| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| ISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1 |
« View previous topic :: View next topic » |
| Author |
Message
|
| ravi21588 |
 Posted: Fri Nov 04, 2016 2:26 pm Post subject: ISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1 |
 |
|
Newbie
Joined: 27 May 2016
Posts: 5
|
Hi All,
Iam able to successfully connect to iseries application without SSl from Jboss Eap 6.1 using MQ Resource Adapter.Now We are trzing to connect to Iseries Application MQ using SSl.JBoss Eap 6.1 running in Oracle JDK 1.7.
In ISeries they have configured QM with Certificates and in channel Cipher Spec TLS_RSA_WITH_AES_128_CBC_SHA256.in Cipher Suite property we have specified the CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 and added MQSeries certificate in client java store.
We are getting below error�
com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'null'.
Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
Inner exception(s):
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
FAILURE
So in order to Establish the connectivity i thought of connecting MQ using from Java Application.Below is the program.
| Code: |
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import com.ibm.msg.client.jms.JmsConnectionFactory;
import com.ibm.msg.client.jms.JmsFactoryFactory;
import com.ibm.msg.client.wmq.WMQConstants;
/**
* A JMS producer (sender or publisher) application that sends a simple message to the named
* destination (queue or topic).
*
* Notes:
*
* API type: IBM JMS API (v1.1, unified domain)
*
* Messaging domain: Point-to-point or Publish-Subscribe
*
* Provider type: WebSphere MQ
*
* Connection mode: Client connection
*
* JNDI in use: No
*
* Usage:
*
* JmsProducer -m queueManagerName -d destinationName [-h host -p port -l channel]
*
* for example:
*
* JmsProducer -m QM1 -d Q1
*
* JmsProducer -m QM1 -d topic://foo -h localhost -p 1414
*/
public class JmsProducer {
private static String host = " ITEST2.TEST.COMPANY";
private static int port = 15501;
private static String channel = "TEST.CHNL";
private static String queueManagerName = "TESTQM";
private static String destinationName = "SOURCE.DESTINATION.READ.IN";
private static boolean isTopic = false;
// System exit status value (assume unset value to be 1)
private static int status = 1;
/**
* Main method
*
* @param args
*/
public static void main(String[] args) {
// Parse the arguments
//parseArgs(args);
// Variables
Connection connection = null;
Session session = null;
Destination destination = null;
MessageProducer producer = null;
System.setProperty("javax.net.ssl.trustStore", "C:/Temp/Security/jssecacerts");
System.setProperty("javax.net.ssl.keyStore", "C:/Temp/Security/jssecacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
System.setProperty("com.ibm.mq.cfg.preferTLS", "true");
System.setProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
try {
// Create a connection factory
JmsFactoryFactory ff = JmsFactoryFactory.getInstance(WMQConstants.WMQ_PROVIDER);
JmsConnectionFactory cf = ff.createConnectionFactory();
// Set the properties
cf.setStringProperty(WMQConstants.WMQ_HOST_NAME, host);
cf.setIntProperty(WMQConstants.WMQ_PORT, port);
cf.setStringProperty(WMQConstants.WMQ_SSL_CIPHER_SUITE, "TLS_RSA_WITH_AES_128_CBC_SHA256");
cf.setStringProperty(WMQConstants.WMQ_CHANNEL, channel);
cf.setStringProperty(WMQConstants.USERID, "MQGGUSR");
cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);
cf.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, queueManagerName);
// Create JMS objects
connection = cf.createConnection();
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
if (isTopic) {
destination = session.createTopic(destinationName);
}
else {
destination = session.createQueue(destinationName);
}
producer = session.createProducer(destination);
long uniqueNumber = System.currentTimeMillis() % 1000;
TextMessage message = session.createTextMessage("JmsProducer: Your lucky number today is "
+ uniqueNumber);
// Start the connection
connection.start();
// And, send the message
producer.send(message);
System.out.println("Sent message:\n" + message);
recordSuccess();
}
catch (JMSException jmsex) {
recordFailure(jmsex);
}
finally {
if (producer != null) {
try {
producer.close();
}
catch (JMSException jmsex) {
System.out.println("Producer could not be closed.");
recordFailure(jmsex);
}
}
if (session != null) {
try {
session.close();
}
catch (JMSException jmsex) {
System.out.println("Session could not be closed.");
recordFailure(jmsex);
}
}
if (connection != null) {
try {
connection.close();
}
catch (JMSException jmsex) {
System.out.println("Connection could not be closed.");
recordFailure(jmsex);
}
}
}
System.exit(status);
return;
} // end main()
/**
* Process a JMSException and any associated inner exceptions.
*
* @param jmsex
*/
private static void processJMSException(JMSException jmsex) {
System.out.println(jmsex);
Throwable innerException = jmsex.getLinkedException();
if (innerException != null) {
System.out.println("Inner exception(s):");
}
while (innerException != null) {
System.out.println(innerException);
innerException = innerException.getCause();
}
return;
}
/**
* Record this run as successful.
*/
private static void recordSuccess() {
System.out.println("SUCCESS");
status = 0;
return;
}
/**
* Record this run as failure.
*
* @param ex
*/
private static void recordFailure(Exception ex) {
if (ex != null) {
if (ex instanceof JMSException) {
processJMSException((JMSException) ex);
}
else {
System.out.println(ex);
}
}
System.out.println("FAILURE");
status = -1;
return;
}
/**
* Parse user supplied arguments.
*
* @param args
*/
private static void parseArgs(String[] args) {
try {
int length = args.length;
if (length == 0) {
throw new IllegalArgumentException("No arguments! Mandatory arguments must be specified.");
}
if ((length % 2) != 0) {
throw new IllegalArgumentException("Incorrect number of arguments!");
}
int i = 0;
while (i < length) {
if ((args[i]).charAt(0) != '-') {
throw new IllegalArgumentException("Expected a '-' character next: " + args[i]);
}
char opt = (args[i]).toLowerCase().charAt(1);
switch (opt) {
case 'h' :
host = args[++i];
break;
case 'p' :
port = Integer.parseInt(args[++i]);
break;
case 'l' :
channel = args[++i];
break;
case 'm' :
queueManagerName = args[++i];
break;
case 'd' :
destinationName = args[++i];
break;
default : {
throw new IllegalArgumentException("Unknown argument: " + opt);
}
}
++i;
}
if (queueManagerName == null) {
throw new IllegalArgumentException("A queueManager name must be specified.");
}
if (destinationName == null) {
throw new IllegalArgumentException("A destination name must be specified.");
}
// Whether the destination is a queue or a topic. Apply a simple check.
if (destinationName.startsWith("topic://")) {
isTopic = true;
}
else {
// Otherwise, let's assume it is a queue.
isTopic = false;
}
}
catch (Exception e) {
System.out.println(e.getMessage());
printUsage();
System.exit(-1);
}
return;
}
/**
* Display usage help.
*/
private static void printUsage() {
System.out.println("\nUsage:");
System.out
.println("JmsProducer -m queueManagerName -d destinationName [-h host -p port -l channel]");
return;
}
} // end class |
iam getting below error�
com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'null'.
Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
Inner exception(s):
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
FAILURE
Can you please help me.
Last edited by ravi21588 on Fri Nov 04, 2016 11:10 pm; edited 1 time in total |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Fri Nov 04, 2016 4:00 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
|
| Back to top |
|
|
| ravi21588 |
| Posted: Sat Nov 05, 2016 1:47 am Post subject: |
|
|
Newbie
Joined: 27 May 2016
Posts: 5
|
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Nov 05, 2016 10:38 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| ravi21588 wrote: |
| Iam using MQ 7.5 libraries in standalone java application and MQ 7.5 Resource Adapter in Jboss EAP server. |
MQ v7.5 what?????? It is a 4 digit number. You did not read those links careful enough. The MQ JAR files need to be at least v7.5.0.5.
And depending on the cipher suite, you may need to set the JVM environment variable "com.ibm.jsse2.disableSSLv3=false".
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| ravi21588 |
| Posted: Sat Nov 05, 2016 3:33 pm Post subject: |
|
|
Newbie
Joined: 27 May 2016
Posts: 5
|
Hi,
I tried based upon your suggestions i had used MQClient 7.5.0.7 in my standalone java program and the cipher suite iam using is TLS_RSA_WITH_AES_128_CBC_SHA256 TLS V 1.2. i had added the property System.setProperty("com.ibm.jsse2.TLSv12","false"); but still iam getting the same error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Nov 05, 2016 8:11 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| ravi21588 wrote: |
Hi,
I tried based upon your suggestions i had used MQClient 7.5.0.7 in my standalone java program and the cipher suite iam using is TLS_RSA_WITH_AES_128_CBC_SHA256 TLS V 1.2. i had added the property System.setProperty("com.ibm.jsse2.TLSv12","false"); but still i am getting the same error. |
Not sure you can modify properties that way. You may have to use jvm args like
java -Dcom.ibm.jss2.TLSV12="false" This will set the property before the JVM gets started... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| tomleend |
| Posted: Wed Nov 09, 2016 7:02 am Post subject: |
|
|
Acolyte
Joined: 24 Jan 2014
Posts: 51
|
It's okay to call
| Code: |
| System.setProperty(String, String) |
within the application to set properties so long as they are done before any MQ classes for JMS API calls are made and this will work. (Though I agree with fjb_saper in that it is probably better to set them as -D arguments when invoking the JRE).
Now, in the application code you provided, I see you commented out the line:
| Quote: |
| System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false"); |
Why is that? You need this Java system property to tell the MQ Java client to use the Oracle Java CipherSuite to MQ CipherSpec mappings. If that is not defined, then specifying the CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 will certainly result in the MQRC 2400 as that Cipher is not valid in the IBM Java mappings.
Have a good read through this Blog post and all of the APARs it references:
https://www.ibm.com/developerworks/community/blogs/messaging/entry/MQ_Java_TLS_Ciphers_Non_IBM_JREs_APARs_IT06775_IV66840_IT09423_IT10837_HELP_ME_PLEASE
It should tell you everything you need to know to fix your issue. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
