Sending a message to a remote broker using a pem-certificate - node.js

I'm writing a script to get some sensor-data using MQTT, transform the incoming value is a specific way and forward it to a cloud which uses an encrypted communication.
The script runs on RaspberryPi 3 (Raspbian) where Mosquitto runs as MQTT-broker ( The sensors send the data to this broker)
So far I get the information from the the sensors and I can transform the content like desired.
The problem is when I try to connect to the remote broker, I got following error-message
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Error (native)
at Object.createSecureContext (_tls_common.js:67:17)
at Object.TLSSocket._init.ssl.onclienthello.ssl.oncertcb.exports.connect (_tls_wrap.js:1015:46)
at Object.buildBuilder (/home/pi/node_modules/mqtt/lib/connect/tls.js:13:20)
at MqttClient.wrapper [as streamBuilder] (/home/pi/node_modules/mqtt/lib/connect/index.js:135:36)
at MqttClient._setupStream (/home/pi/node_modules/mqtt/lib/client.js:246:22)
at new MqttClient (/home/pi/node_modules/mqtt/lib/client.js:227:8)
at Object.connect (/home/pi/node_modules/mqtt/lib/connect/index.js:138:10)
at Object.<anonymous> (/home/pi/GATT_server/MQTT_module.js:3:25)
I have tried to configure Mosquitto as MQTT-bridge to use the config-file and it looks like it'd work (There are no error messages when the service is restarted).
The problem when I use Mosquitto as a bridge the script can't subscribe to the topics published by the sensors.
I'm not familiar with those certificates but from reading the doc of the file 'client-options.cs' I wrote following lines:
var mqtt = require('mqtt')
var client = mqtt.connect('mqtt://localhost', 'port:1883');
var remoteBroker = mqtt.connect('mqtts://xxx.xxx.io',
{port:8883,
protocol:'ssl',
username:'username',
password:'123password123',
cert:'/etc/mosquitto/certs/ca.pem'} );
/*....
.... many lines later
....*/
remoteBroker.publish(topicToUseOnRemoteMqttBroker, PayloadToForward);
Am I doing it right? Or did I miss something?
If the certificate is OK for the Mosquitto-Bridge it should be OK for the remote broker, too. - Is that right?
If you have additional links/papers about this topic - I like to learn ;P
Google gave me so many information - I don't know where to start :(

The entry for the cert should not be the path to the certificate file, but the actual cert it's self. You need to read the file in and pass that.
Somethings like this:
var remoteBroker = mqtt.connect('mqtts://xxx.xxx.io',
{port:8883,
protocol: 'ssl',
username: 'username',
password: '123password123',
cert: fs.readFileSync('/etc/mosquitto/certs/ca.pem')} );

Related

Broker Transport Failure while connection to kafka producer

From Node.js application I am trying to connect to Apache Kafka broker using node-rdkafka client .Since the kafka broker lists are SSL enabled hence configuring the node-rdkafka producer with ssl options as below :
I have already tried with different valid certificates and keys tried adding CA also using the option ssl.ca.certificate:<CA-location>
but still no luck.
Searched in librdkafka github page and found one similar issue where is the proposed solution was to use api.verison.request:false , tried this also but no luck Still getting the same error
Error: broker transport failure
Tried using another kafka client named no-kafka with the same ssl certificate and keys to connect to the same broker lists and able to establish the connection .
We have to use node-rdkafka only.
The producer configuration using node-rdkafka :
var producer = new Kafka.Producer({
'debug':'All',
'metadata.broker.list': 'comma separated list of ssl enabled broker hosts and port',
'dr_cb': true,
'security.protocol': 'ssl',
'ssl.certificate.location': path.join(__dirname, 'server.crt'),
'ssl.key.location': path.join(__dirname, 'server.key'),
'ssl.ca.location' : path.join(__dirname,'DigiCertSHA2SecureServerCA-int.cer'),
});
I expect a SUCCESS MESSAGE saying connection set up, but the actual result is Error : Broker transport Failure

Host resolution error while using node-rdkafka

I'm running node-rdkafka as a Node.js application. The consumer hangs indefinitely without pulling any messages from kafka (works on localhost).
Emits the below error,
{ Error: Local: Host resolution failure
origin: 'local',
message: 'host resolution failure',
code: -1,
errno: -1,
stack: 'Error: Local: Host resolution failure' }
The application works to the point of receiving data from kafka. The kafka instance is fine, validated by producing and consuming messages using the console.
Any help with debugging why this is occurring is much appreciated.
Sample consumer code here - https://github.com/Blizzard/node-rdkafka/blob/master/examples/consumer-flow.md
This issue happens due to the different networks of your client and broker.
The simple hack is to make host entry of advertised.listeners
For example,
advertised.listeners=PLAINTEXT://kafka:9092
Then add an entry in /etc/hosts with your kafka-broker-IP. For e.g. kafka-borker-IP is 192.168.1.1
192.168.1.1 kafka
You can use kafkacat utility to check your broker's IP.
kafkacat -b kafka:9092 -L
It will return metadata about the brokers.
You need to check that returned broker's IP is reachable or not from your machine.
For a better understanding of this issue.
You can refer https://www.confluent.io/blog/kafka-listeners-explained/
I had this exact problem when running kafka locally using the quick start instructions from https://kafka.apache.org/quickstart
For me, adding the following two lines to config/server.properties before starting kafka-server has solved the issue -
listeners=PLAINTEXT://localhost:9092
advertised.listeners=PLAINTEXT://localhost:9092

How do I roll-back a message to Amazon MQ (AMQ) from Lambda?

So, I assume this relates to any Node.js and Active MQ installation but I am using Amazon MQ with Node.js Lambda...
Kind of a noob on ActiveMQ so please correct me where I am wrong!
After reading a message from a queue using stompit I continue processing the message and it shall then be sent over HTTPS to another server.
There is some message validation and enrichment happening on the way to the HTTPS POST, and of course the POST itself can result in an error.
How would I (best) handle a roll-back of the message in case of an error:
1) Keep the connection open and not send client.ack() until I finally got a HTTP 200 back from remote server?
2) Keep the message in a variable and put it back in case of error (sequence doesn't matter?
3) Use something other than stomp?
It is apparently not possible using STOMP so I've changed the code to use the library ampq10 instead.
import amqp10 from 'amqp10';
const AMQPClient = amqp10.Client;
const amqpClient = new AMQPClient({
receiverLink: {
attach: {
rcvSettleMode: amqp10.Constants.receiverSettleMode.settleOnDisposition
},
creditQuantum: 1
}
});
This will allow you to do a receiver.accept(message); if successfully handling the message. If you just .disconnect() whitout an .accept() the message will not be removed from the queue.

Trouble connecting NodeMCU to Microsoft Azure IoT Hub

I am trying to connect my ESP8266, running the latest NodeMCU build, to a Microsoft Azure IoT Hub via MQTT Protocol.
It appears that this is possible, as it is shown here...
http://thinglabs.io/workshop/esp8266/sending-d2c-messages/
I am using the correct syntax as far as I can see from the MS Azure help...
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support
Unlike the example in ThingLabs, which creates a SAS token using NodeMCU, I have followed the MS document and generated a SAS token using the Device Explorer, for testing purposes.
My LUA code is as follows...
-- Create variables
DEVICE = "testdevice"
IOTHUB = "mynewiothub.azure-devices.net"
PORT = 8883
USER = IOTHUB.."/"..DEVICE.."/api-version=2016-11-14"
PASS = "SharedAccessSignature sr=mynewiothub.azure-devices.net%2Fdevices%2Ftestdevice&sig=Roa5P8BPiGj...v2Vu%2Bm1j9sas%3D&se=1485704099"
-- Create an MQTT Client
azure = mqtt.Client(DEVICE, 60, USER, PASS)
-- Connect to IoTHub via MQTT
azure:connect(IOTHUB, PORT, 1, 0,
-- Callback for a successful connection
function(client)
print("Connected")
end,
-- Error callback, if connection fails
function(client, reason)
print("Error Connecting: "..reason)
end
)
The response is always Error Connecting: -5 which translates to "There is no broker listening at the specified IP Address and Port".
I suspected that NodeMCU was struggling with the SSL (port 8883) connection. So I ensured that I was able to make HTTPS connections (after verifying the SSL root certificate) with the following code, this worked but did not help.
http.get("https://example.com/info", nil,
function (code, resp)
print(code, resp)
end)
I cannot seem to get this to work! #Marcel Stör - any thoughts?
Many thanks in advance.
I had the same error Error Connecting: -5 , I have set the time on the ESP and it fix this error.
You will find some information about sntp on http://thinglabs.io/workshop/esp8266/sending-d2c-messages/ (as you mention it).

unable to connect to xmpp server using node-xmpp

Im working on getting node-xmpp working with a jabber server we have in house here. I was able to get it working with talk.google.com just fine, and i can connect to our internal server with adium or ichat just fine.
Node v0.6.14
CentOS 6.2 / 2.6.32
node-xmpp 0.3.2
OpenSSL 1.0.0
connect code
var j = new xmpp.Client({
jid : 'user#domain',
password : 'pass',
host : 'chat.domain'
});
After tracing through the code, it seems it gets stuck right after it tries to upgrade the connection to a secure connection. This occurs in starttls.js in the starttls function.
The pair.on('secure') event is never called, and even after i print out pair after a settimeout, its still not appearing to be authorized. At this point i dont see any data in or out.
After a long time sitting there (several minites) it prints out an error that looks like this
throw arguments[1]; // Unhandled 'error' event
^
Error: 139644497663968:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:674:
at CleartextStream._pusher (tls.js:508:24)
at CleartextStream._push (tls.js:334:25)
at SecurePair.cycle (tls.js:734:20)
at EncryptedStream.write (tls.js:130:13)
at Socket.ondata (stream.js:38:26)
at Socket.emit (events.js:67:17)
at TCP.onread (net.js:367:14)
The server is using a self signed cert if that matters.
Any ideas?
Thanks!
This looks like you're sending a TLS handshake when the server isn't expecting it, so the server isn't sending its handshake back.
One possibility is that you're talking old-style TLS (handshake-first) to a server that implements start-TLS. In your real code, are you setting the legacySSL parameter? Are you sure you're talking to an XMPP server on the target box?
A wireshark trace would give us the data to be able to tell for sure.
I was experiencing the same issue: connection hangs while trying to perform a TLS handshake with one particular Openfire XMPP server installation (though others worked fine).
After nearly losing my mind, I ended up modifying starttls.js that ships with node-xmpp to use tls.connect() and forcing SSLv3 and to my surprise it worked.
Gist here: https://gist.github.com/jamescoletti/6591173
Hope this is useful to someone.

Resources