From b45c381b3b044f880a74eda3446449d86f316d58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20Eckel?= <eckelj@users.noreply.github.com>
Date: Wed, 24 Apr 2024 14:59:17 +0200
Subject: [PATCH 1/2] TLS support for planetmint (#381)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* added TSL support for mqtt
* added configuration value mqtt-tls (bool) to support tls and non-tls connections (testing)


Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
---
 config/config.go        | 3 +++
 monitor/mqtt_monitor.go | 9 +++++++++
 util/mqtt.go            | 9 +++++++++
 3 files changed, 21 insertions(+)

diff --git a/config/config.go b/config/config.go
index 282c52c..c726e3f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -23,6 +23,7 @@ mqtt-domain = "{{ .PlmntConfig.MqttDomain }}"
 mqtt-port = {{ .PlmntConfig.MqttPort }}
 mqtt-user = "{{ .PlmntConfig.MqttUser }}"
 mqtt-password = "{{ .PlmntConfig.MqttPassword }}"
+mqtt-tls = "{{ .PlmntConfig.MqttTLS }}"
 
 `
 
@@ -40,6 +41,7 @@ type Config struct {
 	MqttPort         int    `json:"mqtt-port"         mapstructure:"mqtt-port"`
 	MqttUser         string `json:"mqtt-user"         mapstructure:"mqtt-user"`
 	MqttPassword     string `json:"mqtt-password"     mapstructure:"mqtt-password"`
+	MqttTLS          bool   `json:"mqtt-tls"          mapstructure:"mqtt-tls"`
 }
 
 // cosmos-sdk wide global singleton
@@ -63,6 +65,7 @@ func DefaultConfig() *Config {
 		MqttPort:         1885,
 		MqttUser:         "user",
 		MqttPassword:     "password",
+		MqttTLS:          true,
 	}
 }
 
diff --git a/monitor/mqtt_monitor.go b/monitor/mqtt_monitor.go
index c3830b5..6029788 100644
--- a/monitor/mqtt_monitor.go
+++ b/monitor/mqtt_monitor.go
@@ -1,6 +1,7 @@
 package monitor
 
 import (
+	"crypto/tls"
 	"math/rand"
 	"net"
 	"strconv"
@@ -51,11 +52,19 @@ func LazyLoadMonitorMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTLS {
+		uri = "ssl://" + hostPort
+	}
 
 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress + "-monitor")
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTLS {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MonitorMQTTClient = mqtt.NewClient(opts)
 }
 
diff --git a/util/mqtt.go b/util/mqtt.go
index 111968b..a288235 100644
--- a/util/mqtt.go
+++ b/util/mqtt.go
@@ -1,6 +1,7 @@
 package util
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"net"
 	"strconv"
@@ -42,11 +43,19 @@ func LazyLoadMQTTClient() {
 	conf := config.GetConfig()
 	hostPort := net.JoinHostPort(conf.MqttDomain, strconv.FormatInt(int64(conf.MqttPort), 10))
 	uri := "tcp://" + hostPort
+	if conf.MqttTLS {
+		uri = "ssl://" + hostPort
+	}
 
 	opts := mqtt.NewClientOptions().AddBroker(uri)
 	opts.SetClientID(conf.ValidatorAddress)
 	opts.SetUsername(conf.MqttUser)
 	opts.SetPassword(conf.MqttPassword)
+	if conf.MqttTLS {
+		tlsConfig := &tls.Config{}
+		opts.SetTLSConfig(tlsConfig)
+	}
+
 	MQTTClient = mqtt.NewClient(opts)
 }
 

From 937104b3cd0a08a5943b359fd1bc2012de43ff85 Mon Sep 17 00:00:00 2001
From: Julian Strobl <jmastr@mailbox.org>
Date: Thu, 25 Apr 2024 13:50:22 +0200
Subject: [PATCH 2/2] fix: mqtt default config (#382)

* fix: mqtt-tls in default config template

- panic: json: cannot unmarshal string into Go struct field
  Config.mqtt-tls of type bool

* fix: default mqtt port

- since MqttTLS is set to true by default we need to use the mqtts port
  as well.

  panic: network Error : EOF

Signed-off-by: Julian Strobl <jmastr@mailbox.org>
---
 config/config.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/config/config.go b/config/config.go
index c726e3f..a54d205 100644
--- a/config/config.go
+++ b/config/config.go
@@ -23,8 +23,7 @@ mqtt-domain = "{{ .PlmntConfig.MqttDomain }}"
 mqtt-port = {{ .PlmntConfig.MqttPort }}
 mqtt-user = "{{ .PlmntConfig.MqttUser }}"
 mqtt-password = "{{ .PlmntConfig.MqttPassword }}"
-mqtt-tls = "{{ .PlmntConfig.MqttTLS }}"
-
+mqtt-tls = {{ .PlmntConfig.MqttTLS }}
 `
 
 // Config defines Planetmint's top level configuration
@@ -62,7 +61,7 @@ func DefaultConfig() *Config {
 		RPCWallet:        "rpcwallet",
 		ValidatorAddress: "plmnt1w5dww335zhh98pzv783hqre355ck3u4w4hjxcx",
 		MqttDomain:       "testnet-mqtt.rddl.io",
-		MqttPort:         1885,
+		MqttPort:         1886,
 		MqttUser:         "user",
 		MqttPassword:     "password",
 		MqttTLS:          true,