Skip to content

Commit

Permalink
Merge pull request #1645 from samson0v/master
Browse files Browse the repository at this point in the history 
Fixed TLS + Access Token connection type
  • Loading branch information
@imbeacon
imbeacon authored Jan 9, 2025
2 parents 0595670 + be30caa commit 392b09d
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 32 deletions.
61 changes: 29 additions & 32 deletions thingsboard_gateway/gateway/tb_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,30 +166,7 @@ def _create_mqtt_client(self, credentials):
else:
self.__client_id = str(credentials["clientId"])

rate_limits_config = {}
if self.__config.get('messagesRateLimits'):
rate_limits_config['messages_rate_limit'] = self.__config['messagesRateLimits']
if self.__config.get('telemetryRateLimits'):
rate_limits_config['telemetry_rate_limit'] = self.__config['rateLimits']
if self.__config.get('telemetryDpRateLimits'):
rate_limits_config['telemetry_dp_rate_limit'] = self.__config['dpRateLimits']

if self.__config.get('deviceMessagesRateLimits'):
rate_limits_config['device_messages_rate_limit'] = self.__config['deviceMessagesRateLimits']
if self.__config.get('deviceTelemetryRateLimits'):
rate_limits_config['device_telemetry_rate_limit'] = self.__config['deviceRateLimits']
if self.__config.get('deviceTelemetryDpRateLimits'):
rate_limits_config['device_telemetry_dp_rate_limit'] = self.__config['deviceDpRateLimits']

if 'rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters:
rate_limits_config = {}
if self.__config.get('rateLimits'):
rate_limits_config['rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config.get(
'rateLimits') == 'DEFAULT_TELEMETRY_RATE_LIMIT' else self.__config['rateLimits']
if ('dp_rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters and
self.__config.get('dpRateLimits')):
rate_limits_config['dp_rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config[
'dpRateLimits'] == 'DEFAULT_TELEMETRY_DP_RATE_LIMIT' else self.__config['dpRateLimits']
rate_limits_config = self.__get_rate_limit_config()

if rate_limits_config:
self.client = TBGatewayMqttClient(self.__host, self.__port, self.__username, self.__password, self,
Expand Down Expand Up @@ -225,14 +202,6 @@ def _create_mqtt_client(self, credentials):
cert_required = CERT_REQUIRED if (self.__ca_cert and
self.__cert) else ssl.CERT_OPTIONAL if self.__cert else ssl.CERT_NONE

# if self.__ca_cert is None:
# self.__logger.info("CA certificate is not provided. Using system CA certificates.")
# self.__ca_cert = TBUtility.get_path_to_ca_certificates()
# if self.__ca_cert is None:
# self.__logger.error("CA certificate is not provided and system CA certificates are not found. "
# "Will not be able to verify the server. You can set caCert in the configuration.")
# cert_required = ssl.CERT_NONE

self.client._client.tls_set(ca_certs=self.__ca_cert,
certfile=self.__cert,
keyfile=self.__private_key,
Expand All @@ -244,6 +213,34 @@ def _create_mqtt_client(self, credentials):
if self.__logger.isEnabledFor(10):
self.client._client.enable_logger(self.__logger) # noqa pylint: disable=protected-access

def __get_rate_limit_config(self):
rate_limits_config = {}
if self.__config.get('messagesRateLimits'):
rate_limits_config['messages_rate_limit'] = self.__config['messagesRateLimits']
if self.__config.get('telemetryRateLimits'):
rate_limits_config['telemetry_rate_limit'] = self.__config['rateLimits']
if self.__config.get('telemetryDpRateLimits'):
rate_limits_config['telemetry_dp_rate_limit'] = self.__config['dpRateLimits']

if self.__config.get('deviceMessagesRateLimits'):
rate_limits_config['device_messages_rate_limit'] = self.__config['deviceMessagesRateLimits']
if self.__config.get('deviceTelemetryRateLimits'):
rate_limits_config['device_telemetry_rate_limit'] = self.__config['deviceRateLimits']
if self.__config.get('deviceTelemetryDpRateLimits'):
rate_limits_config['device_telemetry_dp_rate_limit'] = self.__config['deviceDpRateLimits']

if 'rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters:
rate_limits_config = {}
if self.__config.get('rateLimits'):
rate_limits_config['rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config.get(
'rateLimits') == 'DEFAULT_TELEMETRY_RATE_LIMIT' else self.__config['rateLimits']
if ('dp_rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters and
self.__config.get('dpRateLimits')):
rate_limits_config['dp_rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config[
'dpRateLimits'] == 'DEFAULT_TELEMETRY_DP_RATE_LIMIT' else self.__config['dpRateLimits']

return rate_limits_config

def __get_path_to_cert(self, filename):
if exists(self.__config_folder_path + filename):
return self.__config_folder_path + filename
Expand Down
15 changes: 15 additions & 0 deletions thingsboard_gateway/tb_utility/tb_gateway_remote_configurator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -750,6 +750,9 @@ def _apply_connection_config(self, config) -> bool:

previous_rate_limits = self._gateway.tb_client.get_rate_limits()

# check if security type is tlsAccessToken
config = self.__check_and_process_tls_access_token(config)

while not self._gateway.stopped and not connection_state:
self._gateway.__subscribed_to_rpc_topics = False
if use_new_config:
Expand Down Expand Up @@ -783,6 +786,18 @@ def _apply_connection_config(self, config) -> bool:
self._revert_connection()
return False

def __check_and_process_tls_access_token(self, config):
if config.get('security', {}).get('type') == 'tlsAccessToken':
cert_content = config['security']['caCert']

ca_cert_path = self._gateway.get_config_path() + 'ca.pem'
with open(ca_cert_path, 'w') as file:
file.write(cert_content)

config['security']['caCert'] = ca_cert_path

return config

def _revert_connection(self):
try:
self.__log.warning("Remote general configuration will be restored.")
Expand Down

0 comments on commit 392b09d

Please sign in to comment.