-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathmain.go
151 lines (124 loc) · 4.42 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package main
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"net/http"
"os"
"os/signal"
"syscall"
"github.com/namsral/flag"
log "github.com/sirupsen/logrus"
prefixed "github.com/x-cray/logrus-prefixed-formatter"
)
var mqttHost string
var mqttPort int
var mqttEnable bool
var mqttsHost string
var mqttsPort int
var mqttsCert string
var mqttsKey string
var mqttsEnable bool
var httpHost string
var httpPort int
var httpEnable bool
var httpsHost string
var httpsPort int
var httpsCert string
var httpsKey string
var httpsEnable bool
var mqttBrokerHost string
var mqttBrokerPort int
var mqttBrokerUsername string
var mqttBrokerPassword string
var authURL string
var authCAFile string
var Version string
var Build string
var Date string
var authClient *http.Client
func main() {
formatter := new(prefixed.TextFormatter)
formatter.DisableTimestamp = false
formatter.FullTimestamp = true
formatter.TimestampFormat = "2006-01-02 15:04:05.000000000"
log.SetFormatter(formatter)
log.SetLevel(log.DebugLevel)
flag.IntVar(&mqttPort, "mqtt-port", 1883, "Mqtt port to listen to.")
flag.StringVar(&mqttHost, "mqtt-host", "0.0.0.0", "Mqtt interface to listen to.")
flag.BoolVar(&mqttEnable, "mqtt-enable", true, "Enable mqtt protocol")
flag.IntVar(&mqttsPort, "mqtts-port", 8883, "Mqtts port to listen to.")
flag.StringVar(&mqttsHost, "mqtts-host", "0.0.0.0", "Mqtts interface to listen to.")
flag.StringVar(&mqttsCert, "mqtts-cert", "certs/server.pem", "Certificate used for mqtt TLS.")
flag.StringVar(&mqttsKey, "mqtts-key", "certs/server.key", "Key used for mqtt TLS.")
flag.BoolVar(&mqttsEnable, "mqtts-enable", true, "Enable mqtts protocol")
flag.StringVar(&httpHost, "http-host", "0.0.0.0", "Listen http port (for http and websockets)")
flag.IntVar(&httpPort, "http-port", 8080, "Listen http port (for http and websockets)")
flag.BoolVar(&httpEnable, "http-enable", true, "Enable http protocol")
flag.StringVar(&httpsHost, "https-host", "0.0.0.0", "Listen https port (for https and websockets tls)")
flag.IntVar(&httpsPort, "https-port", 8081, "Listen https port (for https and websockets tls)")
flag.StringVar(&httpsCert, "https-cert", "certs/server.pem", "Certificate used for https.")
flag.StringVar(&httpsKey, "https-key", "certs/server.key", "Key used for https.")
flag.BoolVar(&httpsEnable, "https-enable", true, "Enable https protocol")
flag.IntVar(&mqttBrokerPort, "mqtt-broker-port", 1883, "Port of the mqtt server")
flag.StringVar(&mqttBrokerHost, "mqtt-broker-host", "0.0.0.0", "Host the mqtt server.")
flag.StringVar(&mqttBrokerUsername, "mqtt-broker-username", "", "Username of the mqtt server. Reuse incoming one if empty")
flag.StringVar(&mqttBrokerPassword, "mqtt-broker-password", "", "Password the mqtt server.")
flag.StringVar(&authURL, "auth-url", "", "URL to the authz/authn service")
flag.StringVar(&authCAFile, "auth-ca-file", "", "PEM encoded CA's certificate file for the authz/authn service")
flag.Parse()
log.Println("Starting mqtt-proxy @ ", Version, Build, Date)
log.Println("mqtt server ", mqttBrokerHost, mqttBrokerPort, mqttBrokerUsername, mqttBrokerPassword)
if authURL != "" {
log.Println("auth connect : ", authURL+"/connect")
log.Println("auth publish : ", authURL+"/publish")
log.Println("auth subscribe : ", authURL+"/subscribe")
} else {
log.Println("auth : no auth url configured : bypassing!")
}
// Load CA cert
authCACertPool := x509.NewCertPool()
if authURL != "" && authCAFile != "" {
caCert, err := ioutil.ReadFile(authCAFile)
if err != nil {
log.Fatal(err)
}
pemBlock, _ := pem.Decode(caCert)
clientCert, err := x509.ParseCertificate(pemBlock.Bytes)
if err != nil {
log.Fatal(err)
}
clientCert.BasicConstraintsValid = true
clientCert.IsCA = true
clientCert.KeyUsage = x509.KeyUsageCertSign
//clientCert.DNSNames = append(clientCert.DNSNames, "policy")
authCACertPool.AddCert(clientCert)
log.Println("auth using CA : '" + authCAFile + "'")
}
tlsConfig := &tls.Config{RootCAs: authCACertPool}
//tlsConfig.BuildNameToCertificate()
tr := &http.Transport{
TLSClientConfig: tlsConfig,
//DisableCompression: true,
}
authClient = &http.Client{Transport: tr}
if httpEnable || httpsEnable {
wsMqttPrepare()
}
if httpEnable {
go wsMqttListen()
}
if httpsEnable {
go wssMqttListen()
}
if mqttEnable {
go mqttListen()
}
if mqttsEnable {
go mqttsListen()
}
c := make(chan os.Signal, 2)
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
<-c
}