| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MB v6 - Support for bi-directional SSL certs with HTTP nodes |
« View previous topic :: View next topic » |
| Author |
Message
|
| Paul D |
 Posted: Tue Feb 21, 2006 3:30 pm Post subject: MB v6 - Support for bi-directional SSL certs with HTTP nodes |
 |
|
Master
Joined: 16 May 2001
Posts: 200
Location: Green Bay Packer Country
|
It's hard to tell from the doc, but can anyone confirm if this is supported under HTTP. Looks like it's supported under Real Time for sure, but no so clear for HTTP.
_________________
Thanks!!!
Paul D |
|
| Back to top |
|
 |
| Paul D |
| Posted: Thu Mar 02, 2006 6:49 am Post subject: |
|
|
Master
Joined: 16 May 2001
Posts: 200
Location: Green Bay Packer Country
|
Word from IBM...
HTTPInput and HTTPReply nodes - documented on page ap12234_ of the help documentation. HTTPRequest node - documented on page ac04595_ and ac12235_ of the documentation. There are also some useful links on page ap12231_.
In regards to bidirectional support, the HTTPInput node supports this. It is also possible to set it up on the HTTPRequest node using a workaround.
Workaround for HTTPRequest Nodes
Whenever the broker is started, a message flow should be invoked, via an MQ message, which uses a compute node to execute some java code which sets some java system properties. These are:
javax.net.ssl.keyStore to set the key store file and
javax.net.ssl.keyStorePassword to set its password
These properties are then used until the broker is stopped and any HTTP Request nodes will have access to this key store.
A Java class is required:
========================================================================
| Code: |
package com.ibm.mqst.broker.miwebsvc;
public class ClientAuth {
public static void SetDefaultKeystore(String keystore) {
System.setProperty("javax.net.ssl.keyStore", keystore);
return;
}
public static void SetDefaultKeystorePass(String keystorePass) {
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
return;
}
public static void SetDefaultTruststore(String truststore) {
System.setProperty("javax.net.ssl.trustStore", truststore);
return;
}
public static void SetDefaultTruststorePass(String truststorePass) {
System.setProperty("javax.net.ssl.trustStorePassword", truststorePass);
return;
}
} |
========================================================================
ESQL for the compute node:
========================================================================
| Code: |
CREATE COMPUTE MODULE SetDefaultKeystore
CREATE FUNCTION Main() RETURNS BOOLEAN
BEGIN
CALL CopyEntireMessage();
IF (InputRoot.XML.top.keystore IS NOT NULL) THEN
CALL setKeystore( InputRoot.XML.top.keystore );
END IF;
IF (InputRoot.XML.top.keystorePass IS NOT NULL) THEN
CALL setKeystorePass( InputRoot.XML.top.keystorePass );
END IF;
IF (InputRoot.XML.top.truststore IS NOT NULL) THEN
CALL setTruststore( InputRoot.XML.top.truststore );
END IF;
IF (InputRoot.XML.top.truststorePass IS NOT NULL) THEN
CALL setTruststorePass( InputRoot.XML.top.truststorePass );
END IF;
RETURN TRUE;
END;
CREATE PROCEDURE setKeystore( IN keystore CHARACTER )
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.mqst.broker.miwebsvc.ClientAuth.SetDefaultKeystore";
CREATE PROCEDURE setKeystorePass( IN keystorePass CHARACTER )
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.mqst.broker.miwebsvc.ClientAuth.SetDefaultKeystorePass";
CREATE PROCEDURE setTruststore( IN truststore CHARACTER )
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.mqst.broker.miwebsvc.ClientAuth.SetDefaultTruststore";
CREATE PROCEDURE setTruststorePass( IN truststorePass CHARACTER )
LANGUAGE JAVA
EXTERNAL NAME "com.ibm.mqst.broker.miwebsvc.ClientAuth.SetDefaultTruststore"; |
========================================================================
A simple message flow using this ESQL:
MQInput ==> Compute ==> MQOutput
========================================================================
An input message containing the following xml:
<top>
<keystore>C:\Documents and Settings\"UserName"\.keystore</keystore>
<keystorePass>bpassword</keystorePass>
</top>
========================================================================
The java class has to be deployed to the broker or put into the shared-classes directory This is documented in the 'Create Procedure' and 'Using the CALL statemnet to invoke a user-written routine' sections of the Information Center.
Start the broker and put the message to input queue of the message flow. After that any request node uses the keystore set in the java code using the contents of the MQ message.
_________________
Thanks!!!
Paul D |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
