SSL客户端身份验证到WebSphere MQ
我正在尝试在我的 java 应用程序中启用 ssl 客户端身份验证以连接到 WMQ 我从这个主类开始:
public static void main(String[] args) throws Exception {
// Queue manager details
String qmgrName = "MGR";
String keyStorePath = "keystore.jks";
String trustStorePath = "keystore.jks";
String password = "changeit";
// Create a keystore object for the keystore
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// Open our file and read the keystore
FileInputStream keyStoreInput = new FileInputStream(keyStorePath);
try {
keyStore.load(keyStoreInput, password.toCharArray());
}
finally {
keyStoreInput.close();
}
// Create a keystore object for the truststore
KeyStore trustStore = KeyStore.getInstance("JKS");
// Open our file and read the truststore (no password)
FileInputStream trustStoreInput = new FileInputStream(trustStorePath);
try {
trustStore.load(trustStoreInput, password.toCharArray());
}
finally {
trustStoreInput.close();
}
// Create a default trust and key manager
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// Initialise the managers
trustManagerFactory.init(trustStore);
keyManagerFactory.init(keyStore, password.toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL"); // TLS
System.out.println("SSLContextider: " + sslContext.getProvider().toString());
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
// Get an SSLSocketFactory to pass to WMQ
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// Set the socket factory in our WMQ parameters
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setStringProperty(CommonConstants.WMQ_HOST_NAME, _IP);
cf.setIntProperty(CommonConstants.WMQ_PORT, 1414);
cf.setIntProperty(CommonConstants.WMQ_CONNECTION_MODE, CommonConstants.WMQ_CM_CLIENT);
cf.setStringProperty(CommonConstants.WMQ_CHANNEL, "DEV.ADMIN.SVRCONN");
cf.setStringProperty(CommonConstants.WMQ_QUEUE_MANAGER, qmgrName);
cf.setBooleanProperty(CommonConstants.USER_AUTHENTICATION_MQCSP, false);
cf.setSSLCipherSuite("TLS_RSA_WITH_AES_128_CBC_SHA256");
cf.setSSLSocketFactory(sslSocketFactory);
try (MQQueueConnection jmsConnection =
(MQQueueConnection)
cf.createQueueConnection();
MQQueueSession session =
(MQQueueSession) jmsConnection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
MQQueueSender sender =
(MQQueueSender) session.createSender(session.createQueue("DEV"))) {
jmsConnection.start();
sender.send(session.createTextMessage("aaa"));
}
}
我的问题是,当我将代码集成到我们的应用程序中时,我将拥有包含多个密钥的密钥库文件。 如何指定 WMQ java 客户端使用哪个别名?
I'm trying to enable ssl client authentication in my java application for connecting to WMQ
I'm starting with this main class:
public static void main(String[] args) throws Exception {
// Queue manager details
String qmgrName = "MGR";
String keyStorePath = "keystore.jks";
String trustStorePath = "keystore.jks";
String password = "changeit";
// Create a keystore object for the keystore
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// Open our file and read the keystore
FileInputStream keyStoreInput = new FileInputStream(keyStorePath);
try {
keyStore.load(keyStoreInput, password.toCharArray());
}
finally {
keyStoreInput.close();
}
// Create a keystore object for the truststore
KeyStore trustStore = KeyStore.getInstance("JKS");
// Open our file and read the truststore (no password)
FileInputStream trustStoreInput = new FileInputStream(trustStorePath);
try {
trustStore.load(trustStoreInput, password.toCharArray());
}
finally {
trustStoreInput.close();
}
// Create a default trust and key manager
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// Initialise the managers
trustManagerFactory.init(trustStore);
keyManagerFactory.init(keyStore, password.toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSL"); // TLS
System.out.println("SSLContextider: " + sslContext.getProvider().toString());
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
// Get an SSLSocketFactory to pass to WMQ
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// Set the socket factory in our WMQ parameters
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setStringProperty(CommonConstants.WMQ_HOST_NAME, _IP);
cf.setIntProperty(CommonConstants.WMQ_PORT, 1414);
cf.setIntProperty(CommonConstants.WMQ_CONNECTION_MODE, CommonConstants.WMQ_CM_CLIENT);
cf.setStringProperty(CommonConstants.WMQ_CHANNEL, "DEV.ADMIN.SVRCONN");
cf.setStringProperty(CommonConstants.WMQ_QUEUE_MANAGER, qmgrName);
cf.setBooleanProperty(CommonConstants.USER_AUTHENTICATION_MQCSP, false);
cf.setSSLCipherSuite("TLS_RSA_WITH_AES_128_CBC_SHA256");
cf.setSSLSocketFactory(sslSocketFactory);
try (MQQueueConnection jmsConnection =
(MQQueueConnection)
cf.createQueueConnection();
MQQueueSession session =
(MQQueueSession) jmsConnection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
MQQueueSender sender =
(MQQueueSender) session.createSender(session.createQueue("DEV"))) {
jmsConnection.start();
sender.send(session.createTextMessage("aaa"));
}
}
My problem is that when I will integrate my code in our application, I will have keystore file which contains multiples keys.
How can I specify which alias I want WMQ java client to use?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论