NewBackend creates a new Backend.
-func NewBackend(server, username, password string) (*Backend, error) {
-	return NewBackend(server, username, password, "")
-}
-
 // NewBackend creates a new Backend.
 func NewBackend(server, username, password, cafile string) (*Backend, error) {
 	b := Backend{

From 445522d6c8955472ddb6caffd332dffdfa6b55ba Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 08:37:12 +0200
Subject: [PATCH 04/12] Add empty string as fourth parameter (Cafile) on func
 NewBackend

---
 backend/mqttpubsub/backend_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/mqttpubsub/backend_test.go b/backend/mqttpubsub/backend_test.go
index fc7e0bcb..45add541 100644
--- a/backend/mqttpubsub/backend_test.go
+++ b/backend/mqttpubsub/backend_test.go
@@ -22,7 +22,7 @@ func TestBackend(t *testing.T) {
 		defer c.Disconnect(0)
 
 		Convey("Given a new Backend", func() {
-			backend, err := NewBackend(conf.Server, conf.Username, conf.Password)
+			backend, err := NewBackend(conf.Server, conf.Username, conf.Password, "")
 			So(err, ShouldBeNil)
 			defer backend.Close()
 

From a58fa924304ee279cf3b652b1423add63e435eb3 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 08:40:35 +0200
Subject: [PATCH 05/12] Update backend.go

---
 backend/mqttpubsub/backend.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/mqttpubsub/backend.go b/backend/mqttpubsub/backend.go
index 6d599758..36a59f1e 100644
--- a/backend/mqttpubsub/backend.go
+++ b/backend/mqttpubsub/backend.go
@@ -35,8 +35,8 @@ func NewBackend(server, username, password, cafile string) (*Backend, error) {
 	opts.SetConnectionLostHandler(b.onConnectionLost)
 	
 	if len(cafile) != 0 {
-		tlsconfig := NewTLSConfig(cafile)
-		if(tlsconfig != nil) {
+		tlsconfig, err := NewTLSConfig(cafile)
+		if(err == nil) {
 			opts.SetClientID("ssl-client").SetTLSConfig(tlsconfig)
 		}
 	}
@@ -50,12 +50,13 @@ func NewBackend(server, username, password, cafile string) (*Backend, error) {
 	return &b, nil
 }
 
+// NewTLSConfig returns the TLS configuration.
 func NewTLSConfig(cafile string) (*tls.Config, error) {
 	// Import trusted certificates from CAfile.pem.
 	
 	cert, err := ioutil.ReadFile(cafile)
 	if err != nil {
-		log.Errorf("backend: couldn't load cafile", err)
+		log.Errorf("backend: couldn't load cafile: %s", err)
 		return nil, err
 	}
 	

From 6066e9ababff90b7566302ed8c8c63cb3e627ec8 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 09:02:28 +0200
Subject: [PATCH 06/12] --cafile option added

---
 cmd/lora-gateway-bridge/doc.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/lora-gateway-bridge/doc.go b/cmd/lora-gateway-bridge/doc.go
index 824244d8..02b5e69a 100644
--- a/cmd/lora-gateway-bridge/doc.go
+++ b/cmd/lora-gateway-bridge/doc.go
@@ -13,6 +13,7 @@ GLOBAL OPTIONS:
    --mqtt-server "tcp://127.0.0.1:1883"	MQTT server [$MQTT_SERVER]
    --mqtt-username 			MQTT username [$MQTT_USERNAME]
    --mqtt-password 			MQTT password [$MQTT_PASSWORD]
+   --cafile                            CA certificate file [$CAFILE]
    --log-level "4"			debug=5, info=4, warning=3, error=2, fatal=1, panic=0 [$LOG_LEVEL]
    --help, -h				show help
    --version, -v			print the version

From 80e5fc59ba361b032d9d71c7eae526f98f03967b Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 09:02:46 +0200
Subject: [PATCH 07/12] Update doc.go

---
 cmd/lora-gateway-bridge/doc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/lora-gateway-bridge/doc.go b/cmd/lora-gateway-bridge/doc.go
index 02b5e69a..2adc715d 100644
--- a/cmd/lora-gateway-bridge/doc.go
+++ b/cmd/lora-gateway-bridge/doc.go
@@ -13,7 +13,7 @@ GLOBAL OPTIONS:
    --mqtt-server "tcp://127.0.0.1:1883"	MQTT server [$MQTT_SERVER]
    --mqtt-username 			MQTT username [$MQTT_USERNAME]
    --mqtt-password 			MQTT password [$MQTT_PASSWORD]
-   --cafile                            CA certificate file [$CAFILE]
+   --cafile                             CA certificate file [$CAFILE]
    --log-level "4"			debug=5, info=4, warning=3, error=2, fatal=1, panic=0 [$LOG_LEVEL]
    --help, -h				show help
    --version, -v			print the version

From cc42432a79147184becbf89dd854e285830e0a3d Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Tue, 20 Jun 2017 12:41:54 +0200
Subject: [PATCH 08/12] Add imports

---
 backend/mqttpubsub/backend.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/mqttpubsub/backend.go b/backend/mqttpubsub/backend.go
index 36a59f1e..a3151e0c 100644
--- a/backend/mqttpubsub/backend.go
+++ b/backend/mqttpubsub/backend.go
@@ -1,6 +1,9 @@
 package mqttpubsub
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"io/ioutil"	
 	"encoding/json"
 	"fmt"
 	"sync"

From 540a585646ba54f6a0eb175ac7444a8f37b3ce92 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Wed, 21 Jun 2017 17:06:23 +0200
Subject: [PATCH 09/12] Update backend.go

---
 backend/mqttpubsub/backend.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/mqttpubsub/backend.go b/backend/mqttpubsub/backend.go
index a3151e0c..a552eeb4 100644
--- a/backend/mqttpubsub/backend.go
+++ b/backend/mqttpubsub/backend.go
@@ -37,10 +37,10 @@ func NewBackend(server, username, password, cafile string) (*Backend, error) {
 	opts.SetOnConnectHandler(b.onConnected)
 	opts.SetConnectionLostHandler(b.onConnectionLost)
 	
-	if len(cafile) != 0 {
+	if cafile != "" {
 		tlsconfig, err := NewTLSConfig(cafile)
-		if(err == nil) {
-			opts.SetClientID("ssl-client").SetTLSConfig(tlsconfig)
+		if err == nil {
+			opts.SetTLSConfig(tlsconfig)
 		}
 	}
 	

From 9b8824c4b29acce55905960422103dfc59b28c54 Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Wed, 21 Jun 2017 17:07:53 +0200
Subject: [PATCH 10/12] modify to mqtt-ca-cert

---
 cmd/lora-gateway-bridge/doc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/lora-gateway-bridge/doc.go b/cmd/lora-gateway-bridge/doc.go
index 2adc715d..16a2633a 100644
--- a/cmd/lora-gateway-bridge/doc.go
+++ b/cmd/lora-gateway-bridge/doc.go
@@ -13,7 +13,7 @@ GLOBAL OPTIONS:
    --mqtt-server "tcp://127.0.0.1:1883"	MQTT server [$MQTT_SERVER]
    --mqtt-username 			MQTT username [$MQTT_USERNAME]
    --mqtt-password 			MQTT password [$MQTT_PASSWORD]
-   --cafile                             CA certificate file [$CAFILE]
+   --mqtt-ca-cert                       CA certificate file [$CAFILE]
    --log-level "4"			debug=5, info=4, warning=3, error=2, fatal=1, panic=0 [$LOG_LEVEL]
    --help, -h				show help
    --version, -v			print the version

From 659c2516f0090abaf0a2314236d44f17703066bc Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Wed, 21 Jun 2017 17:09:23 +0200
Subject: [PATCH 11/12] Update main.go

---
 cmd/lora-gateway-bridge/main.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/lora-gateway-bridge/main.go b/cmd/lora-gateway-bridge/main.go
index 1ef220ce..48db51e6 100644
--- a/cmd/lora-gateway-bridge/main.go
+++ b/cmd/lora-gateway-bridge/main.go
@@ -28,7 +28,7 @@ func run(c *cli.Context) error {
 	var pubsub *mqttpubsub.Backend
 	for {
 		var err error
-		pubsub, err = mqttpubsub.NewBackend(c.String("mqtt-server"), c.String("mqtt-username"), c.String("mqtt-password"), c.String("cafile"))
+		pubsub, err = mqttpubsub.NewBackend(c.String("mqtt-server"), c.String("mqtt-username"), c.String("mqtt-password"), c.String("mqtt-ca-cert"))
 		if err == nil {
 			break
 		}
@@ -114,9 +114,9 @@ func main() {
 			EnvVar: "MQTT_PASSWORD",
 		},
 		cli.StringFlag{
-			Name:   "cafile",
-			Usage:  "CA certificate file (optional)",
-			EnvVar: "CAFILE",
+			Name:   "mqtt-ca-cert",
+			Usage:  "mqtt CA certificate file (optional)",
+			EnvVar: "MQTT_CA_CERT",
 		},
 		cli.BoolFlag{
 			Name:   "skip-crc-check",

From 9a32a3c4c4e4e97db4501dcf4f1dff874668e60c Mon Sep 17 00:00:00 2001
From: minggi <minggi@users.noreply.github.com>
Date: Wed, 21 Jun 2017 17:19:46 +0200
Subject: [PATCH 12/12] Update doc.go

---
 cmd/lora-gateway-bridge/doc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/lora-gateway-bridge/doc.go b/cmd/lora-gateway-bridge/doc.go
index 16a2633a..758b4cc6 100644
--- a/cmd/lora-gateway-bridge/doc.go
+++ b/cmd/lora-gateway-bridge/doc.go
@@ -13,7 +13,7 @@ GLOBAL OPTIONS:
    --mqtt-server "tcp://127.0.0.1:1883"	MQTT server [$MQTT_SERVER]
    --mqtt-username 			MQTT username [$MQTT_USERNAME]
    --mqtt-password 			MQTT password [$MQTT_PASSWORD]
-   --mqtt-ca-cert                       CA certificate file [$CAFILE]
+   --mqtt-ca-cert                       CA certificate file [$MQTT_CA_CERT]
    --log-level "4"			debug=5, info=4, warning=3, error=2, fatal=1, panic=0 [$LOG_LEVEL]
    --help, -h				show help
    --version, -v			print the version