B4J Library B4JMosquittoPBKDF2 library

If you are using the original Mosquitto broker, you may be aware (or not) that there is a plugin called "mosquitto-auth-plug" which is an authentication plugin for the Mosquitto broker with multiple back-ends (MySQL, Redis, CDB, SQLite3). You need to compile it and set it up to work with Mosquitto but it is well worth the effort if you want more flexibility to handle users and topics in real time.

When using this plugin and adding users to the backend database, we need to create a hashed password using the SecretKeyFactory algorithm called PBKDF2WithHmacSHA256. To help me with this in my B4J-client, I compiled a small library based on code found in the Contrib-folder in the original github-project.

You can find this library attached and it has 2 methods:

-CreateHashPassword(plainPassword as String) as String
-IsValidPassword(plainPassword as String, hashPassword as String) as Boolean

I also attach a library for B4A but it will only work with SDK 26+ since PBKDF2WithHmacSHA256 was added to Android only with said SDK.

To support this fully on Android and with B4i, you can add the B4J-library to a B4J RDC-server on your VPS and pass on the parameters from your clients by an API-call. If doing so, you should protect the exchange of data with SSL.

 

[moster67]

Just noted I became an Expert user (being message 2000)
I am by no means an expert but it was a good way to start the new year...

 

[Don Oso]

This is Awsome ! Thanks! .. adding this library to the mosquitto compilation you loose the old mosquito auth?

Thanks
Javier.

 

[moster67]

Wait!!
the library I attached is a support library for the authentication plug-in when it communicates with the backend-database.
My library is NOT the plugin itself. The plugin must be compiled and set up to work with Mosquitto as can be read in the plugin's documentation.
Once you have set up the authentication plugin, you don't need the old mosquitto configuration file (at least the part about users/topics) since users/topics will be stored in a database.
I hope this clarified things...

 

[alimanam3386]

@moster67 , sorry can you send the compiled file ( auth-plug.so ) for me by email ? or upload it here , thank you for your work

 

[Don Oso]

Wait!!
the library I attached is a support library for the authentication plug-in when it communicates with the backend-database.
My library is NOT the plugin itself. The plugin must be compiled and set up to work with Mosquitto as can be read in the plugin's documentation.
Once you have set up the authentication plugin, you don't need the old mosquitto configuration file (at least the part about users/topics) since users/topics will be stored in a database.
I hope this clarified things...

Yes i understand , right word is Plugin no library .. i already have an android app using my mosquito server and also b4j app using the same mosquito adding this Plugin to mosquitto my android app will loose the old auth or all type of auth coexist?

Thanks!

 

[moster67]

can you send the compiled file ( auth-plug.so ) for me by email

Even if I would like to, I cannot do it because it would not be compatible with your mosquitto-broker setup. Before compiling the plugin, you need to set up a configuration which takes into consideration your mosquitto-server, the database you are using etc. Basically you are compiling the plugin against your Mosquitto-broker so it can easily be integrated. I guess this is the reason why you cannot simply download the auth-plug-so file. Sorry.

 

[moster67]

will loose the old auth or all type of auth coexist

I guess, you could transfer your current users and topics to the database backend of the authentication plugin. It really depends on your needs; if you have users and the topics are always the same, maybe it is not worth it - however if you need to handle many users/topics and don't want to restart the mosquitto-server, the authentication is a good solution.