From 7586b26c7e2c60804b88472e51b2e8b8d29b6eaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20Eckel?= <juergen@riddleandcode.com>
Date: Wed, 24 Apr 2024 14:39:09 +0200
Subject: [PATCH] * added TSL support for mqtt * added configuration value
 mqtt-tls (bool) to support tls and non-tls connections (testing)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
---
 config/config.go        | 3 +++
 monitor/mqtt_monitor.go | 9 +++++++++
 util/mqtt.go            | 9 +++++++++
 3 files changed, 21 insertions(+)

diff --git a/config/config.go b/config/config.go
index 282c52c..8ae5485 100644
--- a/config/config.go
+++ b/config/config.go
@@ -23,6 +23,7 @@ mqtt-domain = "{{ .PlmntConfig.MqttDomain }}"
 mqtt-port = {{ .PlmntConfig.MqttPort }}
 mqtt-user = "{{ .PlmntConfig.MqttUser }}"
 mqtt-password = "{{ .PlmntConfig.MqttPassword }}"
+mqtt-tls = "{{ .PlmntConfig.MqttTls }}"
 
 `
 
@@ -40,6 +41,7 @@ type Config struct {
 	MqttPort         int    `json:"mqtt-port"         mapstructure:"mqtt-port"`
 	MqttUser         string `json:"mqtt-user"         mapstructure:"mqtt-user"`
 	MqttPassword     string `json:"mqtt-password"     mapstructure:"mqtt-password"`
+	MqttTls          bool   `json:"mqtt-tls"     mapstructure:"mqtt-tls"`
 }
 
 // cosmos-sdk wide global singleton
@@ -63,6 +65,7 @@ func DefaultConfig() *Config {
 		MqttPort:         1885,
 		MqttUser:         "user",
 		MqttPassword:     "password",
+		MqttTls:          true,
 	}
 }
 
diff --git a/monitor/mqtt_monitor.go b/monitor/mqtt_monitor.go
index c3830b5..410a2fd 100644
--- a/monitor/mqtt_monitor.go
+++ b/monitor/mqtt_monitor.go
@@ -1,6 +1,7 @@
 package monitor
 
 import (
+	"crypto/tls"
 	"math/rand"
 	"net"
 	"strconv"
@@ -51,11 +52,19 @@ func LazyLoadMonitorMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTls {
+		uri = "ssl://" + hostPort
+	}
 
 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress + "-monitor")
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTls {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MonitorMQTTClient = mqtt.NewClient(opts)
 }
 
diff --git a/util/mqtt.go b/util/mqtt.go
index 111968b..934da4e 100644
--- a/util/mqtt.go
+++ b/util/mqtt.go
@@ -1,6 +1,7 @@
 package util
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"net"
 	"strconv"
@@ -42,11 +43,19 @@ func LazyLoadMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTls {
+		uri = "ssl://" + hostPort
+	}
 
 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress)
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTls {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MQTTClient = mqtt.NewClient(opts)
 }