CN110881041A - Connection method, MQTT client and MQTT server - Google Patents

Connection method, MQTT client and MQTT server Download PDF

Info

Publication number
CN110881041A
CN110881041A CN201911192732.4A CN201911192732A CN110881041A CN 110881041 A CN110881041 A CN 110881041A CN 201911192732 A CN201911192732 A CN 201911192732A CN 110881041 A CN110881041 A CN 110881041A
Authority
CN
China
Prior art keywords
server
client
mqtt
socket connection
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911192732.4A
Other languages
Chinese (zh)
Inventor
陈锦亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Priority to CN201911192732.4A priority Critical patent/CN110881041A/en
Publication of CN110881041A publication Critical patent/CN110881041A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a connecting method, which comprises the following steps: the user sends the psk handshake authentication information to the server through the client to perform handshake authentication; after the authentication is successful, the server side sends a server side exchange secret key to the client side; the client generates socket connection information according to the server exchange secret key and sends the socket connection information to the server; and the server receives and stores the socket connection information to complete the connection between the client and the server. In the technical scheme of the invention, on the basis of realizing the psk connection authentication mode of the http protocol in the java bouncycastle third-party library, the method is realized by modifying the source code establishing the socket connection in the MQTT Paho library, and the related test of message publishing and subscribing can be carried out after the connection is successful.

Description

Connection method, MQTT client and MQTT server
Technical Field
The invention relates to the field of communication of the Internet of things, in particular to a method for connecting a client side and a server side of MQTT, the MQTT client side and the MQTT server side.
Background
1) The psk is a key exchange and authentication mode of a symmetric algorithm, and the authentication mode is used on the MQTT instead. Then, in the testing process of the MQTT, the connection between the java application and the MQTT server needs to be realized first.
2) The existing various third-party libraries only provide an authentication mode for establishing the psk by the http protocol and have no extensible interface.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art or the related art.
Therefore, the invention aims to provide a connection method of a client side and a server side of MQTT, the MQTT client side and the MQTT server side, which can realize the establishment of psk connection between the Java MQTT client side and the MQTT browser for the purpose of carrying out automatic testing after the MQTT adopts a psk authentication mode.
In order to achieve the above object, a technical solution of a first aspect of the present invention provides a method for connecting a client and a server of MQTT, including the following steps:
the user sends the psk handshake authentication information to the server through the client to perform handshake authentication;
after the authentication is successful, the server side sends a server side exchange secret key to the client side;
the client generates socket connection information according to the server exchange secret key and sends the socket connection information to the server;
and the server receives and stores the socket connection information to complete the connection between the client and the server.
The technical scheme is that on the basis of a psk connection authentication mode of an http protocol in a java bouncycastle third-party library, the authentication is realized by modifying a source code for establishing socket connection in an MQTT Paho library, after the connection is successful, related tests of message publishing and subscription can be carried out, a worker does not need to write a large amount of codes, and only needs to download the source code of the MQTT Paho library and modify the code of the part for establishing the socket connection: the functions can be realized by performing the psk authentication before the connection is established, so that the workload of a writer is reduced, and the method is easy to realize.
The technical solution of the second aspect of the present invention provides an MQTT client, including: the client Psk authentication module is configured to send psk handshake authentication information to the server for handshake authentication; the Socket connection module is arranged for generating Socket connection information according to the server side exchange secret key and sending the Socket connection information to the server side; and the client connection confirmation module is used for confirming whether the connection with the server is completed.
The MQTT client is realized by modifying a source code for establishing socket connection in an MQTT Paho library on the basis of a psk connection authentication mode of an http protocol in a java bouncycastle third-party library, and after the connection is successful, the related test of message publishing and subscription can be performed, so that a worker only needs to download the source code of the MQTT Paho library and modify the code of the part for establishing the socket connection without compiling a large amount of codes: the functions can be realized by performing the psk authentication before the connection is established, so that the workload of a writer is reduced, and the method is easy to realize.
The technical solution of the third aspect of the present invention provides an MQTT server, including: the server Psk authentication module is configured to generate a server exchange key and send the server exchange key to the client; and the server side connection confirmation module is used for confirming whether the connection with the client side is completed.
In any of the above technical solutions, preferably, the socket connection information includes at least one of a user name, a password, a server URI, a topic, and a client id.
In any one of the above technical solutions, preferably, the psk handshake authentication information and the server side exchange key are fixed character strings.
In any of the above technical solutions, preferably, the socket connection information includes ip information and interface information.
In any of the above technical solutions, preferably, the client is a client written based on the mqtt paho library source code.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 illustrates a functional block diagram of a connection method according to an embodiment of the present invention;
FIG. 2 shows a block flow diagram of a connection method according to an embodiment of the invention;
FIG. 3 is a block diagram of an MQTT client according to an embodiment of the invention;
fig. 4 shows a block diagram of the MQTT server according to the embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited to the specific embodiments disclosed below.
The following describes a connection method of a client and a server of MQTT, an MQTT client and an MQTT server according to some embodiments of the present invention with reference to fig. 1 to 4.
The technical scheme is realized by modifying a source code for establishing socket connection in an MQTT Paho library on the basis of a psk connection authentication mode of an http protocol in a java bouncycastle third-party library. On the basis that tls and ssl connection of mqtt is completed by a java class library org, eclipse and paho is not found in a third-party source code library of java and python, codes of an mqtt connection mode of psk authentication are added, and source codes need to be modified at a place where a socket is created; in addition, it has been implemented to establish tls-psk connections over the http protocol, but not the mqtt protocol.
As shown in fig. 1 and fig. 2, the method for connecting the MQTT client and the server according to an embodiment of the present invention includes the following steps:
s10, the user sends the psk handshake authentication information to the server through the client to perform handshake authentication;
s20, after the authentication is successful, the server sends a server exchange secret key to the client;
s30, the client generates socket connection information according to the server exchange secret key and sends the socket connection information to the server;
and S40, the server receives and stores the socket connection information, and the connection between the client and the server is completed.
In this embodiment, the psk authentication is performed before the connection between the client and the server of the MQTT is established in a socket manner, first, psk handshake authentication information pskidentify (client key exchange key, in this embodiment, a fixed value) is sent to the server to perform handshake authentication, after the handshake authentication is successful, the server returns a string of psk identity _ hit (server key exchange secret key value) to the server, and after the server and the client exchange key authentication is successful, the connection is performed in a socket manner.
As shown in fig. 3, an MQTT client 10 according to another embodiment of the present invention includes:
the client Psk authentication module 11 is configured to send psk handshake authentication information to the server for handshake authentication;
the Socket connection module 12 is configured to generate Socket connection information according to the server exchange key, and send the Socket connection information to the server;
and the client connection confirmation module 13 is configured to confirm whether the connection with the server is completed.
The MQTT client is realized by modifying a source code for establishing socket connection in an MQTT Paho library on the basis of a psk connection authentication mode of an http protocol in a java bouncycastle third-party library, and after the connection is successful, the related test of message publishing and subscription can be performed, so that a worker only needs to download the source code of the MQTT Paho library and modify the code of the part for establishing the socket connection without compiling a large amount of codes: the functions can be realized by performing the psk authentication before the connection is established, so that the workload of a writer is reduced, and the method is easy to realize.
As shown in fig. 4, the MQTT server 20 according to another embodiment of the present invention includes:
the server Psk authentication module 21 is configured to generate a server exchange key and send the server exchange key to the client;
a server connection confirmation module 22 configured to confirm whether the connection with the client is completed.
In this embodiment, in the process of establishing a connection between the MQTT client and the MQTT server, a tlssclientprotocol, a psk authentication client, a tlspsclient, and a new socket are newly established, and the specific steps are as follows: firstly, downloading the mqtt paho library source codes, and then modifying codes for establishing a socket connection part in the mqtt paho library source codes: performing psk authentication before establishing connection; the tlsClientProtocol adds a psk handshake authentication on the original socket: firstly, sending a pskIdentity (client key exchange key, a fixed value in the case) to a server for handshake authentication, and after the handshake authentication is successful, the server returns a psk _ identity _ hit (server key exchange secret key value) character string; after the server and the client exchange secret key authentication successfully, the server and the client are connected in a socket mode; changing the socket.connection () in the code establishing the socket connection part into TlsClientProtocol.connection (); after the connection is successful, the relevant test of the message publishing and subscribing can be carried out.
In any of the above embodiments, preferably, the socket connection information includes at least one of a user name, a password, a server URI, a topic, and a client id.
In any of the foregoing embodiments, preferably, the psk handshake authentication information and the server exchange key are fixed character strings.
In any of the above embodiments, preferably, the socket connection information includes ip information and interface information.
In any of the above embodiments, preferably, the client is a client written based on the mqtt paho library source code.
Compared with the prior art, the connection method, the MQTT client and the MQTT server provided by the invention have the following advantages that: the MQTT client is realized by modifying a source code for establishing socket connection in an MQTT Paho library on the basis of a psk connection authentication mode of an http protocol in a java bouncycastle third-party library, and after the connection is successful, the related test of message publishing and subscription can be performed, so that a worker only needs to download the source code of the MQTT Paho library and modify the code of the part for establishing the socket connection without compiling a large amount of codes: the functions can be realized by performing the psk authentication before the connection is established, so that the workload of a writer is reduced, and the method is easy to realize.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. A method for connecting a client side and a server side of MQTT is characterized by comprising the following steps:
the user sends the psk handshake authentication information to the server through the client to perform handshake authentication;
after the authentication is successful, the server side sends a server side exchange secret key to the client side;
the client generates socket connection information according to the server exchange secret key and sends the socket connection information to the server;
and the server receives and stores the socket connection information to complete the connection between the client and the server.
2. The connecting method according to claim 1, characterized in that: the socket connection information comprises at least one of a user name, a password, a server URI, a topic and a client id.
3. The connecting method according to claim 1 or 2, characterized in that: and the psk handshake authentication information and the server side exchange secret key are fixed character strings.
4. The connecting method according to claim 1 or 2, characterized in that: the socket connection information includes ip information and interface information.
5. The connecting method according to claim 1 or 2, characterized in that: the client is written based on the mqtt paho library source code.
6. An MQTT client, comprising:
the client Psk authentication module is configured to send psk handshake authentication information to the server for handshake authentication;
the Socket connection module is arranged for generating Socket connection information according to the server side exchange secret key and sending the Socket connection information to the server side;
and the client connection confirmation module is used for confirming whether the connection with the server is completed.
7. The MQTT client of claim 6, wherein: the socket connection information comprises at least one of a user name, a password, a server URI, a topic and a client id; and/or
The psk handshake authentication information is a fixed character string; and/or
The socket connection information includes ip information and interface information.
8. The MQTT client of claim 6, wherein: the MQTT client is a client written based on the mqttpaho library source code.
9. An MQTT server, comprising:
the server Psk authentication module is configured to generate a server exchange key and send the server exchange key to the client;
and the server side connection confirmation module is used for confirming whether the connection with the client side is completed.
CN201911192732.4A 2019-11-28 2019-11-28 Connection method, MQTT client and MQTT server Pending CN110881041A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911192732.4A CN110881041A (en) 2019-11-28 2019-11-28 Connection method, MQTT client and MQTT server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911192732.4A CN110881041A (en) 2019-11-28 2019-11-28 Connection method, MQTT client and MQTT server

Publications (1)

Publication Number Publication Date
CN110881041A true CN110881041A (en) 2020-03-13

Family

ID=69730305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911192732.4A Pending CN110881041A (en) 2019-11-28 2019-11-28 Connection method, MQTT client and MQTT server

Country Status (1)

Country Link
CN (1) CN110881041A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112905454A (en) * 2021-02-04 2021-06-04 郑州信大捷安信息技术股份有限公司 MQTT service testing system and method

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530238A (en) * 2014-10-20 2016-04-27 塔塔咨询服务有限公司 A computer implemented system and method for secure session establishment and encrypted exchange of data
US20160301695A1 (en) * 2015-04-07 2016-10-13 Tyco Fire & Security Gmbh Machine-to-Machine and Machine to Cloud End-to-End Authentication and Security
US20160366111A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, Apparatus and Method for Managing Lifecycle of Secure Publish-Subscribe System
CN108282396A (en) * 2018-02-13 2018-07-13 湖南快乐阳光互动娱乐传媒有限公司 Multi-level message broadcasting method and system in IM (instant Messaging) cluster
CN108599939A (en) * 2018-04-25 2018-09-28 新华三技术有限公司 a kind of authentication method and device
CN109150703A (en) * 2018-08-23 2019-01-04 北方工业大学 Intelligent cloud gateway for industrial Internet of things and communication method thereof
CN109347809A (en) * 2018-09-25 2019-02-15 北京计算机技术及应用研究所 A kind of application virtualization safety communicating method towards under autonomous controllable environment
US20190156019A1 (en) * 2017-11-22 2019-05-23 Aeris Communications, Inc. Secure authentication of devices for internet of things
CN109905409A (en) * 2019-04-10 2019-06-18 上海上实龙创智慧能源科技股份有限公司 Things-internet gateway real time bidirectional communication system based on Socket.IO

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530238A (en) * 2014-10-20 2016-04-27 塔塔咨询服务有限公司 A computer implemented system and method for secure session establishment and encrypted exchange of data
US20160301695A1 (en) * 2015-04-07 2016-10-13 Tyco Fire & Security Gmbh Machine-to-Machine and Machine to Cloud End-to-End Authentication and Security
US20160366111A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, Apparatus and Method for Managing Lifecycle of Secure Publish-Subscribe System
US20190156019A1 (en) * 2017-11-22 2019-05-23 Aeris Communications, Inc. Secure authentication of devices for internet of things
CN108282396A (en) * 2018-02-13 2018-07-13 湖南快乐阳光互动娱乐传媒有限公司 Multi-level message broadcasting method and system in IM (instant Messaging) cluster
CN108599939A (en) * 2018-04-25 2018-09-28 新华三技术有限公司 a kind of authentication method and device
CN109150703A (en) * 2018-08-23 2019-01-04 北方工业大学 Intelligent cloud gateway for industrial Internet of things and communication method thereof
CN109347809A (en) * 2018-09-25 2019-02-15 北京计算机技术及应用研究所 A kind of application virtualization safety communicating method towards under autonomous controllable environment
CN109905409A (en) * 2019-04-10 2019-06-18 上海上实龙创智慧能源科技股份有限公司 Things-internet gateway real time bidirectional communication system based on Socket.IO

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
MBSE WITH 火龙果工程: "MQTT协议从服务端到客户端详解", 《MBSE WITH 火龙果工程 HTTP://WWW.UML.ORG.CN/XJS/2018041744.ASP》 *
PALMIERI ANDREA: "MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT Brokers", 《2019 IEEE WORLD CONGRESS ON SERVICES (SERVICES)》 *
SHIN SEONGHAN和KOBARA KAZUKUNI: "A Secure MQTT Framework from PUF-based Key Establishment", 《2017 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE (CSCI)》 *
赤云: "1.MQTT协议介绍", 《CSDN HTTPS://BLOG.CSDN.NET/U011124985/ARTICLE/DETAILS/80829246》 *
长安快马: "MQTT和paho(二)socket", 《BBSMAX HTTPS://WWW.BBSMAX.COM/A/KE5JK2Y7DR/》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112905454A (en) * 2021-02-04 2021-06-04 郑州信大捷安信息技术股份有限公司 MQTT service testing system and method
CN112905454B (en) * 2021-02-04 2022-04-08 郑州信大捷安信息技术股份有限公司 MQTT service testing system and method

Similar Documents

Publication Publication Date Title
CN106209726B (en) Mobile application single sign-on method and device
US7281128B2 (en) One pass security
CN110764807B (en) Upgrading method, system, server and terminal equipment
CN109547567B (en) Proxy connection method and device
CN101567893A (en) Method and system for uploading files in WEB application
CN103532982A (en) Wearable device based authorization method, device and system
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
CN113110864B (en) Application program updating method and device and storage medium
CN112800411A (en) Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device
CN105791249A (en) Third-party application processing method, device and system
US10291718B2 (en) Method and apparatus for implementing communication from web page to client
CN115134154B (en) Authentication method, authentication device, method and system for remotely controlling vehicle
CN104767614A (en) Information authentication method and device
CN112087412B (en) Service access processing method and device based on unique token
CN110881041A (en) Connection method, MQTT client and MQTT server
CN106899542B (en) Secure access method, device and system
CN104823410A (en) Parameter configuration system
CN106909505B (en) Remote testing method and device for java-based server operating system
CN114338224B (en) Cross-platform control method and system for intelligent hardware
CN114158046B (en) Method and device for realizing one-key login service
CN114374454A (en) SSH-based remote maintenance method, device and medium for emergency broadcasting device
CN106802832B (en) Jenkins node state management method and device
CN112422566B (en) Remote call processing method and device, storage medium and electronic device
CN110830420A (en) Method and system for verifying short message verification code
CN101467421A (en) Method, apparatuses and computer media for nonce-based authentication scheme comprising indication of session control server's operation mode in authentication request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200313

RJ01 Rejection of invention patent application after publication