From bfb3769f73ec7791305a187c4aaf30aa3e255dbe Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Tue, 9 Jul 2024 15:36:49 +0200
Subject: [PATCH 1/9] load cert and key from value instead from file

---
 client.go | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/client.go b/client.go
index 229ca21..64611d1 100644
--- a/client.go
+++ b/client.go
@@ -48,10 +48,10 @@ type conf struct {
 	timeout uint
 	// path to caRoot path
 	caRootPath string
-	// path to client cert file
-	clientCertPath string
-	// path to client cert key file
-	clientCertKeyPath string
+	// client cert PEM string
+	clientCert string
+	// client cert PEM string
+	clientCertKey string
 	// wether to skip the cert validity check
 	skipTLSValidation bool
 }
@@ -148,16 +148,16 @@ func (m *MqttAPI) client(c sobek.ConstructorCall) *sobek.Object {
 	} else {
 		clientConf.caRootPath = caRootPathValue.String()
 	}
-	if clientCertPathValue := c.Argument(7); clientCertPathValue == nil || sobek.IsUndefined(clientCertPathValue) {
-		clientConf.clientCertPath = ""
+	if clientCertValue := c.Argument(7); clientCertValue == nil || sobek.IsUndefined(clientCertValue) {
+		clientConf.clientCert = ""
 	} else {
-		clientConf.clientCertPath = clientCertPathValue.String()
+		clientConf.clientCert = clientCertValue.String()
 	}
-	if clientCertKeyPathValue := c.Argument(8); clientCertKeyPathValue == nil ||
-		sobek.IsUndefined(clientCertKeyPathValue) {
-		clientConf.clientCertKeyPath = ""
+	if clientCertKeyValue := c.Argument(8); clientCertKeyValue == nil ||
+		sobek.IsUndefined(clientCertKeyValue) {
+		clientConf.clientCertKey = ""
 	} else {
-		clientConf.clientCertKeyPath = clientCertKeyPathValue.String()
+		clientConf.clientCertKey = clientCertKeyValue.String()
 	}
 	labels := getLabels(c.Argument(9), rt)
 	metrics, err := registerMetrics(m.vu, labels)
@@ -222,8 +222,8 @@ func (c *client) Connect() error {
 		}
 	}
 	// Use local cert if specified
-	if len(c.conf.clientCertPath) > 0 {
-		cert, err := tls.LoadX509KeyPair(c.conf.clientCertPath, c.conf.clientCertKeyPath)
+	if len(c.conf.clientCert) > 0 {
+		cert, err := tls.X509KeyPair([]byte(c.conf.clientCert), []byte(c.conf.clientCertKey))
 		if err != nil {
 			panic("failed to parse client certificate")
 		}

From c7267ad43d394e8b56f28122a6babad7991ef90e Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Tue, 9 Jul 2024 15:41:09 +0200
Subject: [PATCH 2/9] fixed go.mod

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 9cd09ea..770648d 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/pmalhaire/xk6-mqtt
+module github.com/ezeeb/xk6-mqtt
 
 go 1.20
 

From 33e9e8c5657641c248e0eced9164c8742099e842 Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 17:34:50 +0200
Subject: [PATCH 3/9] added build script

---
 build.sh | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100755 build.sh

diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..b76d256
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+xk6 build v0.52.0 \
+  --replace google.golang.org/genproto@v0.0.0-20210226172003-ab064af71705=google.golang.org/genproto@v0.0.0-20230526161137-0005af68ea54 \
+  --replace google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1=google.golang.org/genproto@v0.0.0-20230526161137-0005af68ea54 \
+  --with github.com/avitalique/xk6-file@latest \
+  --with github.com/ezeeb/xk6-mqtt=.
\ No newline at end of file

From c9f3635318335cd062f6e1b4a59e22f1272c29f7 Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 17:35:47 +0200
Subject: [PATCH 4/9] also load ca root from pem content, changed to tls12 and
 mqtt 4

---
 client.go | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/client.go b/client.go
index 64611d1..4e4dbdd 100644
--- a/client.go
+++ b/client.go
@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"os"
 	"time"
 
 	paho "github.com/eclipse/paho.mqtt.golang"
@@ -47,7 +46,7 @@ type conf struct {
 	// timeout ms
 	timeout uint
 	// path to caRoot path
-	caRootPath string
+	caRoot string
 	// client cert PEM string
 	clientCert string
 	// client cert PEM string
@@ -143,10 +142,10 @@ func (m *MqttAPI) client(c sobek.ConstructorCall) *sobek.Object {
 	clientConf.timeout = uint(timeoutValue.ToInteger())
 
 	// optional args
-	if caRootPathValue := c.Argument(6); caRootPathValue == nil || sobek.IsUndefined(caRootPathValue) {
-		clientConf.caRootPath = ""
+	if caRootValue := c.Argument(6); caRootValue == nil || sobek.IsUndefined(caRootValue) {
+		clientConf.caRoot = ""
 	} else {
-		clientConf.caRootPath = caRootPathValue.String()
+		clientConf.caRoot = caRootValue.String()
 	}
 	if clientCertValue := c.Argument(7); clientCertValue == nil || sobek.IsUndefined(clientCertValue) {
 		clientConf.clientCert = ""
@@ -206,19 +205,19 @@ func (c *client) Connect() error {
 
 	var tlsConfig *tls.Config
 	// Use root CA if specified
-	if len(c.conf.caRootPath) > 0 {
-		mqttTLSCA, err := os.ReadFile(c.conf.caRootPath)
-		if err != nil {
-			panic(err)
-		}
+	if len(c.conf.caRoot) > 0 {
+		//	mqttTLSCA, err := os.ReadFile(c.conf.caRootPath)
+		//	if err != nil {
+		//		panic(err)
+		//	}
 		rootCA := x509.NewCertPool()
-		loadCA := rootCA.AppendCertsFromPEM(mqttTLSCA)
+		loadCA := rootCA.AppendCertsFromPEM([]byte(c.conf.caRoot))
 		if !loadCA {
 			panic("failed to parse root certificate")
 		}
 		tlsConfig = &tls.Config{
 			RootCAs:    rootCA,
-			MinVersion: tls.VersionTLS13,
+			MinVersion: tls.VersionTLS12,
 		}
 	}
 	// Use local cert if specified
@@ -254,6 +253,7 @@ func (c *client) Connect() error {
 	opts.SetUsername(c.conf.user)
 	opts.SetPassword(c.conf.password)
 	opts.SetCleanSession(c.conf.cleansess)
+	opts.SetProtocolVersion(4)
 	client := paho.NewClient(opts)
 	token := client.Connect()
 	rt := c.vu.Runtime()

From 3c9f0aa91ef99c0430a498084f2dc46058a30314 Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 22:25:45 +0200
Subject: [PATCH 5/9] switch back to old path based api, to load pems from
 files but additionally detect if value is actually pem content

---
 client.go | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/client.go b/client.go
index 4e4dbdd..0e4b5b0 100644
--- a/client.go
+++ b/client.go
@@ -6,6 +6,8 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"os"
+	"strings"
 	"time"
 
 	paho "github.com/eclipse/paho.mqtt.golang"
@@ -119,7 +121,7 @@ func (m *MqttAPI) client(c sobek.ConstructorCall) *sobek.Object {
 	}
 	clientConf.user = userValue.String()
 	passwordValue := c.Argument(2)
-	if userValue == nil || sobek.IsUndefined(passwordValue) {
+	if passwordValue == nil || sobek.IsUndefined(passwordValue) {
 		common.Throw(rt, errors.New("Client requires a password value"))
 	}
 	clientConf.password = passwordValue.String()
@@ -206,12 +208,20 @@ func (c *client) Connect() error {
 	var tlsConfig *tls.Config
 	// Use root CA if specified
 	if len(c.conf.caRoot) > 0 {
-		//	mqttTLSCA, err := os.ReadFile(c.conf.caRootPath)
-		//	if err != nil {
-		//		panic(err)
-		//	}
+		var caContent []byte
+		if strings.HasPrefix(c.conf.caRoot, "-----BEGIN CERTIFICATE-----") {
+			// PEM content
+			caContent = []byte(c.conf.caRoot)
+		} else {
+			// probably path to pem file
+			var err error
+			caContent, err = os.ReadFile(c.conf.caRoot)
+			if err != nil {
+				panic(err)
+			}
+		}
 		rootCA := x509.NewCertPool()
-		loadCA := rootCA.AppendCertsFromPEM([]byte(c.conf.caRoot))
+		loadCA := rootCA.AppendCertsFromPEM(caContent)
 		if !loadCA {
 			panic("failed to parse root certificate")
 		}
@@ -222,7 +232,15 @@ func (c *client) Connect() error {
 	}
 	// Use local cert if specified
 	if len(c.conf.clientCert) > 0 {
-		cert, err := tls.X509KeyPair([]byte(c.conf.clientCert), []byte(c.conf.clientCertKey))
+		var cert tls.Certificate
+		var err error
+		if strings.HasPrefix(c.conf.clientCert, "-----BEGIN CERTIFICATE-----") && strings.HasPrefix(c.conf.clientCertKey, "-----BEGIN RSA PRIVATE KEY-----") {
+			// PEM content
+			cert, err = tls.X509KeyPair([]byte(c.conf.clientCert), []byte(c.conf.clientCertKey))
+		} else {
+			// probably paths to pem files
+			cert, err = tls.LoadX509KeyPair(c.conf.clientCert, c.conf.clientCertKey)
+		}
 		if err != nil {
 			panic("failed to parse client certificate")
 		}
@@ -231,7 +249,7 @@ func (c *client) Connect() error {
 		} else {
 			tlsConfig = &tls.Config{
 				Certificates: []tls.Certificate{cert},
-				MinVersion:   tls.VersionTLS13,
+				MinVersion:   tls.VersionTLS12,
 			}
 		}
 	}
@@ -253,7 +271,6 @@ func (c *client) Connect() error {
 	opts.SetUsername(c.conf.user)
 	opts.SetPassword(c.conf.password)
 	opts.SetCleanSession(c.conf.cleansess)
-	opts.SetProtocolVersion(4)
 	client := paho.NewClient(opts)
 	token := client.Connect()
 	rt := c.vu.Runtime()

From 8e429579b59732c374ab7e2c0a908b1548c796cb Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 22:28:54 +0200
Subject: [PATCH 6/9] removed build file

---
 build.sh | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100755 build.sh

diff --git a/build.sh b/build.sh
deleted file mode 100755
index b76d256..0000000
--- a/build.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-xk6 build v0.52.0 \
-  --replace google.golang.org/genproto@v0.0.0-20210226172003-ab064af71705=google.golang.org/genproto@v0.0.0-20230526161137-0005af68ea54 \
-  --replace google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1=google.golang.org/genproto@v0.0.0-20230526161137-0005af68ea54 \
-  --with github.com/avitalique/xk6-file@latest \
-  --with github.com/ezeeb/xk6-mqtt=.
\ No newline at end of file

From d8daac65ff3025dd386160bbb89b3bfcd0ab6177 Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 22:32:49 +0200
Subject: [PATCH 7/9] improved comments of client conf struct

---
 client.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/client.go b/client.go
index 0e4b5b0..e8ee382 100644
--- a/client.go
+++ b/client.go
@@ -47,11 +47,11 @@ type conf struct {
 	clientid string
 	// timeout ms
 	timeout uint
-	// path to caRoot path
+	// caRoot PEM string or path
 	caRoot string
-	// client cert PEM string
+	// client cert PEM string or path
 	clientCert string
-	// client cert PEM string
+	// client cert PEM string or path
 	clientCertKey string
 	// wether to skip the cert validity check
 	skipTLSValidation bool

From 42a42ad1ec41b945e5e15d3239d0b47c894c61c7 Mon Sep 17 00:00:00 2001
From: Elmar Zeeb <elmar.zeeb@vreeda.com>
Date: Thu, 11 Jul 2024 22:41:17 +0200
Subject: [PATCH 8/9] reverted module name

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 770648d..9cd09ea 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/ezeeb/xk6-mqtt
+module github.com/pmalhaire/xk6-mqtt
 
 go 1.20
 

From 9d733b1b7575c74c00442c80139d0c0d8d471726 Mon Sep 17 00:00:00 2001
From: ezeeb <elmar.zeeb@vreeda.com>
Date: Fri, 19 Jul 2024 11:21:46 +0200
Subject: [PATCH 9/9] reverted to old tls version settings

---
 client.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client.go b/client.go
index e8ee382..2e81596 100644
--- a/client.go
+++ b/client.go
@@ -227,7 +227,7 @@ func (c *client) Connect() error {
 		}
 		tlsConfig = &tls.Config{
 			RootCAs:    rootCA,
-			MinVersion: tls.VersionTLS12,
+			MinVersion: tls.VersionTLS13,
 		}
 	}
 	// Use local cert if specified
@@ -249,7 +249,7 @@ func (c *client) Connect() error {
 		} else {
 			tlsConfig = &tls.Config{
 				Certificates: []tls.Certificate{cert},
-				MinVersion:   tls.VersionTLS12,
+				MinVersion:   tls.VersionTLS13,
 			}
 		}
 	}