stackoom
  简体   繁体   中英

Websphere MQ SSL connection using java

 原文  2015-10-13 15:09:05       java/ ssl/ ibm-mq/ mq

Question

I've below code which connects to IBM Websphere MQ that doesn't have SSL without issues and able to put/ get messages. But when I try to connect with a MQ with SSL, i'm getting error.

Please note that the patch() method is to disable SSL, which gets executed but isn't disabling SSL.

Rather than this, can you tell me how I can connect to the MQ that has SSL enabled channel.

Note - I've the certificate files like - key.kdb, key.crl, key.rdb, key.sth and few other CA3, CA4.cer files. How do I install them and use it in my code? 

import com.ibm.mq.MQEnvironment;
import com.ibm.mq.MQMessage;
import com.ibm.mq.MQPutMessageOptions;
import com.ibm.mq.MQQueue;
import com.ibm.mq.MQQueueManager;
import com.ibm.mq.constants.CMQC;
import com.ibm.mq.*;

import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Hashtable;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class mq1 {

public static String    host = "localhost";
public static int       port = 1414;
public static String    strchannel = "MQ.CHL";
public static String    strqueuemanager = "MQMGR";
public static String    strqueue = "REQUEST.QUEUE";

@SuppressWarnings("deprecation")
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException {
//call patch() to skip SSL 
patch();

int openOptions = CMQC.MQOO_BROWSE | CMQC.MQOO_INQUIRE | CMQC.MQOO_OUTPUT | CMQC.MQOO_INPUT_AS_Q_DEF ;

MQEnvironment.hostname = host;
MQEnvironment.port = port;
MQEnvironment.channel = strchannel;
MQEnvironment.properties.put(CMQC.TRANSPORT_PROPERTY,CMQC.TRANSPORT_MQSERIES);

MQQueueManager qMgr;
try {
qMgr = new MQQueueManager (strqueuemanager);
System.out.println(qMgr);
MQQueue destQueue = qMgr.accessQueue(strqueue, openOptions);
System.out.println("Queue size:" + destQueue.getCurrentDepth()); 
MQMessage hello_world = new MQMessage(); 
System.out.println("MQMessage message created");
hello_world.writeUTF("Sending Sample message"); 
MQPutMessageOptions pmo = new MQPutMessageOptions();
try {
destQueue.put(hello_world,pmo);
destQueue.get(hello_world);
}
catch (Exception e)
{
System.out.println(e.getMessage());
}

int len = hello_world.getDataLength();
System.out.println("Length : " + len);
System.out.println("GET: "+ hello_world.readString(len-1));
destQueue.close();
qMgr.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}


public static void patch() throws KeyManagementException, NoSuchAlgorithmException {

System.out.println("Calling SSL patch");

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}

public void checkClientTrusted(X509Certificate[] certs, String authType) {
}

public void checkServerTrusted(X509Certificate[] certs, String authType) {
}

}
};

System.out.println("trustAllCerts = "+trustAllCerts);

SSLContext sc = SSLContext.getInstance("SSL");

System.out.println("sc before init = "+sc);

sc.init(
null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
return true;
}
};

System.out.println("sc after init= "+sc);
System.out.println("allHostsValid= "+allHostsValid);
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
}

}

1 answers

solution1
 1  2015-10-14 02:51:45

Easiest way is not to put it in your code at all and instead utilise a Client Channel Definitiin Table (CCDT). Then you can use it without SSL and later change the CCDT to use SSL without needing to change your code at all. This is considered the best practice for client connectivity to IBM MQ.

This will mean you stop using the MQEnvironment class to pass in things like the channel name, hostname etc, and instead use a slightly different MQQueueManager constructor with two parameters, the first is the queue managers name as before, the second is the name of your CCDT file.

You can read more about how to use the CCDT with Java in the official IBM MQ Knowledge Center at the following page which also includes a link to how to create the CCDT file:-

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Websphere MQ - Java connection Check MQ (websphere) connection in Java Connecting to WebSphere MQ using anonymous SSL SSL with WebSphere MQ 7 Websphere MQ connection pooling Using XA transactions with WebSphere MQ in standalone Java Connecting to WebSphere MQ 7.0 using JMS through SSL java websphere MQ MQ (websphere) connection issue java.lang.NoClassDefFoundError WebSphere MQ using JMS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM