From d9cc5e9bdab4bbeb323794cdfb72bec9cfcecb85 Mon Sep 17 00:00:00 2001 From: BJ Dweck Date: Fri, 2 Oct 2020 16:34:30 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + example/Vagrantfile | 87 +++++++++++++++++++++++++++++++++ example/broker/ca.crt | 24 +++++++++ example/broker/ca.key | 30 ++++++++++++ example/broker/ca.srl | 1 + example/broker/client.crt | 22 +++++++++ example/broker/client.csr | 17 +++++++ example/broker/client.key | 27 ++++++++++ example/broker/mosquitto.conf | 9 ++++ example/broker/run-mosquitto.sh | 3 ++ example/broker/server.crt | 22 +++++++++ example/broker/server.csr | 18 +++++++ example/broker/server.key | 27 ++++++++++ example/torch-conf/ca.crt | 24 +++++++++ example/torch-conf/client.crt | 22 +++++++++ example/torch-conf/client.key | 27 ++++++++++ example/torch-conf/torch.conf | 15 ++++++ install-ubuntu2004.sh | 28 +++++++++++ torch-pub.py | 52 ++++++++++++++++++++ torch.conf | 17 +++++++ torch.service | 13 +++++ 21 files changed, 486 insertions(+) create mode 100644 .gitignore create mode 100644 example/Vagrantfile create mode 100644 example/broker/ca.crt create mode 100644 example/broker/ca.key create mode 100644 example/broker/ca.srl create mode 100644 example/broker/client.crt create mode 100644 example/broker/client.csr create mode 100644 example/broker/client.key create mode 100644 example/broker/mosquitto.conf create mode 100755 example/broker/run-mosquitto.sh create mode 100644 example/broker/server.crt create mode 100644 example/broker/server.csr create mode 100644 example/broker/server.key create mode 100644 example/torch-conf/ca.crt create mode 100644 example/torch-conf/client.crt create mode 100644 example/torch-conf/client.key create mode 100644 example/torch-conf/torch.conf create mode 100755 install-ubuntu2004.sh create mode 100644 torch-pub.py create mode 100644 torch.conf create mode 100644 torch.service diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8000dd9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vagrant diff --git a/example/Vagrantfile b/example/Vagrantfile new file mode 100644 index 0000000..da5be42 --- /dev/null +++ b/example/Vagrantfile @@ -0,0 +1,87 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "generic/ubuntu2004" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = true + # + # # Customize the amount of memory on the VM: + # vb.memory = "1024" + # end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + + config.vm.provision "file", source: "~/torch-client/torch.conf", destination: "~/torch/" + config.vm.provision "file", source: "~/torch-client/torch-pub.py", destination: "~/torch/" + config.vm.provision "file", source: "~/torch-client/torch.service", destination: "~/torch/" + config.vm.provision "file", source: "~/torch-client/install-ubuntu2004.sh", destination: "~/torch/" + + config.vm.provision "file", source: "~/torch-client/example/torch-conf", destination: "~/torch-conf" + + config.vm.provision "shell", inline: <<-SHELL + + sudo -- sh -c "echo '192.168.100.2 mqtt.bjdweck.com' >> /etc/hosts" + + cd torch + sudo ./install-ubuntu2004.sh + + sudo cp -f ../torch-conf/* /etc/torch/ + sudo chown -R torch /etc/torch + + sudo systemctl restart torch + + SHELL +end diff --git a/example/broker/ca.crt b/example/broker/ca.crt new file mode 100644 index 0000000..92f4f35 --- /dev/null +++ b/example/broker/ca.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+TCCAuGgAwIBAgIUQtnDzZO24MmJdNOmVP6IDYWZc6kwDQYJKoZIhvcNAQEL +BQAwgYsxCzAJBgNVBAYTAklMMRIwEAYDVQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcM +CUplcnVzYWxlbTEUMBIGA1UECgwLYmpkd2Vjay5jb20xHDAaBgNVBAMME2NhLm1x +dHQuYmpkd2Vjay5jb20xIDAeBgkqhkiG9w0BCQEWEWJqZHdlY2tAZ21haWwuY29t +MB4XDTIwMTAwMTA3NTUyNloXDTI1MDkzMDA3NTUyNlowgYsxCzAJBgNVBAYTAklM +MRIwEAYDVQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcMCUplcnVzYWxlbTEUMBIGA1UE +CgwLYmpkd2Vjay5jb20xHDAaBgNVBAMME2NhLm1xdHQuYmpkd2Vjay5jb20xIDAe +BgkqhkiG9w0BCQEWEWJqZHdlY2tAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAzQHL+3P/y/boB2LU/BBFVbK2wdsBsHkCTDc0EDrrrQ7G +TJ4VQX2lXvWDJyhcb843kXeOux2Gq6y0eK3bkI706syZNY16t2CD/cYOSkWXviYa ++4FlNbG/W+AIx5x5xcM17w60sAiP3uHlZ+K9J6nbmaY7b7PX+22MtaDfq7f/j36H +N+5MW7xRvH1BzPp6R6twShy+8AoTKt78V6jxabVq1aC2kmzqyaL08UjyN5MDmIIL +LCHH9XFiWfr851PC2tkMB45Swbj8ngyFMRt4R6RRpnobWmj8n0R4wIkJkIOsaVD3 +vbwoHgjDJjQtB9NKu40xtEsjW9Lf+xMGZYUi5sEONwIDAQABo1MwUTAdBgNVHQ4E +FgQUlXEvVPtVw5Blc3EhaZvlNNtSPpUwHwYDVR0jBBgwFoAUlXEvVPtVw5Blc3Eh +aZvlNNtSPpUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAvArw +TmpQefmqDe1JzJLlOcDMXfK/wIbwIqDnE5ncvVDyexx6gd+Jdk3ANS9M6p9bawpF +dBIT0xnFGY3bdzeKlx30JgWE/8q8ip/jcu6VJJvoxa49m/SEmzwx7buuG/YAsU4N +y5hwi/vn9YkN15hImYmZ2WJQ1ml0C3zHu5PwAHP0+snwxk8PW1makwHls8JTpgMp +FOp1uLfdffe14siICOwp+wcuNgS+ueN5oJHLl6Z+D68SZfIkz4jyik9lhlnATtOr +IGfp3Jb6v0px5chjpM+LJCImpvZ0PuIs9Uw5wKgHvlMGZwJRjhptK2fH2kEDohoz +4mI3SBL13CKmHndH3Q== +-----END CERTIFICATE----- diff --git a/example/broker/ca.key b/example/broker/ca.key new file mode 100644 index 0000000..3c7a839 --- /dev/null +++ b/example/broker/ca.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F14B332FBF60A303 + +e3rIZ72o2uinOxd5qrM8tNfsD7Ay/RWFlqtcPhcDJFJOf5VHKNrXsH6e4A62y0fF +dWO7attdlHZqEg/i8pLur04M3nqkETTPtl3mt3H8hntA4NtgXumwlD/LgyoJc8kF +LBhjP0g8E+PgkKvcun3QSSeRSoe4WleYvNkfSSkEjplAaIM+pv4c9+LWaLLzf3Hv +elKio52H5Kx84WKDSyN9MRA1ut27ksB1rcw8X8G3gdeFziSExI+ZMwk0ZpnGEp+6 +WuOftStKX2MOT137KvuUO04ZczxGg+DrhC4zmVMLk3FXEm+w3rsadlsCLg1ptVFo +yD1eOpSvIrKCuu0409hhE+nvDX1u7zjF0q9+b5fKMT9246bJlgf1hBctDWMsTdC6 ++jqDNEO3ulCFRWxIziO/AxNDTg/Vfw0p0eHTZU8aAP6AppRiv+XyB5Dm1+sMUAxO +xiJDtVTXSeSx6dZiMHA70qBNCqZLQPhOXx296Q+9KBcz3IqOZSptW+BcbhR5ATlS +e4HC+a9VudcgqH0ZpUe+qMv8TN7DNxV3N6GFNpE6sjerp1AN2/Qpb6sMwVniniAT +b9vpBJXj2lgchgU+riDLufnMXLt9jl6FUeW1YKGsktAcHsfGOm9xpwuhoalh04Fs +TtmxrSDHvAZ40GCA+SSBIRxJRIaCssw050NS1UirQ3vAbRz+mszDVl4NeXa66fgm +jNg2BTvV/Vhzs/TP6NZRWo2H5S1Wkd05+Pg6kbiEaSBBt0uA58LXsmtHdedFwWDV +/DuIMobyp3rx9deZ9WUg9NF8YVsZWMfAn1Vx2D4ta2oVIETjO5jh4eHv1ZjebQoA +W3oQnpGQcpQ5Ai5tg6tPp9euXBKQn7CyggZ6Q82jSuvzeM5GJqxd8FGmN8Iuf30v +HcvvrQMJ7V36o19J3TfccNuSFdtihSqEZQm7qczex/ceVYOE4ZztQNVlSDUcMWHW +R+GL04cF4N4jT/HWsEGp1//pHu8Cu4SerJnqiqIvWsbLycILlf/cBZL+KqQ05K/T +8cFBxIFh5e6pwoGh3pV6vesFSNYwrW/lId3WWYRmiestBVKpgwCGAal37VS+i/FY +BLzQ9kzyO5tI5pcIgaGz7hhnlmjqnrjOvrAVllJImuI7mFNlP3FCtdcJZKY+kK3U +QbCULRyGPh5IbX9oT1XdOvgVUsWRgj4dpwV08GKF+3JzPgCaJjpUlTMIrtAdyCv1 +/gMjA49ufxpMPb55Rp2Dmp8npq+FoNzDBSegBxJdJH5aYzCF2x7gERAE7OliTwDT +7IADHIoD5VoysE08TDdgHLUgp8L2mO6CojsAJfpTinm0nByURc4dFeFhXGmkkEdx ++FP5p4Be/T1m9y5vyLHdnL51mfrDlUlhvHRTRn15YoDRTPrWkwRtLIZEDpwNxjG3 +y1xqsOlL7RfEy7pSM5JqRC1H10Aw6iW1m/UYXWmMjFAyqj4DkT9mEchK15TwhPJ4 +hYQTR+eSi4BHpTEUTkO2ByUBpZ0w9S3ScL5DpD8u+ot7hLLlLR2wVNhgq85up2Lc +36fMZDLMvuotRCUz4d7CTMWx0QwDhrIGt3WmsEQazj0eCm/2XbV+eQ== +-----END RSA PRIVATE KEY----- diff --git a/example/broker/ca.srl b/example/broker/ca.srl new file mode 100644 index 0000000..00cd125 --- /dev/null +++ b/example/broker/ca.srl @@ -0,0 +1 @@ +501405D94F5C467905D00ADEF6B53DD8BA2B864A diff --git a/example/broker/client.crt b/example/broker/client.crt new file mode 100644 index 0000000..12c88b9 --- /dev/null +++ b/example/broker/client.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnoCFFAUBdlPXEZ5BdAK3va1Pdi6K4ZJMA0GCSqGSIb3DQEBCwUAMIGL +MQswCQYDVQQGEwJJTDESMBAGA1UECAwJSmVydXNhbGVtMRIwEAYDVQQHDAlKZXJ1 +c2FsZW0xFDASBgNVBAoMC2JqZHdlY2suY29tMRwwGgYDVQQDDBNjYS5tcXR0LmJq +ZHdlY2suY29tMSAwHgYJKoZIhvcNAQkBFhFiamR3ZWNrQGdtYWlsLmNvbTAeFw0y +MDEwMDEwODAzMjJaFw0yMTA5MjYwODAzMjJaMH8xCzAJBgNVBAYTAklMMRIwEAYD +VQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcMCUplcnVzYWxlbTEUMBIGA1UECgwLYmpk +d2Vjay5jb20xEDAOBgNVBAMMB3ZhZ3JhbnQxIDAeBgkqhkiG9w0BCQEWEWJqZHdl +Y2tAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzurA +n0OwXj5ClFiKn/v76vtwGX3eSyxViCUTyctp4TysyORwbKW2ojzZceXuEg++q/FD +k4VkPXgJ+yYRePt3akvlTwPWHpf2OfCf7irStbxrrSQbIb8xODoj6IaKlPMNgezQ +/kZwuymqNil7k4bx7I1ii/xpD1A+YuWLn6Km6fBRS85JPte5vYexvMZWdH398/87 +8dttzQ5Slcp3MMVWwSmWb3LyEECqc2TC+C2dDFbGb0c0b7iYrYJXxoJmY+rb5f48 +rxrJ4pyhWax7lWQz2NobJlpRE1g4LspsQWEEnXE3MEgImALlj3Zd06l+mK2PRD3u +6v1UUXK+Ry7OiH6DZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAX4HvdZOYjmfzz +eSV/84WavlDgzO0w4xzOZr68bxE3rKpC6uBu9hI14FMllCO/bimZpYVfTVuwju/a +85HzpM+kOVDXquN7H6Ta8b3LUlHJ3FyFixHSwe7DFrskgnls4eVppzalSGVS1cHQ +0uEALXKqXj1x13PH4K+67Ue/pKYUbhV8WGBwMkEkxoM/igBFl9uahVhUpRFLLMah +JLHw3nauLU+swi+In9r9e0wDw+3lCCcZP5KzkGhCAv67yKg9STSw6n1yGvE9HKQn +S1GdA7nWu06XJVQ9FOVTKzrAKnPVf02+SiNl/BUcpENe11oNvntxstpUeh76lHE6 +Ql/lCgTl +-----END CERTIFICATE----- diff --git a/example/broker/client.csr b/example/broker/client.csr new file mode 100644 index 0000000..539302f --- /dev/null +++ b/example/broker/client.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICxDCCAawCAQAwfzELMAkGA1UEBhMCSUwxEjAQBgNVBAgMCUplcnVzYWxlbTES +MBAGA1UEBwwJSmVydXNhbGVtMRQwEgYDVQQKDAtiamR3ZWNrLmNvbTEQMA4GA1UE +AwwHdmFncmFudDEgMB4GCSqGSIb3DQEJARYRYmpkd2Vja0BnbWFpbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO6sCfQ7BePkKUWIqf+/vq+3AZ +fd5LLFWIJRPJy2nhPKzI5HBspbaiPNlx5e4SD76r8UOThWQ9eAn7JhF4+3dqS+VP +A9Yel/Y58J/uKtK1vGutJBshvzE4OiPohoqU8w2B7ND+RnC7Kao2KXuThvHsjWKL +/GkPUD5i5Yufoqbp8FFLzkk+17m9h7G8xlZ0ff3z/zvx223NDlKVyncwxVbBKZZv +cvIQQKpzZML4LZ0MVsZvRzRvuJitglfGgmZj6tvl/jyvGsninKFZrHuVZDPY2hsm +WlETWDguymxBYQSdcTcwSAiYAuWPdl3TqX6YrY9EPe7q/VRRcr5HLs6IfoNlAgMB +AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAEAqLLIYo4v9PEIwejQWQmLQRuiK56O4U +PM71HNR1+JB3OdFBNjwC3oByKreg72Ect1EdbhA/pV4oR6W9HzsW1ELIgWKgLwcp +uN2lTFHd+9WzKNp64jwomDGZYn4U1HE2cJS00BM3CD05/nXywJNDVmrCXSS8sUKH +K9mwhTneXwXpaILvZhTyyiw4Ni+EjNXIIbVm6J5zNMLX4ysiuiQl4HsRi6v8xsdb +HIUe5apnW0JGM7EhKnCXC5qtVV844bxmTvno42EggYB4KgrCpdNppfZKd3cxbrhH +LoyzZp0ZSTHFgdszhzEKO9dA2kj1M3DazM7cL1Yi4GooHJkXhkMBoA== +-----END CERTIFICATE REQUEST----- diff --git a/example/broker/client.key b/example/broker/client.key new file mode 100644 index 0000000..49e9d77 --- /dev/null +++ b/example/broker/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzurAn0OwXj5ClFiKn/v76vtwGX3eSyxViCUTyctp4TysyORw +bKW2ojzZceXuEg++q/FDk4VkPXgJ+yYRePt3akvlTwPWHpf2OfCf7irStbxrrSQb +Ib8xODoj6IaKlPMNgezQ/kZwuymqNil7k4bx7I1ii/xpD1A+YuWLn6Km6fBRS85J +Pte5vYexvMZWdH398/878dttzQ5Slcp3MMVWwSmWb3LyEECqc2TC+C2dDFbGb0c0 +b7iYrYJXxoJmY+rb5f48rxrJ4pyhWax7lWQz2NobJlpRE1g4LspsQWEEnXE3MEgI +mALlj3Zd06l+mK2PRD3u6v1UUXK+Ry7OiH6DZQIDAQABAoIBAA18EQeQErthlVcz +mf0pH9bFgh23LTh68CwKNortHb5XBO+mq4j5F7jk/ErG8EfvDL8J3xyLEehLnWLn +rTXUNYkQ3yXSGy8tOhe2jcWotsivOdkzxCzj1+JRL6vksL1aRaQU+d3IW2pnIbeb +5njLz5JZ+HUlAvfDg/1P9lR19ijCqXrMjl2lDazcDTF8jPgwCUhXdvmVzOVinCxT +lnhQizukxvg7PUsUVrR3qX16CUEAvav0N/zyqclyrsTEg2hYg+PW8NXGnLpbE7pH +F6GiB8zKaFsrjC2EXRVjXZQsLVusUmyB4z14w0fcsEOTtrR8lP7dQkyxQoRaTo/C +lukUMYECgYEA++Fkl9hQ5zY6iJlLUhxiJjv0ZNe0jWvtONVQasA7JtmMBTh3ZRTW +ipqOdDQsd/Whsw6h0loZ/RS72hMNGFqeGmIQEHvb4swqPB87frp3UCTCQGXIAjSL +Bx5K0NPfgYfC4jRAr3gAEqXeVumrxdDsmN5Ua6+c3WHcXMczd16vLUUCgYEA0k0Z +uWuYqkEwYwHuEqAYZd8ynu+rIh8bIhZS66ikWQMBzwLxY7mQQjQpkM9r2khG/K3L +U/0gF5qqToB+OapcYspPHRzNOlhU5n7nEr/aZvsbzTs2deMGVmvg80QpnAdBPKjQ +hNvrhbu+BVb2NmaTQo3Q/NnxNHyTJjdTlzK8D6ECgYEAuKBAAeV3d+MSCKqEwU04 +zFnKDFjoaXkgyzXg2j7JnPJ9Zh47tgYONE6R+K99oPiVbBBfoTaWMiIOiAzK3n0d +wqz6pXqEdLu+gY9LJts7Na2cDWQNtUAaYD9eC7Ah9moy+Wffuj61nvWiAgcJ99fq +dSsSqlRxIPzob8E8AlWPBhkCgYEAnd4s+mlQADbRiPFQ84Bk8Exd5rvJvuKU7sDN +XISLYxqDyA/Qf2k0Zs5biY57yy/IwjQA17rD1ZRQVn/UwZsmoS53t0YAtdTLXwBS +nFuTKw1D8IuLtXFIN6XiBxvbFHrJuSyM479njUvDOKTwTSQxVZu6D6XXkOwXVm/f ++zelvyECgYALWlLKvODf2+J08M6v71EcSVN14KcdRhBsMM/zaarLmCvY8RqpURHm +AN6f1C1McEOTuANgAPNRdkwpAsW5aRiNR2yJLqBHq7bVAyCnxk87YuOwekDi8lJV +1jVixWRsXQyuZ1pQHhCzT5aM6MTEGQf8pLcuBuaFkThMXPdhh2kKRQ== +-----END RSA PRIVATE KEY----- diff --git a/example/broker/mosquitto.conf b/example/broker/mosquitto.conf new file mode 100644 index 0000000..d6e0927 --- /dev/null +++ b/example/broker/mosquitto.conf @@ -0,0 +1,9 @@ +listener 8883 +connection_messages true +log_type all +websockets_log_level 9 +cafile /mosquitto/config/ca.crt +keyfile /mosquitto/config/server.key +certfile /mosquitto/config/server.crt +require_certificate true +use_identity_as_username true diff --git a/example/broker/run-mosquitto.sh b/example/broker/run-mosquitto.sh new file mode 100755 index 0000000..dcdc9ae --- /dev/null +++ b/example/broker/run-mosquitto.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +docker run -it --rm --user $(echo $UID) --name mosquitto -p 8883:8883 -v $(pwd):/mosquitto/config eclipse-mosquitto diff --git a/example/broker/server.crt b/example/broker/server.crt new file mode 100644 index 0000000..336d7c4 --- /dev/null +++ b/example/broker/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnDCCAoQCFFAUBdlPXEZ5BdAK3va1Pdi6K4ZKMA0GCSqGSIb3DQEBCwUAMIGL +MQswCQYDVQQGEwJJTDESMBAGA1UECAwJSmVydXNhbGVtMRIwEAYDVQQHDAlKZXJ1 +c2FsZW0xFDASBgNVBAoMC2JqZHdlY2suY29tMRwwGgYDVQQDDBNjYS5tcXR0LmJq +ZHdlY2suY29tMSAwHgYJKoZIhvcNAQkBFhFiamR3ZWNrQGdtYWlsLmNvbTAeFw0y +MDEwMDEwODA4MDBaFw0yMTA5MjYwODA4MDBaMIGIMQswCQYDVQQGEwJJTDESMBAG +A1UECAwJSmVydXNhbGVtMRIwEAYDVQQHDAlKZXJ1c2FsZW0xFDASBgNVBAoMC2Jq +ZHdlY2suY29tMRkwFwYDVQQDDBBtcXR0LmJqZHdlY2suY29tMSAwHgYJKoZIhvcN +AQkBFhFiamR3ZWNrQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAK/ccO7KMVo0QY0ZTC/JZu2AJ7381HimKMptShgcVWMgNjxRPhgMXK2+ +bwpLFOe8qamF3WgPYhcjRnUxhf0D7ijNE2If02e0Xv1esMwwiB3No7ucuVIhKw48 +XzWxfoZHSVG6NPrdk5+hbIFBlWjmh/bQ307fccvkodzaT0E8oVjg+5z93uqQoFot +chSgxL4mHbtjZO5CDQsKx46xDA0sUmz/u/Pb7mF+/NHVNerGlEuGF8bWz4czGvr7 +XBtu3IDDUyK/DRrfz77tYGD5GxHKEiT0aIQMjarPvFOTDOCPm/7PRM7joMEs1/4l +m9n0XUPiC46w3VWY2us7NMsHTe1FnPsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA +giN2oR4RqGVYaDdTIqA76bkgVwAFPcKFe9oyjohTBynJP1Qs0XXZ14TUAbnMAHcd +UFhg0jqQCB8B9gHVbU2eSPs4FNQECEH/BW9r8zAQab4pK5r3HfbkGB9Qtk19jpGa +RRBvdrXwikazEZ5fwe7Lh1zEcJL17m7ehinfQs+0toQxpHeHqJYxrk6W9JaoIorR +X151c87bEQTNB7IWu+nCLBI2mHsr+/O1zFGtfJ4dup+lWryvl0U/p1DFHpNeVGQh +2imTqDnnmVHjH0QpYK5Ov327gVuFe6VkjuOW/befkSzfObam/5iWUHKR042nCQ5e +wtJwiuBceMnLze/MaqdFgQ== +-----END CERTIFICATE----- diff --git a/example/broker/server.csr b/example/broker/server.csr new file mode 100644 index 0000000..8af7e08 --- /dev/null +++ b/example/broker/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICzjCCAbYCAQAwgYgxCzAJBgNVBAYTAklMMRIwEAYDVQQIDAlKZXJ1c2FsZW0x +EjAQBgNVBAcMCUplcnVzYWxlbTEUMBIGA1UECgwLYmpkd2Vjay5jb20xGTAXBgNV +BAMMEG1xdHQuYmpkd2Vjay5jb20xIDAeBgkqhkiG9w0BCQEWEWJqZHdlY2tAZ21h +aWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9xw7soxWjRB +jRlML8lm7YAnvfzUeKYoym1KGBxVYyA2PFE+GAxcrb5vCksU57ypqYXdaA9iFyNG +dTGF/QPuKM0TYh/TZ7Re/V6wzDCIHc2ju5y5UiErDjxfNbF+hkdJUbo0+t2Tn6Fs +gUGVaOaH9tDfTt9xy+Sh3NpPQTyhWOD7nP3e6pCgWi1yFKDEviYdu2Nk7kINCwrH +jrEMDSxSbP+789vuYX780dU16saUS4YXxtbPhzMa+vtcG27cgMNTIr8NGt/Pvu1g +YPkbEcoSJPRohAyNqs+8U5MM4I+b/s9EzuOgwSzX/iWb2fRdQ+ILjrDdVZja6zs0 +ywdN7UWc+wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAFaUhJQNRz8XHq2dN7OQ +cVfV2gNjcciqOudZuh50Ca65jiDIUXH+GsQgNlB0W6x4vErr8ORrwFZO/vf/gw5P +L5OzBrFf6/KsWe/JfN8JK3xgWCfbuuAWj6o8XDsscnP9czLwnNP9gisPMekE3TQP +1f9py8XFv5bnmgvtyyD1zmvBtlzi0Cuh6TdgMyapg4EdVQQqgIU7czspHweAOSho +/qIGYA7ourh4CBLPFTdVI39gxA3vLZLFXb3ptT/ywY34audGsmtGMwExTCLIq7zV +7elZ6JyK3hO5TAR25KsMewaFRDvTi28ayr8eJGWO36LqbEo6aXKQYFvfBZLrLdha +DBE= +-----END CERTIFICATE REQUEST----- diff --git a/example/broker/server.key b/example/broker/server.key new file mode 100644 index 0000000..81639c4 --- /dev/null +++ b/example/broker/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAr9xw7soxWjRBjRlML8lm7YAnvfzUeKYoym1KGBxVYyA2PFE+ +GAxcrb5vCksU57ypqYXdaA9iFyNGdTGF/QPuKM0TYh/TZ7Re/V6wzDCIHc2ju5y5 +UiErDjxfNbF+hkdJUbo0+t2Tn6FsgUGVaOaH9tDfTt9xy+Sh3NpPQTyhWOD7nP3e +6pCgWi1yFKDEviYdu2Nk7kINCwrHjrEMDSxSbP+789vuYX780dU16saUS4YXxtbP +hzMa+vtcG27cgMNTIr8NGt/Pvu1gYPkbEcoSJPRohAyNqs+8U5MM4I+b/s9EzuOg +wSzX/iWb2fRdQ+ILjrDdVZja6zs0ywdN7UWc+wIDAQABAoIBAFinWk8mosaEfV8y +F5QnhbnI10ARitLfgMS7X5TUA7+a53x0wEbDRJ1Z2QRpYTqJg0Ywc7MXvi1H3ScL +Ni6copzy9QiMXrhy10gHSj1FYfkUR6w2j731do0QpjadKdlramzG4BpvRRI+AEMQ +2s8tF/G2zjwmrGlK8sYxT67lb7krq/bfl5Ep3U+1MOTwHzf7xeLVOGLqJIY2efgc +cSVz69KD5sRGksPPEp9OG+OmZXKsU5YJ+1MJ1hlAQa9btCkmWQ/PT3bFpvEtENv2 +jkb62w+JuO4mKvTXFY1d7IqqERjhVUHE4xLK1m4RdHFCC5JznXOsHqucj13rdly6 +XNBThbECgYEA18AC6oF8Ag3b1V70aaJORCWP3YmyWiOqo7R+xj542Io1SwcmEAea +o0V9Mwz74CD5gyC03nevSkMK5qva4fjr5SakpBjey9dijwbgGVlpY9xMqtOD+vEj +vBOQZU7BNmY284op1UGd6ZaB2kPQU+nir2Ep8Vz+a+nRDVTx8futZbcCgYEA0Ktg +eWMSbfcgT4BG9K+uBhLFwgCpXeIBdzE530M3kLXF89Q6089c4m7YxOEHTiOfo+0s +8x0kvvst6e6dO/gZnfKdrZE4rwzgDX0wKGe0lTi7woaW2mR7nYdZOSWNhuhvDAyI +CsLBXZNT1SdwkkA7VdxHKcbFFxHxoSEPQbuBot0CgYAf2o2TqgJxGzK10gsr/Xao +wRL4lnfqrxFmkiOViWu2LNGpfii0fSrrqDrP6r7VXIj6Pz31Cp6qzDMz03PBoUrS +zl3IjJN4bRh0HYPAul7BC6mWHxyBVFD+V7Ud//6u1XCPjHqYrdNuxXXuj8yWVxXM +5v+WTzCRJjhjS4NdQtdbCQKBgQC3bT5j1fPYWDi9ycwVwOxfiFbwH3bCAS46oTn3 +CPYqLa8xk+iWUhybKsc/4XNze5sUFSPDHWY0v0Vv8oGiuoeCMUfrz9EdB1tYYCha +DDdQSMu7xmWK2nNTWSvUMS+EXINo+wcHNoWVhTFXGNE6rl26LuUbUw/jJLHbat0n +cfUVvQKBgQC9ha2bc6VBPh5qP7pvmiMXYs0kd+oauJ0U84svhUoLWhJ024Tg/Yal +3fnxBmZPtx1o/qQqLoI5jiNS1gpJ1Vur1j7QDiPWtE/ol2zCvm6ScppTFDXeNuJv +aY0SYSUDPdCO3gdSOrNjTBBQpNAdy8hJ9megoBIaMvYGcepVzmrhUg== +-----END RSA PRIVATE KEY----- diff --git a/example/torch-conf/ca.crt b/example/torch-conf/ca.crt new file mode 100644 index 0000000..92f4f35 --- /dev/null +++ b/example/torch-conf/ca.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+TCCAuGgAwIBAgIUQtnDzZO24MmJdNOmVP6IDYWZc6kwDQYJKoZIhvcNAQEL +BQAwgYsxCzAJBgNVBAYTAklMMRIwEAYDVQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcM +CUplcnVzYWxlbTEUMBIGA1UECgwLYmpkd2Vjay5jb20xHDAaBgNVBAMME2NhLm1x +dHQuYmpkd2Vjay5jb20xIDAeBgkqhkiG9w0BCQEWEWJqZHdlY2tAZ21haWwuY29t +MB4XDTIwMTAwMTA3NTUyNloXDTI1MDkzMDA3NTUyNlowgYsxCzAJBgNVBAYTAklM +MRIwEAYDVQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcMCUplcnVzYWxlbTEUMBIGA1UE +CgwLYmpkd2Vjay5jb20xHDAaBgNVBAMME2NhLm1xdHQuYmpkd2Vjay5jb20xIDAe +BgkqhkiG9w0BCQEWEWJqZHdlY2tAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAzQHL+3P/y/boB2LU/BBFVbK2wdsBsHkCTDc0EDrrrQ7G +TJ4VQX2lXvWDJyhcb843kXeOux2Gq6y0eK3bkI706syZNY16t2CD/cYOSkWXviYa ++4FlNbG/W+AIx5x5xcM17w60sAiP3uHlZ+K9J6nbmaY7b7PX+22MtaDfq7f/j36H +N+5MW7xRvH1BzPp6R6twShy+8AoTKt78V6jxabVq1aC2kmzqyaL08UjyN5MDmIIL +LCHH9XFiWfr851PC2tkMB45Swbj8ngyFMRt4R6RRpnobWmj8n0R4wIkJkIOsaVD3 +vbwoHgjDJjQtB9NKu40xtEsjW9Lf+xMGZYUi5sEONwIDAQABo1MwUTAdBgNVHQ4E +FgQUlXEvVPtVw5Blc3EhaZvlNNtSPpUwHwYDVR0jBBgwFoAUlXEvVPtVw5Blc3Eh +aZvlNNtSPpUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAvArw +TmpQefmqDe1JzJLlOcDMXfK/wIbwIqDnE5ncvVDyexx6gd+Jdk3ANS9M6p9bawpF +dBIT0xnFGY3bdzeKlx30JgWE/8q8ip/jcu6VJJvoxa49m/SEmzwx7buuG/YAsU4N +y5hwi/vn9YkN15hImYmZ2WJQ1ml0C3zHu5PwAHP0+snwxk8PW1makwHls8JTpgMp +FOp1uLfdffe14siICOwp+wcuNgS+ueN5oJHLl6Z+D68SZfIkz4jyik9lhlnATtOr +IGfp3Jb6v0px5chjpM+LJCImpvZ0PuIs9Uw5wKgHvlMGZwJRjhptK2fH2kEDohoz +4mI3SBL13CKmHndH3Q== +-----END CERTIFICATE----- diff --git a/example/torch-conf/client.crt b/example/torch-conf/client.crt new file mode 100644 index 0000000..12c88b9 --- /dev/null +++ b/example/torch-conf/client.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnoCFFAUBdlPXEZ5BdAK3va1Pdi6K4ZJMA0GCSqGSIb3DQEBCwUAMIGL +MQswCQYDVQQGEwJJTDESMBAGA1UECAwJSmVydXNhbGVtMRIwEAYDVQQHDAlKZXJ1 +c2FsZW0xFDASBgNVBAoMC2JqZHdlY2suY29tMRwwGgYDVQQDDBNjYS5tcXR0LmJq +ZHdlY2suY29tMSAwHgYJKoZIhvcNAQkBFhFiamR3ZWNrQGdtYWlsLmNvbTAeFw0y +MDEwMDEwODAzMjJaFw0yMTA5MjYwODAzMjJaMH8xCzAJBgNVBAYTAklMMRIwEAYD +VQQIDAlKZXJ1c2FsZW0xEjAQBgNVBAcMCUplcnVzYWxlbTEUMBIGA1UECgwLYmpk +d2Vjay5jb20xEDAOBgNVBAMMB3ZhZ3JhbnQxIDAeBgkqhkiG9w0BCQEWEWJqZHdl +Y2tAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzurA +n0OwXj5ClFiKn/v76vtwGX3eSyxViCUTyctp4TysyORwbKW2ojzZceXuEg++q/FD +k4VkPXgJ+yYRePt3akvlTwPWHpf2OfCf7irStbxrrSQbIb8xODoj6IaKlPMNgezQ +/kZwuymqNil7k4bx7I1ii/xpD1A+YuWLn6Km6fBRS85JPte5vYexvMZWdH398/87 +8dttzQ5Slcp3MMVWwSmWb3LyEECqc2TC+C2dDFbGb0c0b7iYrYJXxoJmY+rb5f48 +rxrJ4pyhWax7lWQz2NobJlpRE1g4LspsQWEEnXE3MEgImALlj3Zd06l+mK2PRD3u +6v1UUXK+Ry7OiH6DZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAX4HvdZOYjmfzz +eSV/84WavlDgzO0w4xzOZr68bxE3rKpC6uBu9hI14FMllCO/bimZpYVfTVuwju/a +85HzpM+kOVDXquN7H6Ta8b3LUlHJ3FyFixHSwe7DFrskgnls4eVppzalSGVS1cHQ +0uEALXKqXj1x13PH4K+67Ue/pKYUbhV8WGBwMkEkxoM/igBFl9uahVhUpRFLLMah +JLHw3nauLU+swi+In9r9e0wDw+3lCCcZP5KzkGhCAv67yKg9STSw6n1yGvE9HKQn +S1GdA7nWu06XJVQ9FOVTKzrAKnPVf02+SiNl/BUcpENe11oNvntxstpUeh76lHE6 +Ql/lCgTl +-----END CERTIFICATE----- diff --git a/example/torch-conf/client.key b/example/torch-conf/client.key new file mode 100644 index 0000000..49e9d77 --- /dev/null +++ b/example/torch-conf/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzurAn0OwXj5ClFiKn/v76vtwGX3eSyxViCUTyctp4TysyORw +bKW2ojzZceXuEg++q/FDk4VkPXgJ+yYRePt3akvlTwPWHpf2OfCf7irStbxrrSQb +Ib8xODoj6IaKlPMNgezQ/kZwuymqNil7k4bx7I1ii/xpD1A+YuWLn6Km6fBRS85J +Pte5vYexvMZWdH398/878dttzQ5Slcp3MMVWwSmWb3LyEECqc2TC+C2dDFbGb0c0 +b7iYrYJXxoJmY+rb5f48rxrJ4pyhWax7lWQz2NobJlpRE1g4LspsQWEEnXE3MEgI +mALlj3Zd06l+mK2PRD3u6v1UUXK+Ry7OiH6DZQIDAQABAoIBAA18EQeQErthlVcz +mf0pH9bFgh23LTh68CwKNortHb5XBO+mq4j5F7jk/ErG8EfvDL8J3xyLEehLnWLn +rTXUNYkQ3yXSGy8tOhe2jcWotsivOdkzxCzj1+JRL6vksL1aRaQU+d3IW2pnIbeb +5njLz5JZ+HUlAvfDg/1P9lR19ijCqXrMjl2lDazcDTF8jPgwCUhXdvmVzOVinCxT +lnhQizukxvg7PUsUVrR3qX16CUEAvav0N/zyqclyrsTEg2hYg+PW8NXGnLpbE7pH +F6GiB8zKaFsrjC2EXRVjXZQsLVusUmyB4z14w0fcsEOTtrR8lP7dQkyxQoRaTo/C +lukUMYECgYEA++Fkl9hQ5zY6iJlLUhxiJjv0ZNe0jWvtONVQasA7JtmMBTh3ZRTW +ipqOdDQsd/Whsw6h0loZ/RS72hMNGFqeGmIQEHvb4swqPB87frp3UCTCQGXIAjSL +Bx5K0NPfgYfC4jRAr3gAEqXeVumrxdDsmN5Ua6+c3WHcXMczd16vLUUCgYEA0k0Z +uWuYqkEwYwHuEqAYZd8ynu+rIh8bIhZS66ikWQMBzwLxY7mQQjQpkM9r2khG/K3L +U/0gF5qqToB+OapcYspPHRzNOlhU5n7nEr/aZvsbzTs2deMGVmvg80QpnAdBPKjQ +hNvrhbu+BVb2NmaTQo3Q/NnxNHyTJjdTlzK8D6ECgYEAuKBAAeV3d+MSCKqEwU04 +zFnKDFjoaXkgyzXg2j7JnPJ9Zh47tgYONE6R+K99oPiVbBBfoTaWMiIOiAzK3n0d +wqz6pXqEdLu+gY9LJts7Na2cDWQNtUAaYD9eC7Ah9moy+Wffuj61nvWiAgcJ99fq +dSsSqlRxIPzob8E8AlWPBhkCgYEAnd4s+mlQADbRiPFQ84Bk8Exd5rvJvuKU7sDN +XISLYxqDyA/Qf2k0Zs5biY57yy/IwjQA17rD1ZRQVn/UwZsmoS53t0YAtdTLXwBS +nFuTKw1D8IuLtXFIN6XiBxvbFHrJuSyM479njUvDOKTwTSQxVZu6D6XXkOwXVm/f ++zelvyECgYALWlLKvODf2+J08M6v71EcSVN14KcdRhBsMM/zaarLmCvY8RqpURHm +AN6f1C1McEOTuANgAPNRdkwpAsW5aRiNR2yJLqBHq7bVAyCnxk87YuOwekDi8lJV +1jVixWRsXQyuZ1pQHhCzT5aM6MTEGQf8pLcuBuaFkThMXPdhh2kKRQ== +-----END RSA PRIVATE KEY----- diff --git a/example/torch-conf/torch.conf b/example/torch-conf/torch.conf new file mode 100644 index 0000000..9ce28b5 --- /dev/null +++ b/example/torch-conf/torch.conf @@ -0,0 +1,15 @@ +[tor] +ControllerPort = 9051 + +[ssh] +Port = 22 + +[mqtt] +BrokerHost = mqtt.bjdweck.com +BrokerPort = 8883 +Topic = wokeup/me +RequireCertificate = true +CaFile = ca.crt +CertFile = client.crt +KeyFile = client.key + diff --git a/install-ubuntu2004.sh b/install-ubuntu2004.sh new file mode 100755 index 0000000..cf41d9b --- /dev/null +++ b/install-ubuntu2004.sh @@ -0,0 +1,28 @@ +#!/usr/bin/bash + +apt update +apt install -y tor python3-pip +sudo -H pip3 install stem paho-mqtt + +sed -i '/^#ControlPort 9051/s/^#//' /etc/tor/torrc +sed -i '/^#CookieAuthentication 1/s/^#//' /etc/tor/torrc +echo "CookieAuthFileGroupReadable 1" >> /etc/tor/torrc +systemctl reload tor + +useradd --system -g debian-tor torch + +mkdir -p /etc/torch +cp torch.conf /etc/torch/ +chown -R torch /etc/torch + +mkdir -p /usr/local/lib/torch +mv torch-pub.py /usr/local/lib/torch/ +chown root:root /usr/local/lib/torch/torch-pub.py +chmod 644 /usr/local/lib/torch/torch-pub.py + +mv torch.service /etc/systemd/system/ +chown root:root /etc/systemd/system/torch.service +chmod 644 /etc/systemd/system/torch.service + +systemctl daemon-reload +systemctl enable torch diff --git a/torch-pub.py b/torch-pub.py new file mode 100644 index 0000000..b3db69e --- /dev/null +++ b/torch-pub.py @@ -0,0 +1,52 @@ +from stem.control import Controller +import stem.connection +import paho.mqtt.client as mqtt +import ssl +import configparser + +configPath = "/etc/torch/" + +config = configparser.ConfigParser() +config.read(configPath + "torch.conf") + +torControllerPort = config['tor'].getint('ControllerPort', fallback = 9051) +sshPort = config['ssh'].getint('Port', fallback = 22) +mqttConfig = config['mqtt'] +mqttBrokerHost = mqttConfig.get('BrokerHost', fallback = "localhost") +mqttBrokerPort = mqttConfig.getint('BrokerPort', fallback = 1883) +mqttTopic = mqttConfig.get('Topic', fallback = "default/topic") + +mqttRequireCertificate = mqttConfig.getboolean( + 'RequireCertificate', + fallback = False) + +mqttCaFile = configPath + mqttConfig.get('CaFile') +mqttCertFile = configPath + mqttConfig.get('CertFile') +mqttKeyFile = configPath + mqttConfig.get('KeyFile') + +with Controller.from_port(port = torControllerPort) as controller: + + protocolInfo = stem.connection.get_protocolinfo(controller) + + stem.connection.authenticate_safecookie( + controller, + protocolInfo.cookie_path) + + service = controller.create_ephemeral_hidden_service( + sshPort, + detached = True) + + onionAddress = "%s.onion" % (service.service_id) + +client = mqtt.Client() + +if mqttRequireCertificate: + client.tls_set( + ca_certs = mqttCaFile, + certfile = mqttCertFile, + keyfile = mqttKeyFile, + cert_reqs=ssl.CERT_REQUIRED) + +client.connect(mqttBrokerHost, mqttBrokerPort, 60) +client.publish(mqttTopic, onionAddress) +client.disconnect() diff --git a/torch.conf b/torch.conf new file mode 100644 index 0000000..438711e --- /dev/null +++ b/torch.conf @@ -0,0 +1,17 @@ +[tor] +ControllerPort = 9051 + +[ssh] +Port = 22 + +[mqtt] +BrokerHost = mqtt.example.com +BrokerPort = 1883 +Topic = example/topic + +### Options for Using TLS + +#RequireCertificate = true +#CaFile = ca.crt +#CertFile = client.crt +#KeyFile = client.key \ No newline at end of file diff --git a/torch.service b/torch.service new file mode 100644 index 0000000..fac61bc --- /dev/null +++ b/torch.service @@ -0,0 +1,13 @@ +[Unit] +Description=Torch: MQTT Publisher for Tor Hidden SSH Service URL +After=tor.service ssh.service +Requires=tor.service ssh.service + +[Service] +Environment=PYTHONUNBUFFERED=1 +ExecStart=/usr/bin/python3 /usr/local/lib/torch/torch-pub.py +User=torch +Group=debian-tor + +[Install] +WantedBy=multi-user.target ssh.service tor.service \ No newline at end of file