feat: 增加tls配置

cmd/agent/global/ca/mqtt-client.cert.pem

+-----BEGIN CERTIFICATE-----
+MIIDETCCAfkCFGWfF8Zkl0IcOz2rTsXKqwU0YhrJMA0GCSqGSIb3DQEBCwUAMEUx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjQxMDE3MDY1NDUxWhcNMjUxMDE3MDY1
+NDUxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
+CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuFiGtft3DWXukQs0mKM8HNIwT+cvEypXW0BcNsYki1PmMNNw
+g1OuVP49RkuVFWNxPFlObIBsC+swY1OqaFc/NMwDOJfaJQDqtDtukPep47gWTnVi
+U7/MMdUXIEE7v4VF1d/jJZEmhjQR7E4/aKtauXXfwW6OiBfwV1TfYR8WaZ3R6dIZ
+HsbRMAXtg2zNFX6c7wHUGeHLnDXwbjv5Dd74Gh6NUTaJPLU26O7TqEWfpxJ8QZu5
+rhMsyndHM4rZsa3zFjc7XwWcJiayW3crF+WmryFt3EBSnC9qRhuMOtoWy4qlQkYN
+l964ElaLs0gtjBTUJBuiWmjzNooJhEqQRxIiZwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQCA1umnAg7oUQDhQIV2sBlzs1eaTbEcDXPLQgDS/p7Pz97C8hAHY073OQDX
+MYMRViP+3RbOgRdeK8GCl9ByGHPKGRx8q1k9CGCP0ighSAOMSiwP/lDjMq3Gehh7
+/dddzYXdbh2qoGcr9iyvwxTFp530IromG1MyZbyW6Zs+P0RG0+maOQVuruHkIL5p
+VZBjgqTwIOwY4n7tOdo3XR6+g4o1bhwH4gR3oUMaHWJNn969l9JSmeDgdjLEj3i/
+uRC4WxwSVfNpxnfMVakvZjBeV7C+tOzi1Z8skSEXIRn7KxSUmTs3Gqqy/QQFAFeL
+kWoPgfry6bVSVUF22JSLC4G4RG11
+-----END CERTIFICATE-----

cmd/agent/global/ca/mqtt-client.key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4WIa1+3cNZe6R
+CzSYozwc0jBP5y8TKldbQFw2xiSLU+Yw03CDU65U/j1GS5UVY3E8WU5sgGwL6zBj
+U6poVz80zAM4l9olAOq0O26Q96njuBZOdWJTv8wx1RcgQTu/hUXV3+MlkSaGNBHs
+Tj9oq1q5dd/Bbo6IF/BXVN9hHxZpndHp0hkextEwBe2DbM0VfpzvAdQZ4cucNfBu
+O/kN3vgaHo1RNok8tTbo7tOoRZ+nEnxBm7muEyzKd0czitmxrfMWNztfBZwmJrJb
+dysX5aavIW3cQFKcL2pGG4w62hbLiqVCRg2X3rgSVouzSC2MFNQkG6JaaPM2igmE
+SpBHEiJnAgMBAAECggEASTfwGWvNd2bbAIUA2PdMsu3Q/ouGKQiSNc40UhUVArnK
+He59K8wa2+s3DyqKBjq/CQc3nOTNBVbemzTp5BNzKVc2mE3H+RaKIhfQ7IdR1P6S
+7Yq2CSmOwuQuEUOXpZQbjr0kDRG/yWH5FHBnwvz8RdlJjByLRAauESHGr16Xmk7F
+KJSjSzxFzlWgztLS+fowQ7XFRrVsjoXEwlwLWYoUQ6L515OMOKIQ6i7L/RYNu+BC
+FDBhdKsALdtDksYEQAuz8uYriGu30nTda/bb0fMLpMb1dUL9OKGrGhTEqSNYp+0C
+T0eexyyFoCF96e3gOcsyNsHYx+Bxu6/Sjyg016DJYQKBgQDyk4WzWp7qKNX+tJj4
+SRgvvsiN8KDaHJPlB29mjThQhefvq9erNSGxqVzCLCHNDVVZwQqyyps/K2n+bm2a
+X4bahB8uhuYH5WJQs/9to55A/uhjZJD22ZSEmr1wp3t4QrM6r3J3XtSFl1uxprS8
+k4Z7rJVSMq4qGIHutBaEs+R+mQKBgQDCjBPAEhdUlPOiXgun02kjd7jwl/eQMYqa
+/Qwgrbg9vVSO3mENeI5A5NtvLCSpDxuCkG90UeiqhRLlTOXJ5IjQjec0zpxSR4bW
+ISQldYyFLmC2UZmoebNjcHpipJSYP1bkir40kzZT859PFslaqziG6EUxCmPjnGnN
+INxgtOVI/wKBgGvW13Zvj/xLYS8VfHfMjvsS1rf7RJcSY1FLJ+QwXdu2W/D5tSxA
+t5Ty1PDhi7lL9yiqoCXx2miP1VQuJX2egCX+3JnjkLnr6PQ1wRUtyvncGNWu7J9B
+BTyaSiOd4U8KYAFz4/BbcSFes33bvbej4gJzLALZ0wGV2ZWT6/rcunTpAoGAacSa
+IDw1ruhkJIwYrh9D8+JtC3CzSROGFYkphMKtffNm+11vSlGWlTVXD3PiYn8yJ6O6
+1HSLl9lNUpih/UdgEnJzlsQVPK5iYhwWeL8VrHpwXe6zKWMw4gkOoH51wuf8p7e+
+fPrj+HRk0izDP6YCz2WL6IOLlv08kCcjaPgwB6UCgYBdhTSqLFM6zeyTUBQvOcdK
+6agXhdxwhvmBchGF43CXzQPA4dNt7dGSGzbkj1paQ562iaH5rjOgjlw+xlnaOU4+
+vsDMZs+1SQYrRZNpokn3adqTTCv8QuIOgd43VGi/yrgffX/6S9ARUbEkijYcTucR
+ASrHaous9I9jxc+0DpGjTQ==
+-----END PRIVATE KEY-----

cmd/agent/global/mqtt_tls.go

+package global
+
+import "embed"
+
+//go:embed ca/*
+var CertFS embed.FS
+
+var MyCertPem = "ca/mqtt-client.cert.pem"
+var MyCertKey = "ca/mqtt-client.key.pem"

module/backend/backend.go

 package backend
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"strings"
 	"time"
@@ -45,7 +47,14 @@ func New(opts ...BackendOpt) *Backend {
 	clientOpts.SetUsername(global.MQTTUsername)
 	clientOpts.SetPassword(global.MQTTPassword)
 
-	// TODO: TLS配置
+	// TLS配置
+	tlsConfig, err := newTlsConfig()
+	if err != nil {
+		l.Error(err)
+		return nil
+	}
+	clientOpts.SetTLSConfig(tlsConfig)
+
 	// 设置session持久化订阅，基于clientid，在客户端断开连接时topic不会自动删除
 	clientOpts.SetCleanSession(false)
 
@@ -174,3 +183,30 @@ func translateTopic(key string) (ret string) {
 func (b *Backend) Receive(msg *global.Message) error {
 	return nil
 }
+
+func newTlsConfig() (*tls.Config, error) {
+	// 配置 TLS 以忽略证书验证
+	cfg := new(tls.Config)
+	cfg.RootCAs = x509.NewCertPool()
+
+	certPemBytes, err := global.CertFS.ReadFile(global.MyCertPem)
+	if err != nil {
+		return nil, fmt.Errorf("load cert pem err:%s", err)
+	}
+
+	certKeyBytes, err := global.CertFS.ReadFile(global.MyCertKey)
+	if err != nil {
+		return nil, fmt.Errorf("load key pem err:%s", err)
+	}
+
+	cert, err := tls.X509KeyPair(certPemBytes, certKeyBytes)
+	if err != nil {
+		return nil, fmt.Errorf("parse cert/key err:%s", err)
+	}
+
+	cfg.Certificates = append(cfg.Certificates, cert)
+
+	cfg.InsecureSkipVerify = true
+
+	return cfg, nil
+}