TLS support for planetmint (#381)

* added TSL support for mqtt * added configuration value mqtt-tls (bool) to support tls and non-tls connections (testing) Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
2025-06-05 21:56:45 +00:00 · 2024-04-24 14:59:17 +02:00 · 2024-04-24 14:59:17 +02:00 · b45c381b3b
commit b45c381b3b
parent 43d152fcf6
3 changed files with 21 additions and 0 deletions
--- a/config/config.go
+++ b/config/config.go
@ -23,6 +23,7 @@ mqtt-domain = "{{ .PlmntConfig.MqttDomain }}"
 mqtt-port = {{ .PlmntConfig.MqttPort }}
 mqtt-user = "{{ .PlmntConfig.MqttUser }}"
 mqtt-password = "{{ .PlmntConfig.MqttPassword }}"
+mqtt-tls = "{{ .PlmntConfig.MqttTLS }}"

 `

@ -40,6 +41,7 @@ type Config struct {
 	MqttPort         int    `json:"mqtt-port"         mapstructure:"mqtt-port"`
 	MqttUser         string `json:"mqtt-user"         mapstructure:"mqtt-user"`
 	MqttPassword     string `json:"mqtt-password"     mapstructure:"mqtt-password"`
+	MqttTLS          bool   `json:"mqtt-tls"          mapstructure:"mqtt-tls"`
 }

 // cosmos-sdk wide global singleton
@ -63,6 +65,7 @@ func DefaultConfig() *Config {
 		MqttPort:         1885,
 		MqttUser:         "user",
 		MqttPassword:     "password",
+		MqttTLS:          true,
 	}
 }

--- a/monitor/mqtt_monitor.go
+++ b/monitor/mqtt_monitor.go
@ -1,6 +1,7 @@
 package monitor

 import (
+	"crypto/tls"
 	"math/rand"
 	"net"
 	"strconv"
@ -51,11 +52,19 @@ func LazyLoadMonitorMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTLS {
+		uri = "ssl://" + hostPort
+	}

 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress + "-monitor")
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTLS {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MonitorMQTTClient = mqtt.NewClient(opts)
 }

--- a/util/mqtt.go
+++ b/util/mqtt.go
@ -1,6 +1,7 @@
 package util

 import (
+	"crypto/tls"
 	"encoding/json"
 	"net"
 	"strconv"
@ -42,11 +43,19 @@ func LazyLoadMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTLS {
+		uri = "ssl://" + hostPort
+	}

 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress)
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTLS {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MQTTClient = mqtt.NewClient(opts)
 }