Merge pull request #1645 from samson0v/master

imbeacon · web-flow · commit 392b09d9f094 · 2025-01-09T09:51:00.000+02:00
Fixed TLS + Access Token connection type
diff --git a/thingsboard_gateway/gateway/tb_client.py b/thingsboard_gateway/gateway/tb_client.py
@@ -166,30 +166,7 @@ def _create_mqtt_client(self, credentials):
                 else:
                     self.__client_id = str(credentials["clientId"])
 
-        rate_limits_config = {}
-        if self.__config.get('messagesRateLimits'):
-            rate_limits_config['messages_rate_limit'] = self.__config['messagesRateLimits']
-        if self.__config.get('telemetryRateLimits'):
-            rate_limits_config['telemetry_rate_limit'] = self.__config['rateLimits']
-        if self.__config.get('telemetryDpRateLimits'):
-            rate_limits_config['telemetry_dp_rate_limit'] = self.__config['dpRateLimits']
-
-        if self.__config.get('deviceMessagesRateLimits'):
-            rate_limits_config['device_messages_rate_limit'] = self.__config['deviceMessagesRateLimits']
-        if self.__config.get('deviceTelemetryRateLimits'):
-            rate_limits_config['device_telemetry_rate_limit'] = self.__config['deviceRateLimits']
-        if self.__config.get('deviceTelemetryDpRateLimits'):
-            rate_limits_config['device_telemetry_dp_rate_limit'] = self.__config['deviceDpRateLimits']
-
-        if 'rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters:
-            rate_limits_config = {}
-            if self.__config.get('rateLimits'):
-                rate_limits_config['rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config.get(
-                    'rateLimits') == 'DEFAULT_TELEMETRY_RATE_LIMIT' else self.__config['rateLimits']
-            if ('dp_rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters and
-                    self.__config.get('dpRateLimits')):
-                rate_limits_config['dp_rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config[
-                    'dpRateLimits'] == 'DEFAULT_TELEMETRY_DP_RATE_LIMIT' else self.__config['dpRateLimits']
+        rate_limits_config = self.__get_rate_limit_config()
 
         if rate_limits_config:
             self.client = TBGatewayMqttClient(self.__host, self.__port, self.__username, self.__password, self,
@@ -225,14 +202,6 @@ def _create_mqtt_client(self, credentials):
         cert_required = CERT_REQUIRED if (self.__ca_cert and
                                           self.__cert) else ssl.CERT_OPTIONAL if self.__cert else ssl.CERT_NONE
 
-        # if self.__ca_cert is None:
-        #     self.__logger.info("CA certificate is not provided. Using system CA certificates.")
-        #     self.__ca_cert = TBUtility.get_path_to_ca_certificates()
-        #     if self.__ca_cert is None:
-        #         self.__logger.error("CA certificate is not provided and system CA certificates are not found. "
-        #                             "Will not be able to verify the server. You can set caCert in the configuration.")
-        #         cert_required = ssl.CERT_NONE
-
         self.client._client.tls_set(ca_certs=self.__ca_cert,
                                     certfile=self.__cert,
                                     keyfile=self.__private_key,
@@ -244,6 +213,34 @@ def _create_mqtt_client(self, credentials):
         if self.__logger.isEnabledFor(10):
             self.client._client.enable_logger(self.__logger)  # noqa pylint: disable=protected-access
 
+    def __get_rate_limit_config(self):
+        rate_limits_config = {}
+        if self.__config.get('messagesRateLimits'):
+            rate_limits_config['messages_rate_limit'] = self.__config['messagesRateLimits']
+        if self.__config.get('telemetryRateLimits'):
+            rate_limits_config['telemetry_rate_limit'] = self.__config['rateLimits']
+        if self.__config.get('telemetryDpRateLimits'):
+            rate_limits_config['telemetry_dp_rate_limit'] = self.__config['dpRateLimits']
+
+        if self.__config.get('deviceMessagesRateLimits'):
+            rate_limits_config['device_messages_rate_limit'] = self.__config['deviceMessagesRateLimits']
+        if self.__config.get('deviceTelemetryRateLimits'):
+            rate_limits_config['device_telemetry_rate_limit'] = self.__config['deviceRateLimits']
+        if self.__config.get('deviceTelemetryDpRateLimits'):
+            rate_limits_config['device_telemetry_dp_rate_limit'] = self.__config['deviceDpRateLimits']
+
+        if 'rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters:
+            rate_limits_config = {}
+            if self.__config.get('rateLimits'):
+                rate_limits_config['rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config.get(
+                    'rateLimits') == 'DEFAULT_TELEMETRY_RATE_LIMIT' else self.__config['rateLimits']
+            if ('dp_rate_limit' in inspect.signature(TBGatewayMqttClient.__init__).parameters and
+                    self.__config.get('dpRateLimits')):
+                rate_limits_config['dp_rate_limit'] = 'DEFAULT_RATE_LIMIT' if self.__config[
+                    'dpRateLimits'] == 'DEFAULT_TELEMETRY_DP_RATE_LIMIT' else self.__config['dpRateLimits']
+
+        return rate_limits_config
+
     def __get_path_to_cert(self, filename):
         if exists(self.__config_folder_path + filename):
             return self.__config_folder_path + filename
diff --git a/thingsboard_gateway/tb_utility/tb_gateway_remote_configurator.py b/thingsboard_gateway/tb_utility/tb_gateway_remote_configurator.py
@@ -750,6 +750,9 @@ def _apply_connection_config(self, config) -> bool:
 
             previous_rate_limits = self._gateway.tb_client.get_rate_limits()
 
+            # check if security type is tlsAccessToken
+            config = self.__check_and_process_tls_access_token(config)
+
             while not self._gateway.stopped and not connection_state:
                 self._gateway.__subscribed_to_rpc_topics = False
                 if use_new_config:
@@ -783,6 +786,18 @@ def _apply_connection_config(self, config) -> bool:
             self._revert_connection()
             return False
 
+    def __check_and_process_tls_access_token(self, config):
+        if config.get('security', {}).get('type') == 'tlsAccessToken':
+            cert_content = config['security']['caCert']
+
+            ca_cert_path = self._gateway.get_config_path() + 'ca.pem'
+            with open(ca_cert_path, 'w') as file:
+                file.write(cert_content)
+
+            config['security']['caCert'] = ca_cert_path
+
+        return config
+
     def _revert_connection(self):
         try:
             self.__log.warning("Remote general configuration will be restored.")
