updated azure root certificate

2024-09-02 12:27:45 -07:00 · 2024-09-02 12:27:45 -07:00 · a984b7a6a6
commit a984b7a6a6
parent 58d034173e
4 changed files with 178 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -9,6 +9,8 @@ MQTT server:

 # Getting server certificate:

+openssl s_client -showcerts -connect mqtt-dev-server.westus2-1.ts.eventgrid.azure.net:8883
+
 	openssl s_client -showcerts -connect mqtt-dev-server.westus2-1.ts.eventgrid.azure.net:8883 </dev/null 2>/dev/null|openssl x509 -outform PEM >eventgrid.azure.pem

 This produces eventgrid.azure.pem certificate file.
--- a/certs/eventgrid.azure.pem
+++ b/certs/eventgrid.azure.pem
@ -1,21 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDXDCCAuOgAwIBAgIQDvLl2DaBUgJV6Sxgj7wv9DAKBggqhkjOPQQDAzBhMQsw
+MIIDXTCCAuOgAwIBAgIQDx8VdYLNzTNzS9xfzZQaMzAKBggqhkjOPQQDAzBhMQsw
 CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
 ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
 Fw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4w
 HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29m
-dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDgwdjAQBgcqhkjOPQIBBgUrgQQA
-IgNiAATlQzoKIJQIe8bd4sX2x9XBtFvoh5m7Neph3MYORvv/rg2Ew7Cfb00eZ+zS
-njUosyOUCspenehe0PyKtmq6pPshLu5Ww/hLEoQT3drwxZ5PaYHmGEGoy2aPBeXa
-23k5ruijggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBStVB0D
-VHHGL17WWxhYzm4kxdaiCjAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL
+dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDcwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATokm9hNnECQj2lbZM9is6plTI2rgjbWOkOLqclsWYe7hly1d9YsaivU9rw
+QAhByBfxuBIAOuvgcUoYhihMsGuzwe8REVxJzkNIvQMi6cyUZL4bSMkZa/9R8qt9
+eAlQ2XKjggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTDXqxA
+dsAGTeMrlJkwYHM0mCnGUTAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL
 xjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
 MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
 cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
 RGlnaUNlcnRHbG9iYWxSb290RzMuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMy5jcmwwHQYD
-VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2cAMGQCMD+q
-5Uq1fSGZSKRhrnWKKXlp4DvfZCEU/MF3rbdwAaXI/KVM65YRO9HvRbfDpV3x1wIw
-CHvqqpg/8YJPDn8NJIS/Rg+lYraOseXeuNYzkjeY6RLxIDB+nLVDs9QJ3/co89Cd
+VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2gAMGUCMQD4
+NlZZatULuw0uN/yBMq9WikJwL8IHljJyU1EyPmv3XOKab+TbGSFWK/x6QeCH4lkC
+MGnBJi1rXgd9ieBW4PSmq1v0Jd5YrBptoNMGk5J+dDOj7L3ItN16Lyjk9coSKgZS
+zw==
 -----END CERTIFICATE-----
-
--- a/mqtt_server_cert.txt
+++ b/mqtt_server_cert.txt
@ -0,0 +1,157 @@
+CONNECTED(00000003)
+---
+Certificate chain
+ 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.eventgrid.azure.net
+   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07
+   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384
+   v:NotBefore: Sep  1 08:03:38 2024 GMT; NotAfter: Aug 27 08:03:38 2025 GMT
+-----BEGIN CERTIFICATE-----
+MIIGaDCCBe2gAwIBAgITMwAAKSve38jdYx+3LQAAAAApKzAKBggqhkjOPQQDAzBd
+MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4w
+LAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgRUNDIFRMUyBJc3N1aW5nIENBIDA3MB4X
+DTI0MDkwMTA4MDMzOFoXDTI1MDgyNzA4MDMzOFowbDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
+Q29ycG9yYXRpb24xHjAcBgNVBAMMFSouZXZlbnRncmlkLmF6dXJlLm5ldDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABAtjjj3L6Ix/L8BsGh8X/rW6GyMzbiC2aJ2VYQeJ
+OwgDgNU2QEboFRaU7+y8zagsQtd58hUskfHSKYoahBHBDYorB3szDZ9b2MGKQnv1
+miKbwK+r6Ghp9y3UwEnY8FZ7YKOCBF4wggRaMIIBgAYKKwYBBAHWeQIEAgSCAXAE
+ggFsAWoAdgAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZGspa03
+AAAEAwBHMEUCIC74tC1dPt5tWe17blIXKvg1NBs3BssOn1FrJkzHt7siAiEA2sVm
+/XXfvcadfZ7SsZczB9hw7mNDZGgXuqfel8iYQPAAdwB9WR4S4XgqexxhZ3xe/fjQ
+h1wUoE6VnrkDL9kOjC55uAAAAZGspa3oAAAEAwBIMEYCIQDgf3KisPuKsNcajLsh
+kdo54k50gNCIKr+xJUdcfW+hygIhAKJLeDV6QKE7tuDoEAzjhZIR7roFnXkjcxRL
+FJ0UEefRAHcAGgT/SdBUHUCv9qDDv/HYxGcvTuzuI0BomGsXQC7ciX0AAAGRrKWt
+5wAABAMASDBGAiEAspZjPZODLM/NwqfdF41JMsqxPe4OEbt46l/HvipsjxcCIQDf
+GG7GYpnk9C7c6ojdA3KU2jljg+gEofeGrQ0AYvppGTAnBgkrBgEEAYI3FQoEGjAY
+MAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQB
+gjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASYwgbQGCCsGAQUF
+BwEBBIGnMIGkMHMGCCsGAQUFBzAChmdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v
+cGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwRUNDJTIwVExTJTIwSXNz
+dWluZyUyMENBJTIwMDclMjAtJTIweHNpZ24uY3J0MC0GCCsGAQUFBzABhiFodHRw
+Oi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFDVRQindQ++e
+b5/8bZhbjmzVprOvMA4GA1UdDwEB/wQEAwIHgDBlBgNVHREEXjBcghUqLmV2ZW50
+Z3JpZC5henVyZS5uZXSCIioud2VzdHVzMi0xLnRzLmV2ZW50Z3JpZC5henVyZS5u
+ZXSCHyoud2VzdHVzMi0xLmV2ZW50Z3JpZC5henVyZS5uZXQwDAYDVR0TAQH/BAIw
+ADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp
+b3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMEVDQyUyMFRMUyUyMElzc3Vpbmcl
+MjBDQSUyMDA3LmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsG
+AQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVw
+b3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFMNerEB2wAZN4yuUmTBg
+czSYKcZRMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAKBggqhkjOPQQD
+AwNpADBmAjEAtoqcknAk4n8l2juxLT0LFIwJvdVnlWIQwYjbuNbBHGCn8TRqNuce
+Vn8UQxxpmF2dAjEAyBOPGnNrGzL4EBqdlGuW2VUJxMma8FuzWPRdd4MGXo+74j1t
+1iYWsNaO2ogqGSTd
+-----END CERTIFICATE-----
+ 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07
+   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
+   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384
+   v:NotBefore: Jun  8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAuOgAwIBAgIQDx8VdYLNzTNzS9xfzZQaMzAKBggqhkjOPQQDAzBhMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
+Fw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4w
+HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29m
+dCBBenVyZSBFQ0MgVExTIElzc3VpbmcgQ0EgMDcwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATokm9hNnECQj2lbZM9is6plTI2rgjbWOkOLqclsWYe7hly1d9YsaivU9rw
+QAhByBfxuBIAOuvgcUoYhihMsGuzwe8REVxJzkNIvQMi6cyUZL4bSMkZa/9R8qt9
+eAlQ2XKjggFiMIIBXjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTDXqxA
+dsAGTeMrlJkwYHM0mCnGUTAfBgNVHSMEGDAWgBSz20ik+aHF2K42QcwRY2liKbxL
+xjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
+cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
+RGlnaUNlcnRHbG9iYWxSb290RzMuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMy5jcmwwHQYD
+VR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMAoGCCqGSM49BAMDA2gAMGUCMQD4
+NlZZatULuw0uN/yBMq9WikJwL8IHljJyU1EyPmv3XOKab+TbGSFWK/x6QeCH4lkC
+MGnBJi1rXgd9ieBW4PSmq1v0Jd5YrBptoNMGk5J+dDOj7L3ItN16Lyjk9coSKgZS
+zw==
+-----END CERTIFICATE-----
+---
+Server certificate
+subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = *.eventgrid.azure.net
+issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure ECC TLS Issuing CA 07
+---
+No client certificate CA names sent
+Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
+Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
+Peer signing digest: SHA384
+Peer signature type: ECDSA
+Server Temp Key: ECDH, prime256v1, 256 bits
+---
+SSL handshake has read 3089 bytes and written 827 bytes
+Verification: OK
+---
+New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
+Server public key is 384 bit
+Secure Renegotiation IS NOT supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+Early data was not sent
+Verify return code: 0 (ok)
+---
+---
+Post-Handshake New Session Ticket arrived:
+SSL-Session:
+    Protocol  : TLSv1.3
+    Cipher    : TLS_AES_128_GCM_SHA256
+    Session-ID: D692059799E41DB1B4A639E0F8936699866149B55805D9DE54148B23CE01135B
+    Session-ID-ctx: 
+    Resumption PSK: B49A236A08B6CBA810AA934DD7C3896B496EBC0447C17D54332FCB729291D55A
+    PSK identity: None
+    PSK identity hint: None
+    SRP username: None
+    TLS session ticket lifetime hint: 7200 (seconds)
+    TLS session ticket:
+    0000 - 8a a7 82 f9 bf be 50 26-2f ad 73 0d bb f7 91 4b   ......P&/.s....K
+    0010 - 66 cf 20 4a 5e 0e 96 cb-0d 11 ca b7 75 3b cb 17   f. J^.......u;..
+    0020 - ae 55 1d 7f 2c 2f 24 d5-aa 0c 00 36 be bd 8e ad   .U..,/$....6....
+    0030 - 3e b2 58 7c 0d 5a 91 69-ff 22 dd d2 ea ed 03 1b   >.X|.Z.i."......
+    0040 - 4e 22 70 6b de 55 28 f4-07 3e 17 b8 8f 7e c8 81   N"pk.U(..>...~..
+    0050 - 8c 4f 42 9b 04 01 4a 9b-4f 8b 12 db aa 97 de f4   .OB...J.O.......
+    0060 - cf c3 b7 5d 63 64 76 aa-b1 43 d6 88 f1 7a 88 6c   ...]cdv..C...z.l
+    0070 - e7 bd 5d 45 9a ba ec cf-9b 05 51 56 29 e9 1b 91   ..]E......QV)...
+    0080 - b9 73 f3 12 8d 67 6e 94-45 7c 63 38 49 20 aa d3   .s...gn.E|c8I ..
+    0090 - a1 a4 56 36 81 2a e6 7d-b3 dc 8f 4d 0b 4a f4 e3   ..V6.*.}...M.J..
+    00a0 - 67 37 90 20 59 d0 13 31-61 5a 5d bb 69 88 d7 43   g7. Y..1aZ].i..C
+
+    Start Time: 1725304955
+    Timeout   : 7200 (sec)
+    Verify return code: 0 (ok)
+    Extended master secret: no
+    Max Early Data: 0
+---
+read R BLOCK
+---
+Post-Handshake New Session Ticket arrived:
+SSL-Session:
+    Protocol  : TLSv1.3
+    Cipher    : TLS_AES_128_GCM_SHA256
+    Session-ID: E027A4A771A890E80633F18F776CFAD5B13FDE28FB04E1BDAFBCA7C9152D704A
+    Session-ID-ctx: 
+    Resumption PSK: 4A978B112FD3223E2164668B84BC1CEA34F2977E42B7C967666B8E35A554AC46
+    PSK identity: None
+    PSK identity hint: None
+    SRP username: None
+    TLS session ticket lifetime hint: 7200 (seconds)
+    TLS session ticket:
+    0000 - 8a a7 82 f9 bf be 50 26-2f ad 73 0d bb f7 91 4b   ......P&/.s....K
+    0010 - 95 08 d8 ce c8 4b 41 fc-03 48 5e 49 72 a1 7a 2c   .....KA..H^Ir.z,
+    0020 - 97 3d ea c8 3d be 56 f5-64 41 45 6c 7c 2e bf c2   .=..=.V.dAEl|...
+    0030 - cf 70 75 49 42 f1 86 4a-e8 c3 a0 00 16 3d 7b 62   .puIB..J.....={b
+    0040 - fb 08 cf e1 53 f2 d3 55-68 26 95 61 29 29 d9 3c   ....S..Uh&.a)).<
+    0050 - a3 65 50 4a 74 83 ca 15-34 49 01 c8 df c7 c2 00   .ePJt...4I......
+    0060 - ff c8 3a 5f 3e 93 ae 6f-61 d9 bc 38 34 5f b4 8b   ..:_>..oa..84_..
+    0070 - 57 ac 36 56 fe a2 a6 53-84 55 7e 8c 18 28 ca 60   W.6V...S.U~..(.`
+    0080 - 24 87 ec 7f cf 95 6c f0-20 c3 49 76 65 99 fb e5   $.....l. .Ive...
+    0090 - 84 26 7e cd 3c 82 9a 2d-2d 75 d0 f6 3f a9 38 c7   .&~.<..--u..?.8.
+    00a0 - ab d0 9a 27 d6 18 95 de-62 28 57 97 4d 03 14 02   ...'....b(W.M...
+
+    Start Time: 1725304955
+    Timeout   : 7200 (sec)
+    Verify return code: 0 (ok)
+    Extended master secret: no
+    Max Early Data: 0
+---
+read R BLOCK
--- a/utils/mqtt.py
+++ b/utils/mqtt.py
@ -17,7 +17,7 @@ macs = []
 hist = {}

 def connect_mqtt():
-    def on_connect(client, userdata, flags, rc):
+    def on_connect(client, userdata, flags, rc, props):
        global connected
        if rc == 0:
            print("Connected to MQTT Broker!")
@ -25,7 +25,7 @@ def connect_mqtt():
        else:
            print("Failed to connect, return code %d\n", rc)

-    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION1, "asdasxzxdadaswd")
+    client = mqtt_client.Client(mqtt_client.CallbackAPIVersion.VERSION2, "asdasxzxdadaswd")
    client.tls_set(
        ca_certs='eventgrid.azure_full.pem',
        certfile='../certs/client1-authn-ID.pem',
@ -41,10 +41,10 @@ def connect_mqtt():

        if not mac in macs:
            macs.append(mac)
-            print (f"{len(macs)} {mac} {grp_id}")

        if not mac in hist:
-            hist[mac] = 0
+            hist[mac] = 1
+            print (f"{len(macs)} {mac} {grp_id}")
        else:
            hist[mac] += 1

@ -78,10 +78,12 @@ def main() -> None:
    #     publish(client, f"/{monitor[0]}", "pin|7856")
    #     publish(client, f"/{monitor[0]}", "s")

-    time.sleep(300)
+    time.sleep(60)

-    # for key in hist:
-    #     print(f"{key} : {hist[key]}")
+    sorted_dict = dict(sorted(hist.items(), key=lambda x:x[1]))
+
+    for key in sorted_dict:
+        print(f"{key} : {sorted_dict[key]}")

    client.disconnect()