Merge pull request #677 from GoogleCloudPlatform/cloud-iot-core

Changes script to use Java for IAM.

Author: gguuss

iot/api-client/README.md

@@ -4,7 +4,7 @@ Google Cloud IoT Core platform.
 
 ## Quickstart
 
-1. Install the gCloud CLI as described in [the device manager guide](https://cloud-dot-devsite.googleplex.com/iot/docs/device_manager_guide).
+1. Install the gCloud CLI as described in [the device manager guide](https://cloud.google.com/iot/docs/device_manager_guide).
 2. Create a PubSub topic:
 
     gcloud beta pubsub topics create projects/my-iot-project/topics/device-events

iot/api-client/mqtt_example/src/main/java/com/google/cloud/iot/examples/MqttExample.java

@@ -39,17 +39,26 @@
  * </pre>
  */
 public class MqttExample {
-  /** Load a PKCS8 encoded keyfile from the given path. */
-  private static PrivateKey loadKeyFile(String filename, String algorithm) throws Exception {
-    byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
+  /** Create a Cloud IoT Core JWT for the given project id, signed with the given private key. */
+  private static String createJwtRsa(String projectId, String privateKeyFile) throws Exception {
+    DateTime now = new DateTime();
+    // Create a JWT to authenticate this device. The device will be disconnected after the token
+    // expires, and will have to reconnect with a new token. The audience field should always be set
+    // to the GCP project id.
+    JwtBuilder jwtBuilder =
+        Jwts.builder()
+            .setIssuedAt(now.toDate())
+            .setExpiration(now.plusMinutes(20).toDate())
+            .setAudience(projectId);
+
+    byte[] keyBytes = Files.readAllBytes(Paths.get(privateKeyFile));
     PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
-    KeyFactory kf = KeyFactory.getInstance(algorithm);
-    return kf.generatePrivate(spec);
+    KeyFactory kf = KeyFactory.getInstance("RSA256");
+
+    return jwtBuilder.signWith(SignatureAlgorithm.RS256, kf.generatePrivate(spec)).compact();
   }
 
-  /** Create a Cloud IoT Core JWT for the given project id, signed with the given private key. */
-  private static String createJwt(String projectId, String privateKeyFile, String algorithm)
-      throws Exception {
+  private static String createJwtEs(String projectId, String privateKeyFile) throws Exception {
     DateTime now = new DateTime();
     // Create a JWT to authenticate this device. The device will be disconnected after the token
     // expires, and will have to reconnect with a new token. The audience field should always be set
@@ -60,16 +69,11 @@ private static String createJwt(String projectId, String privateKeyFile, String
             .setExpiration(now.plusMinutes(20).toDate())
             .setAudience(projectId);
 
-    if (algorithm.equals("RS256")) {
-      PrivateKey privateKey = loadKeyFile(privateKeyFile, "RSA");
-      return jwtBuilder.signWith(SignatureAlgorithm.RS256, privateKey).compact();
-    } else if (algorithm.equals("ES256")) {
-      PrivateKey privateKey = loadKeyFile(privateKeyFile, "EC");
-      return jwtBuilder.signWith(SignatureAlgorithm.ES256, privateKey).compact();
-    } else {
-      throw new IllegalArgumentException(
-          "Invalid algorithm " + algorithm + ". Should be one of 'RS256' or 'ES256'.");
-    }
+    byte[] keyBytes = Files.readAllBytes(Paths.get(privateKeyFile));
+    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
+    KeyFactory kf = KeyFactory.getInstance("ES256");
+
+    return jwtBuilder.signWith(SignatureAlgorithm.ES256, kf.generatePrivate(spec)).compact();
   }
 
   public static void main(String[] args) throws Exception {
@@ -102,8 +106,17 @@ public static void main(String[] args) throws Exception {
     // Paho client library to send the password field. The password field is used to transmit a JWT
     // to authorize the device.
     connectOptions.setUserName("unused");
-    connectOptions.setPassword(
-        createJwt(options.projectId, options.privateKeyFile, options.algorithm).toCharArray());
+
+    if (options.algorithm == "RSA256") {
+      connectOptions.setPassword(
+          createJwtRsa(options.projectId, options.privateKeyFile).toCharArray());
+    } else if (options.algorithm == "ES256") {
+      connectOptions.setPassword(
+          createJwtEs(options.projectId, options.privateKeyFile).toCharArray());
+    } else {
+      throw new IllegalArgumentException(
+          "Invalid algorithm " + options.algorithm + ". Should be one of 'RS256' or 'ES256'.");
+    }
 
     // Create a client, and connect to the Google MQTT bridge.
     MqttClient client = new MqttClient(mqttServerAddress, mqttClientId, new MemoryPersistence());

iot/api-client/scripts/README.md

@@ -0,0 +1,33 @@
+# Getting Started with Cloud Pub/Sub and the Google Cloud Client libraries
+
+[Google Cloud IoT Core](https://cloud.google.com/iot-core/)
+is a fully-managed, globally distributed solution for managing devices and
+sending / receiving messages from devices.
+
+This script manages the [Google Cloud Pub/Sub][pubsub] project associated with
+your Google Cloud IoT Core project to grant permissions to the protocol bridge.
+
+Create your PubSub topic noting the project ID and topic ID, then build and run
+the sample to configure your topic.
+
+[pubsub]: https://cloud.google.com/pubsub/
+
+#### Setup
+
+* Install [Maven](http://maven.apache.org/)
+* Build your project with:
+
+    mvn clean compile assembly:single
+
+#### Running the script
+
+The following code will run the helper script:
+
+    java -cp target/pubsub-policy-helper-1.0.0-jar-with-dependencies.jar \
+        com.example.pubsub.AddCloudIotService <topicName> <projectId>
+
+For example, the following example will configure the `device-events` topic
+for the `my-iot-project` project.
+
+    java -cp target/pubsub-policy-helper-1.0.0-jar-with-dependencies.jar \
+        com.example.pubsub.AddCloudIotService device-events my-iot-project

iot/api-client/scripts/README.rst

@@ -0,0 +1,76 @@
+<!--
+  Copyright 2017 Google Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.example.pubsub</groupId>
+  <artifactId>pubsub-policy-helper</artifactId>
+  <packaging>jar</packaging>
+
+  <!-- Parent defines config for testing & linting. -->
+  <parent>
+    <artifactId>doc-samples</artifactId>
+    <groupId>com.google.cloud</groupId>
+    <version>1.0.0</version>
+    <relativePath>../../..</relativePath>
+  </parent>
+
+  <properties>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <pubsub.version>0.17.2-alpha</pubsub.version>
+  </properties>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <configuration>
+          <archive>
+            <manifest>
+              <mainClass>com.example.pubsub.AddCloudIotService</mainClass>
+            </manifest>
+          </archive>
+          <descriptorRefs>
+            <descriptorRef>jar-with-dependencies</descriptorRef>
+          </descriptorRefs>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-pubsub</artifactId>
+      <version>${pubsub.version}</version>
+    </dependency>
+
+    <!-- Test dependencies -->
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.12</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.truth</groupId>
+      <artifactId>truth</artifactId>
+      <version>0.32</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>