IBM MQ SSL/TLS connections

A wizard to help configure your MQ SSL/TLS connections

This package was originally released as SupportPac MO04 If you wish to contribute to this package, please read CLA.md for the IBM Contributor License Agreement.

Scenario

The following scenario will be used for detailing the steps on enabling SSL support. The diagram shows App1, a sample Java application running in a non-IBM JVM instance which uses MQ Client libraries to connect to MQ queue manager.

The queue manager is enabled for SSL connections and a channel APP1.SVRCONN is defined with SSL authentication. This server-connection channel is used by APP1 to connect to the MQ Queue Manager.

credit: https://qadeer786.files.wordpress.com/2013/10/ssldemo1_overview.png

The following diagram shows how the certificates contain public, private keys and the contents of the key databases of either ends of the SSL channel.

credit: https://qadeer786.files.wordpress.com/2013/10/ssldemo1_keysharing.png

Simple example class

package mq;

// Standard Java API imports 
import java.io.FileInputStream;
import java.util.Hashtable;

// Standard Java SSL API imports
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

// WMQ imports
import com.ibm.mq.MQC;
import com.ibm.mq.MQQueueManager;

/**
 * Simple command line class to create an SSL connection
 * to a queue manager, with the WMQ Base Java classes.
 * @author hursleyonwmq blogger
 * @see https://hursleyonwmq.wordpress.com
 */
public class WmqSslTest {

    /**
     * Main method
     * Example MQSC to define
     *      SVRCONN: DEF CHL(TEST.SSL.CHL)
     *      CHLTYPE(SVRCONN)
     *      SSLCIPH(RC4_MD5_US)
     * @param args Unused
     * @throws Exception No exception handling
     */
    public static void main(String[] args) throws Exception {

        // Queue manager details
        String qmgrName = "TEST.SSL";
        Hashtable props = new Hashtable();
        props.put(MQC.CHANNEL_PROPERTY,   "TEST.SSL.CHL");
        props.put(MQC.HOST_NAME_PROPERTY, "localhost");
        props.put(MQC.PORT_PROPERTY,      new Integer(1414));
        
        // SSL details
        props.put(MQC.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_AES_128_CBC_SHA256");
        String keyStorePath   = "/path/to/keystore.jks";
        String trustStorePath = "/path/to/keystore.jks";
        String password       = "passw0rd";

        // Create a keystore object for the keystore
        KeyStore keyStore = KeyStore.getInstance("JKS");

        // Open our file and read the keystore
        FileInputStream keyStoreInput = new FileInputStream(keyStorePath);
        try {
            keyStore.load(keyStoreInput, password.toCharArray());
        }
        finally {
            keyStoreInput.close();
        }               

        // Create a keystore object for the truststore
        KeyStore trustStore = KeyStore.getInstance("JKS");
        
        // Open our file and read the truststore (no password)
        FileInputStream trustStoreInput = new FileInputStream(trustStorePath);
        try {
            trustStore.load(trustStoreInput, null);
        }
        finally {
            trustStoreInput.close();
        }               

        // Create a default trust and key manager
        TrustManagerFactory trustManagerFactory = 
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

        KeyManagerFactory keyManagerFactory = 
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

        // Initialise the managers
        trustManagerFactory.init(trustStore);
        keyManagerFactory.init(keyStore, password.toCharArray());

        // Get an SSL context. For more information on providers see:
        // http://www.ibm.com/developerworks/library/j-ibmsecurity.html
        // Note: Not all providers support all CipherSuites.
        SSLContext sslContext = SSLContext.getInstance("SSL"); // TLS
        System.out.println("SSLContextider: " + sslContext.getProvider().toString());

        // Initialise our SSL context from the key/trust managers  
        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

        // Get an SSLSocketFactory to pass to WMQ
        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        
        // Set the socket factory in our WMQ parameters
        props.put(MQC.SSL_SOCKET_FACTORY_PROPERTY, sslSocketFactory);
        
        // Connect to WMQ
        MQQueueManager qmgr = new MQQueueManager(qmgrName, props);
        try {
        
            // Query the description
            String desc = qmgr.getDescription();
            
            // Output the description
            System.out.println("Queueger DESCR: \"" + desc + "\"");

        }
        finally {
            qmgr.disconnect();
        }
    }
}

junlapong / mq-ssl-tls-connector Goto Github PK

mq-ssl-tls-connector's Introduction

IBM MQ SSL/TLS connections

Scenario

Simple example class

References

mq-ssl-tls-connector's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent