torch-agent/torch-pub.py

from stem.control import Controller
import stem.connection
import paho.mqtt.client as mqtt
import ssl
import socks
import configparser

configPath = "/etc/torch/"

config = configparser.ConfigParser()
config.read(configPath + "torch.conf")

torProxyPort = config['tor'].getint('ProxyPort', fallback = 9050)
torControllerPort = config['tor'].getint('ControllerPort', fallback = 9051)
sshPort = config['ssh'].getint('Port', fallback = 22)
mqttConfig = config['mqtt']
mqttBrokerHost = mqttConfig.get('BrokerHost', fallback = "localhost")
mqttBrokerPort = mqttConfig.getint('BrokerPort', fallback = 1883)
mqttTopic = mqttConfig.get('Topic', fallback = "default/topic")

mqttRequireCertificate = mqttConfig.getboolean(
                                       'RequireCertificate', 
                                       fallback = False)

mqttCaFile = configPath + mqttConfig.get('CaFile')
mqttCertFile = configPath + mqttConfig.get('CertFile')
mqttKeyFile = configPath + mqttConfig.get('KeyFile')

with Controller.from_port(port = torControllerPort) as controller:
  
  protocolInfo = stem.connection.get_protocolinfo(controller)

  stem.connection.authenticate_safecookie(
                       controller, 
                       protocolInfo.cookie_path)
  
  service = controller.create_ephemeral_hidden_service(
                             sshPort, 
                             detached = True)

  onionAddress = "%s.onion" % (service.service_id)

client = mqtt.Client()

if mqttRequireCertificate:
  client.tls_set(
          ca_certs = mqttCaFile, 
          certfile = mqttCertFile, 
          keyfile = mqttKeyFile, 
          cert_reqs=ssl.CERT_REQUIRED)

if mqttBrokerHost.endswith(".onion"):
  client.proxy_set(proxy_type=socks.SOCKS5, proxy_addr="localhost", proxy_port=torProxyPort)
  client.tls_insecure_set(True)

client.connect(mqttBrokerHost, mqttBrokerPort, 60)
client.publish(mqttTopic, onionAddress)
client.disconnect()