Versions Compared

Version Old Version 22 New Version 23
Changes made by

Martin Pandola

Matthew Walowski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
from __future__ import print_function
import sys
import ssl
import time
import datetime
import logging, traceback
import paho.mqtt.client as mqtt
IoT_protocol_name = "clearblade_mqtt_mtls"
cb_iot_endpoint = "<CLEARBLADE_URL>" # For example test.clearblade.com
cert = "<DEVICE_CERTIFICATE_FILE>"
private = "<DEVICE_PRIVATE_KEY_FILE>"
username = '{"name": "device-1"}'
password = "<SYSTEM_KEY>"
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
handler = logging.StreamHandler(sys.stdout)
log_format = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler.setFormatter(log_format)
logger.addHandler(handler)
def ssl_alpn():
    try:
        #debug print opnessl version
        logger.info("open ssl version:{}".format(ssl.OPENSSL_VERSION))
        ssl_context = ssl.create_default_context()
        ssl_context.set_alpn_protocols([IoT_protocol_name])
        ssl_context.load_cert_chain(certfile=cert, keyfile=private)
        return  ssl_context
    except Exception as e:
        print("exception ssl_alpn()")
        raise e
if __name__ == '__main__':
    topic = "test/date"
    try:
        mqttc = mqtt.Client(client_id="<CLIENT_ID>")
        ssl_context= ssl_alpn()
        mqttc.tls_set_context(context=ssl_context)
        mqttc.username_pw_set(username=username, password=password)
        logger.info("start connect")
        mqttc.connect(cb_iot_endpoint, port=444)
        logger.info("connect success")
        mqttc.loop_start()
        while True:
            now = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%S')
            logger.info("try to publish:{}".format(now))
            mqttc.publish(topic, now)
            time.sleep(1)
    except Exception as e:
        logger.error("exception main()")
        logger.error("e obj:{}".format(vars(e)))
        logger.error("message:{}".format(e.message))
        traceback.print_exc(file=sys.stdout)

Shared Access Token Signature

Devices may authenticate using a shared access token signature.

Requirements

The shared access token should follow the signature outlined here. The token should not include a shared access policy and the resource URI should have the following form: <broker-domain>/devices/<system_key>::<device_name>.

Devices using the azure SDK can be made to generate this format of token by setting the connection string as follows:

Code Block
"HostName=yourdomain.clearblade.com;DeviceId=YourSystemKey::YourDeviceName;SharedAccessKey=YourKey"

The shared access key that the token is generated from must be uploaded to the platform using the following APIs.

APIs

/admin/devices/private_keys/<SYSTEM_KEY>/<DEVICE_NAME>

GET and DELETE support. Admin only.

PUT:

Body required:

Code Block
{"key_type": "shared_access_token", "private_key": "contents of base64 encoded shared access token"}

Returns the key on success

Authentication

When sending a connect packet to the broker, the password must be the shared access token.