2,633
社区成员
发帖
与我相关
我的任务
分享怎么用SSL 和IBM MQ 建立连接?
求具体MQ Server端/客户端的配置,和java代码实例 在windows server 2003 上 MQ7.0
...全文
请发表友善的回复…
发表回复
JasonYao 2011-08-29
- 打赏
- 举报
不好意思,我结贴晚了,我现在在出差,还验证不了,等我回去试试,如果不行,还要向你请教的
[Quote=引用 2 楼 humanity 的回复:]
Java code
public class Connect2MQ {
public static void main(String[] args) {
Hashtable config = new Hashtable();
MQQueueManager qmgr = null;
MQQueue queue = null;
……
[/Quote]
humanity 2011-08-24
- 打赏
- 举报
启用 SSL 里面在 MQ 的 的 MCA 通道代理上设置 cipher suite。
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/0510_fehners/0510_fehners.html
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/0510_fehners/0510_fehners.html
humanity 2011-08-24
- 打赏
- 举报
public class Connect2MQ {
public static void main(String[] args) {
Hashtable config = new Hashtable();
MQQueueManager qmgr = null;
MQQueue queue = null;
try {
KeyStoreSpi ks;
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(Connect2MQ.class.getResourceAsStream("/key.jks"),
"windows2000".toCharArray());
KeyStore truststore = KeyStore.getInstance("JKS");
truststore.load(Connect2MQ.class.getResourceAsStream("/trust.jks"),
"windows2000".toCharArray());
ArrayList certs = new ArrayList();
for (Enumeration aliases = keystore.aliases(); aliases
.hasMoreElements();) {
String alias = (String) aliases.nextElement();
certs.add(keystore.getCertificate(alias));
if (alias.toLowerCase().startsWith("ibmwebspheremq")) {
System.out.println("Alias :" + alias);
Certificate cert = keystore.getCertificate(alias);
// System.out.println(cert);
}
}
Provider a;
//Alg: SunX509, IBMX509, JSSE.
KeyManagerFactory kmf = null;
try {
kmf = KeyManagerFactory.getInstance("IBMX509");
} catch (Exception e) {
kmf = KeyManagerFactory.getInstance("SunX509");
}
kmf.init(keystore, "windows2000".toCharArray());
KeyManager[] km = kmf.getKeyManagers();
TrustManagerFactory tmf = null;
try {
tmf = TrustManagerFactory.getInstance("IBMX509");
} catch (Exception e) {
tmf = TrustManagerFactory.getInstance("SunX509");
}
tmf.init(truststore);
TrustManager[] tm = tmf.getTrustManagers();
final X509TrustManager[] tm2 = (X509TrustManager[]) Arrays.asList(
tm).toArray(new X509TrustManager[tm.length]);
X509TrustManager[] tm3 = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] arg0,
String arg1) throws CertificateException {
for (int i = 0; i < arg0.length; i++) {
System.out.println("Check Client Cert :" + arg0[i]
+ ", alg:" + arg1);
}
try {
tm2[0].checkClientTrusted(arg0, arg1);
} catch (CertificateException e) {
System.err.println("Cert ex caught :" + e.toString());
}
}
public void checkServerTrusted(X509Certificate[] arg0,
String arg1) throws CertificateException {
for (int i = 0; i < arg0.length; i++) {
System.out.println("Check Server Cert :" + arg0[i]
+ ", alg:" + arg1);
}
try {
tm2[0].checkServerTrusted(arg0, arg1);
} catch (CertificateException e) {
System.err.println("Cert ex caught :" + e.toString());
}
}
public X509Certificate[] getAcceptedIssuers() {
return tm2[0].getAcceptedIssuers();
}
} };
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(km, tm3, null);
String[] suites = ctx.getSocketFactory().getSupportedCipherSuites();
for (int i = 0; i < suites.length; i++) {
System.out.println("Suite : " + suites[i]);
}
System.out.println("\n\n");
MQEnvironment.sslSocketFactory = ctx.getSocketFactory();
MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA";
// MQEnvironment.sslCipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA";
MQEnvironment.sslPeerName = "CN=CAPA, O=WebSphere MQ, C=CN";
// MQEnvironment.sslPeerName = "CN=Daniel, O= Atreides, C=CN";
MQEnvironment.hostname = "localhost";
MQEnvironment.port = 1414;
MQEnvironment.CCSID = 819;
MQEnvironment.channel = "GREEN.SVRCONN";
MQEnvironment.userID = "Daniel";
for (Iterator iter = new TreeMap(System.getProperties()).entrySet()
.iterator(); iter.hasNext();) {
Map.Entry entry = (Map.Entry) iter.next();
if (((String) entry.getKey()).startsWith("javax.")) {
System.out.println("-D" + entry.getKey() + "="
+ entry.getValue());
}
}
qmgr = new MQQueueManager("CAPA");
queue = qmgr.accessQueue("Q.REPLY",
MQC.MQOO_INPUT_AS_Q_DEF | MQC.MQOO_OUTPUT);
MQMessage msg = new MQMessage();
msg.writeString("This is a confidential message.");
queue.put(msg);
Thread.sleep(50000);
humanity 2011-08-24
- 打赏
- 举报
在通道上配置 加密的算法,MQ 的 keystore 要有证书, key 的别名好像是 ibmwebspheremq + 队列管理器名字,这个 key 的别名是固定的,你只要在 keystore 有这个别名 MQ 就会自动用它来建立 SSL 连接,管理 keystore 就用 MQ 安装时自带的 IBM gsk7 或 gsk8。
创建 MQManager 时,下面几种传递初始化参数的地方(你的代码用哪个就选哪个),需要给出一个适合的 cipher suite。
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_MD5";
MQEnvironment.properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_NULL_MD5");
properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_NULL_MD5");
new MQManager(xxx, properties);
创建 MQManager 时,下面几种传递初始化参数的地方(你的代码用哪个就选哪个),需要给出一个适合的 cipher suite。
MQEnvironment.sslCipherSuite = "SSL_RSA_WITH_NULL_MD5";
MQEnvironment.properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_NULL_MD5");
properties.put(MQC.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_NULL_MD5");
new MQManager(xxx, properties);
