From a984b7a6a6f2799dbcf16d4c6e34adc50f5236be Mon Sep 17 00:00:00 2001 From: MiroZ Date: Mon, 2 Sep 2024 12:27:45 -0700 Subject: [PATCH] updated azure root certificate --- README.md | 2 + certs/eventgrid.azure.pem | 20 ++--- mqtt_server_cert.txt | 157 ++++++++++++++++++++++++++++++++++++++ utils/mqtt.py | 16 ++-- 4 files changed, 178 insertions(+), 17 deletions(-) create mode 100644 mqtt_server_cert.txt diff --git a/README.md b/README.md index 12bc95d..e794fec 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ MQTT server: # Getting server certificate: +openssl s_client -showcerts -connect mqtt-dev-server.westus2-1.ts.eventgrid.azure.net:8883 + openssl s_client -showcerts -connect mqtt-dev-server.westus2-1.ts.eventgrid.azure.net:8883 /dev/null|openssl x509 -outform PEM >eventgrid.azure.pem This produces eventgrid.azure.pem certificate file. diff --git a/certs/eventgrid.azure.pem b/certs/eventgrid.azure.pem index 8814023..ff9489a 100755 --- a/certs/eventgrid.azure.pem +++ b/certs/eventgrid.azure.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDXDCCAuOgAwIBAgIQDvLl2DaBUgJV6Sxgj7wv9DAKBggqhkjOPQQDAzBhMQsw +MIIDXTCCAuOgAwIBAgIQDx8VdYLNzTNzS9xfzZQaMzAKBggqhkjOPQQDAzBhMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe Fw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4w HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29m -dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDgwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAATlQzoKIJQIe8bd4sX2x9XBtFvoh5m7Neph3MYORvv/rg2Ew7Cfb00eZ+zS -njUosyOUCspenehe0PyKtmq6pPshLu5Ww/hLEoQT3drwxZ5PaYHmGEGoy2aPBeXa -23k5ruijggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBStVB0D -VHHGL17WWxhYzm4kxdaiCjAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL +dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDcwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATokm9hNnECQj2lbZM9is6plTI2rgjbWOkOLqclsWYe7hly1d9YsaivU9rw +QAhByBfxuBIAOuvgcUoYhihMsGuzwe8REVxJzkNIvQMi6cyUZL4bSMkZa/9R8qt9 +eAlQ2XKjggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTDXqxA +dsAGTeMrlJkwYHM0mCnGUTAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL xjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v RGlnaUNlcnRHbG9iYWxSb290RzMuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMy5jcmwwHQYD -VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2cAMGQCMD+q -5Uq1fSGZSKRhrnWKKXlp4DvfZCEU/MF3rbdwAaXI/KVM65YRO9HvRbfDpV3x1wIw -CHvqqpg/8YJPDn8NJIS/Rg+lYraOseXeuNYzkjeY6RLxIDB+nLVDs9QJ3/co89Cd +VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2gAMGUCMQD4 +NlZZatULuw0uN/yBMq9WikJwL8IHljJyU1EyPmv3XOKab+TbGSFWK/x6QeCH4lkC +MGnBJi1rXgd9ieBW4PSmq1v0Jd5YrBptoNMGk5J+dDOj7L3ItN16Lyjk9coSKgZS +zw== -----END CERTIFICATE----- - diff --git a/mqtt_server_cert.txt b/mqtt_server_cert.txt new file mode 100644 index 0000000..9c5628f --- /dev/null +++ b/mqtt_server_cert.txt @@ -0,0 +1,157 @@ +CONNECTED(00000003) +--- +Certificate chain + 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.eventgrid.azure.net + i:C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07 + a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384 + v:NotBefore: Sep 1 08:03:38 2024 GMT; NotAfter: Aug 27 08:03:38 2025 GMT +-----BEGIN CERTIFICATE----- +MIIGaDCCBe2gAwIBAgITMwAAKSve38jdYx+3LQAAAAApKzAKBggqhkjOPQQDAzBd +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4w +LAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgRUNDIFRMUyBJc3N1aW5nIENBIDA3MB4X +DTI0MDkwMTA4MDMzOFoXDTI1MDgyNzA4MDMzOFowbDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg +Q29ycG9yYXRpb24xHjAcBgNVBAMMFSouZXZlbnRncmlkLmF6dXJlLm5ldDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABAtjjj3L6Ix/L8BsGh8X/rW6GyMzbiC2aJ2VYQeJ +OwgDgNU2QEboFRaU7+y8zagsQtd58hUskfHSKYoahBHBDYorB3szDZ9b2MGKQnv1 +miKbwK+r6Ghp9y3UwEnY8FZ7YKOCBF4wggRaMIIBgAYKKwYBBAHWeQIEAgSCAXAE +ggFsAWoAdgAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZGspa03 +AAAEAwBHMEUCIC74tC1dPt5tWe17blIXKvg1NBs3BssOn1FrJkzHt7siAiEA2sVm +/XXfvcadfZ7SsZczB9hw7mNDZGgXuqfel8iYQPAAdwB9WR4S4XgqexxhZ3xe/fjQ +h1wUoE6VnrkDL9kOjC55uAAAAZGspa3oAAAEAwBIMEYCIQDgf3KisPuKsNcajLsh +kdo54k50gNCIKr+xJUdcfW+hygIhAKJLeDV6QKE7tuDoEAzjhZIR7roFnXkjcxRL +FJ0UEefRAHcAGgT/SdBUHUCv9qDDv/HYxGcvTuzuI0BomGsXQC7ciX0AAAGRrKWt +5wAABAMASDBGAiEAspZjPZODLM/NwqfdF41JMsqxPe4OEbt46l/HvipsjxcCIQDf +GG7GYpnk9C7c6ojdA3KU2jljg+gEofeGrQ0AYvppGTAnBgkrBgEEAYI3FQoEGjAY +MAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQB +gjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASYwgbQGCCsGAQUF +BwEBBIGnMIGkMHMGCCsGAQUFBzAChmdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v +cGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwRUNDJTIwVExTJTIwSXNz +dWluZyUyMENBJTIwMDclMjAtJTIweHNpZ24uY3J0MC0GCCsGAQUFBzABhiFodHRw +Oi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFDVRQindQ++e +b5/8bZhbjmzVprOvMA4GA1UdDwEB/wQEAwIHgDBlBgNVHREEXjBcghUqLmV2ZW50 +Z3JpZC5henVyZS5uZXSCIioud2VzdHVzMi0xLnRzLmV2ZW50Z3JpZC5henVyZS5u +ZXSCHyoud2VzdHVzMi0xLmV2ZW50Z3JpZC5henVyZS5uZXQwDAYDVR0TAQH/BAIw +ADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp +b3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMEVDQyUyMFRMUyUyMElzc3Vpbmcl +MjBDQSUyMDA3LmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsG +AQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVw +b3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFMNerEB2wAZN4yuUmTBg +czSYKcZRMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQD +AwNpADBmAjEAtoqcknAk4n8l2juxLT0LFIwJvdVnlWIQwYjbuNbBHGCn8TRqNuce +Vn8UQxxpmF2dAjEAyBOPGnNrGzL4EBqdlGuW2VUJxMma8FuzWPRdd4MGXo+74j1t +1iYWsNaO2ogqGSTd +-----END CERTIFICATE----- + 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07 + i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3 + a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384 + v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT +-----BEGIN CERTIFICATE----- +MIIDXTCCAuOgAwIBAgIQDx8VdYLNzTNzS9xfzZQaMzAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4w +HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29m +dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDcwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATokm9hNnECQj2lbZM9is6plTI2rgjbWOkOLqclsWYe7hly1d9YsaivU9rw +QAhByBfxuBIAOuvgcUoYhihMsGuzwe8REVxJzkNIvQMi6cyUZL4bSMkZa/9R8qt9 +eAlQ2XKjggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTDXqxA +dsAGTeMrlJkwYHM0mCnGUTAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL +xjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC +MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl +cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v +RGlnaUNlcnRHbG9iYWxSb290RzMuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6 +Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMy5jcmwwHQYD +VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2gAMGUCMQD4 +NlZZatULuw0uN/yBMq9WikJwL8IHljJyU1EyPmv3XOKab+TbGSFWK/x6QeCH4lkC +MGnBJi1rXgd9ieBW4PSmq1v0Jd5YrBptoNMGk5J+dDOj7L3ItN16Lyjk9coSKgZS +zw== +-----END CERTIFICATE----- +--- +Server certificate +subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.eventgrid.azure.net +issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07 +--- +No client certificate CA names sent +Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Peer signing digest: SHA384 +Peer signature type: ECDSA +Server Temp Key: ECDH, prime256v1, 256 bits +--- +SSL handshake has read 3089 bytes and written 827 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 +Server public key is 384 bit +Secure Renegotiation IS NOT supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_128_GCM_SHA256 + Session-ID: D692059799E41DB1B4A639E0F8936699866149B55805D9DE54148B23CE01135B + Session-ID-ctx: + Resumption PSK: B49A236A08B6CBA810AA934DD7C3896B496EBC0447C17D54332FCB729291D55A + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 8a a7 82 f9 bf be 50 26-2f ad 73 0d bb f7 91 4b ......P&/.s....K + 0010 - 66 cf 20 4a 5e 0e 96 cb-0d 11 ca b7 75 3b cb 17 f. J^.......u;.. + 0020 - ae 55 1d 7f 2c 2f 24 d5-aa 0c 00 36 be bd 8e ad .U..,/$....6.... + 0030 - 3e b2 58 7c 0d 5a 91 69-ff 22 dd d2 ea ed 03 1b >.X|.Z.i."...... + 0040 - 4e 22 70 6b de 55 28 f4-07 3e 17 b8 8f 7e c8 81 N"pk.U(..>...~.. + 0050 - 8c 4f 42 9b 04 01 4a 9b-4f 8b 12 db aa 97 de f4 .OB...J.O....... + 0060 - cf c3 b7 5d 63 64 76 aa-b1 43 d6 88 f1 7a 88 6c ...]cdv..C...z.l + 0070 - e7 bd 5d 45 9a ba ec cf-9b 05 51 56 29 e9 1b 91 ..]E......QV)... + 0080 - b9 73 f3 12 8d 67 6e 94-45 7c 63 38 49 20 aa d3 .s...gn.E|c8I .. + 0090 - a1 a4 56 36 81 2a e6 7d-b3 dc 8f 4d 0b 4a f4 e3 ..V6.*.}...M.J.. + 00a0 - 67 37 90 20 59 d0 13 31-61 5a 5d bb 69 88 d7 43 g7. Y..1aZ].i..C + + Start Time: 1725304955 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_128_GCM_SHA256 + Session-ID: E027A4A771A890E80633F18F776CFAD5B13FDE28FB04E1BDAFBCA7C9152D704A + Session-ID-ctx: + Resumption PSK: 4A978B112FD3223E2164668B84BC1CEA34F2977E42B7C967666B8E35A554AC46 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 8a a7 82 f9 bf be 50 26-2f ad 73 0d bb f7 91 4b ......P&/.s....K + 0010 - 95 08 d8 ce c8 4b 41 fc-03 48 5e 49 72 a1 7a 2c .....KA..H^Ir.z, + 0020 - 97 3d ea c8 3d be 56 f5-64 41 45 6c 7c 2e bf c2 .=..=.V.dAEl|... + 0030 - cf 70 75 49 42 f1 86 4a-e8 c3 a0 00 16 3d 7b 62 .puIB..J.....={b + 0040 - fb 08 cf e1 53 f2 d3 55-68 26 95 61 29 29 d9 3c ....S..Uh&.a)).< + 0050 - a3 65 50 4a 74 83 ca 15-34 49 01 c8 df c7 c2 00 .ePJt...4I...... + 0060 - ff c8 3a 5f 3e 93 ae 6f-61 d9 bc 38 34 5f b4 8b ..:_>..oa..84_.. + 0070 - 57 ac 36 56 fe a2 a6 53-84 55 7e 8c 18 28 ca 60 W.6V...S.U~..(.` + 0080 - 24 87 ec 7f cf 95 6c f0-20 c3 49 76 65 99 fb e5 $.....l. .Ive... + 0090 - 84 26 7e cd 3c 82 9a 2d-2d 75 d0 f6 3f a9 38 c7 .&~.<..--u..?.8. + 00a0 - ab d0 9a 27 d6 18 95 de-62 28 57 97 4d 03 14 02 ...'....b(W.M... + + Start Time: 1725304955 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK diff --git a/utils/mqtt.py b/utils/mqtt.py index 88a242f..4863fe4 100755 --- a/utils/mqtt.py +++ b/utils/mqtt.py @@ -17,7 +17,7 @@ macs = [] hist = {} def connect_mqtt(): - def on_connect(client, userdata, flags, rc): + def on_connect(client, userdata, flags, rc, props): global connected if rc == 0: print("Connected to MQTT Broker!") @@ -25,7 +25,7 @@ def connect_mqtt(): else: print("Failed to connect, return code %d\n", rc) - client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION1, "asdasxzxdadaswd") + client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2, "asdasxzxdadaswd") client.tls_set( ca_certs='eventgrid.azure_full.pem', certfile='../certs/client1-authn-ID.pem', @@ -41,10 +41,10 @@ def connect_mqtt(): if not mac in macs: macs.append(mac) - print (f"{len(macs)} {mac} {grp_id}") if not mac in hist: - hist[mac] = 0 + hist[mac] = 1 + print (f"{len(macs)} {mac} {grp_id}") else: hist[mac] += 1 @@ -78,10 +78,12 @@ def main() -> None: # publish(client, f"/{monitor[0]}", "pin|7856") # publish(client, f"/{monitor[0]}", "s") - time.sleep(300) + time.sleep(60) - # for key in hist: - # print(f"{key} : {hist[key]}") + sorted_dict = dict(sorted(hist.items(), key=lambda x:x[1])) + + for key in sorted_dict: + print(f"{key} : {sorted_dict[key]}") client.disconnect()