ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Java / JMSISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1

Post new topicReply to topic
ISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1 View previous topic :: View next topic
Author Message
ravi21588
PostPosted: Fri Nov 04, 2016 2:26 pm Post subject: ISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1 Reply with quote

Newbie

Joined: 27 May 2016
Posts: 5

Hi All,
Iam able to successfully connect to iseries application without SSl from Jboss Eap 6.1 using MQ Resource Adapter.Now We are trzing to connect to Iseries Application MQ using SSl.JBoss Eap 6.1 running in Oracle JDK 1.7.
In ISeries they have configured QM with Certificates and in channel Cipher Spec TLS_RSA_WITH_AES_128_CBC_SHA256.in Cipher Suite property we have specified the CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 and added MQSeries certificate in client java store.

We are getting below error�

com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'null'.
Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
Inner exception(s):
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
FAILURE

So in order to Establish the connectivity i thought of connecting MQ using from Java Application.Below is the program.

Code:
import java.io.FileInputStream;
import java.security.KeyStore;

import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;

import com.ibm.msg.client.jms.JmsConnectionFactory;
import com.ibm.msg.client.jms.JmsFactoryFactory;
import com.ibm.msg.client.wmq.WMQConstants;

/**
 * A JMS producer (sender or publisher) application that sends a simple message to the named
 * destination (queue or topic).
 *
 * Notes:
 *
 * API type: IBM JMS API (v1.1, unified domain)
 *
 * Messaging domain: Point-to-point or Publish-Subscribe
 *
 * Provider type: WebSphere MQ
 *
 * Connection mode: Client connection
 *
 * JNDI in use: No
 *
 * Usage:
 *
 * JmsProducer -m queueManagerName -d destinationName [-h host -p port -l channel]
 *
 * for example:
 *
 * JmsProducer -m QM1 -d Q1
 *
 * JmsProducer -m QM1 -d topic://foo -h localhost -p 1414
 */
public class JmsProducer {

  private static String host = " ITEST2.TEST.COMPANY";
  private static int port = 15501;
  private static String channel = "TEST.CHNL";
  private static String queueManagerName = "TESTQM";
  private static String destinationName = "SOURCE.DESTINATION.READ.IN";
  private static boolean isTopic = false;

  // System exit status value (assume unset value to be 1)
  private static int status = 1;

  /**
   * Main method
   *
   * @param args
   */
  public static void main(String[] args) {
    // Parse the arguments
    //parseArgs(args);

    // Variables
    Connection connection = null;
    Session session = null;
    Destination destination = null;
    MessageProducer producer = null;
    System.setProperty("javax.net.ssl.trustStore", "C:/Temp/Security/jssecacerts");
    System.setProperty("javax.net.ssl.keyStore", "C:/Temp/Security/jssecacerts");
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
//    System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
    System.setProperty("com.ibm.mq.cfg.preferTLS", "true");
    System.setProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());

   
   
    try {
      // Create a connection factory
      JmsFactoryFactory ff = JmsFactoryFactory.getInstance(WMQConstants.WMQ_PROVIDER);
      JmsConnectionFactory cf = ff.createConnectionFactory();

      // Set the properties
      cf.setStringProperty(WMQConstants.WMQ_HOST_NAME, host);
      cf.setIntProperty(WMQConstants.WMQ_PORT, port);
      cf.setStringProperty(WMQConstants.WMQ_SSL_CIPHER_SUITE, "TLS_RSA_WITH_AES_128_CBC_SHA256");
      cf.setStringProperty(WMQConstants.WMQ_CHANNEL, channel);
      cf.setStringProperty(WMQConstants.USERID, "MQGGUSR");
      cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);
      cf.setStringProperty(WMQConstants.WMQ_QUEUE_MANAGER, queueManagerName);

      // Create JMS objects
      connection = cf.createConnection();
      session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
      if (isTopic) {
        destination = session.createTopic(destinationName);
      }
      else {
        destination = session.createQueue(destinationName);
      }
      producer = session.createProducer(destination);

      long uniqueNumber = System.currentTimeMillis() % 1000;
      TextMessage message = session.createTextMessage("JmsProducer: Your lucky number today is "
          + uniqueNumber);

      // Start the connection
      connection.start();

      // And, send the message
      producer.send(message);
      System.out.println("Sent message:\n" + message);

      recordSuccess();
    }
    catch (JMSException jmsex) {
      recordFailure(jmsex);
    }
    finally {
      if (producer != null) {
        try {
          producer.close();
        }
        catch (JMSException jmsex) {
          System.out.println("Producer could not be closed.");
          recordFailure(jmsex);
        }
      }

      if (session != null) {
        try {
          session.close();
        }
        catch (JMSException jmsex) {
          System.out.println("Session could not be closed.");
          recordFailure(jmsex);
        }
      }

      if (connection != null) {
        try {
          connection.close();
        }
        catch (JMSException jmsex) {
          System.out.println("Connection could not be closed.");
          recordFailure(jmsex);
        }
      }
    }
    System.exit(status);
    return;
  } // end main()

  /**
   * Process a JMSException and any associated inner exceptions.
   *
   * @param jmsex
   */
  private static void processJMSException(JMSException jmsex) {
    System.out.println(jmsex);
    Throwable innerException = jmsex.getLinkedException();
    if (innerException != null) {
      System.out.println("Inner exception(s):");
    }
    while (innerException != null) {
      System.out.println(innerException);
      innerException = innerException.getCause();
    }
    return;
  }

  /**
   * Record this run as successful.
   */
  private static void recordSuccess() {
    System.out.println("SUCCESS");
    status = 0;
    return;
  }

  /**
   * Record this run as failure.
   *
   * @param ex
   */
  private static void recordFailure(Exception ex) {
    if (ex != null) {
      if (ex instanceof JMSException) {
        processJMSException((JMSException) ex);
      }
      else {
        System.out.println(ex);
      }
    }
    System.out.println("FAILURE");
    status = -1;
    return;
  }

  /**
   * Parse user supplied arguments.
   *
   * @param args
   */
  private static void parseArgs(String[] args) {
    try {
      int length = args.length;
      if (length == 0) {
        throw new IllegalArgumentException("No arguments! Mandatory arguments must be specified.");
      }
      if ((length % 2) != 0) {
        throw new IllegalArgumentException("Incorrect number of arguments!");
      }

      int i = 0;

      while (i < length) {
        if ((args[i]).charAt(0) != '-') {
          throw new IllegalArgumentException("Expected a '-' character next: " + args[i]);
        }

        char opt = (args[i]).toLowerCase().charAt(1);

        switch (opt) {
          case 'h' :
            host = args[++i];
            break;
          case 'p' :
            port = Integer.parseInt(args[++i]);
            break;
          case 'l' :
            channel = args[++i];
            break;
          case 'm' :
            queueManagerName = args[++i];
            break;
          case 'd' :
            destinationName = args[++i];
            break;
          default : {
            throw new IllegalArgumentException("Unknown argument: " + opt);
          }
        }

        ++i;
      }

      if (queueManagerName == null) {
        throw new IllegalArgumentException("A queueManager name must be specified.");
      }

      if (destinationName == null) {
        throw new IllegalArgumentException("A destination name must be specified.");
      }

      // Whether the destination is a queue or a topic. Apply a simple check.
      if (destinationName.startsWith("topic://")) {
        isTopic = true;
      }
      else {
        // Otherwise, let's assume it is a queue.
        isTopic = false;
      }
    }
    catch (Exception e) {
      System.out.println(e.getMessage());
      printUsage();
      System.exit(-1);
    }
    return;
  }

  /**
   * Display usage help.
   */
  private static void printUsage() {
    System.out.println("\nUsage:");
    System.out
        .println("JmsProducer -m queueManagerName -d destinationName [-h host -p port -l channel]");
    return;
  }

} // end class



iam getting below error�

com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'null'.
Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
Inner exception(s):
com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
FAILURE


Can you please help me.


Last edited by ravi21588 on Fri Nov 04, 2016 11:10 pm; edited 1 time in total
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Fri Nov 04, 2016 4:00 pm Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3020
Location: London, ON Canada

Hi,

Next time, use the BB code button to make your code more readable.

You didn't mention what version of the MQ JAR files are using (which is really important information).

Have you read these 2 IBM postings:
http://www-01.ibm.com/support/docview.wss?uid=swg21688165
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840

The 2nd one is probably your issue. i.e. You are using a version of the MQ JAR files and JVM that does not support TLS_RSA_WITH_AES_128_CBC_SHA256. So, either update the MQ JAR files or change your JVM.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
ravi21588
PostPosted: Sat Nov 05, 2016 1:47 am Post subject: Reply with quote

Newbie

Joined: 27 May 2016
Posts: 5

Hi,
Iam using MQ 7.5 libraries in standalone java application and MQ 7.5 Resource Adapter in Jboss EAP server.The verion of MQ installed in Iseries is MQ 8.0.0.5. If iam using MQ RA 8.0 iam getting below error.
http://stackoverflow.com/questions/27442844/jboss-eap-6-1-integration-of-websphere-mq-8-0-0-parsing-error

I had a look in to the below blog already the fix was done in 8.0.0.2,we have 8.0.0.5 hopefully it should already have fix.

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Sat Nov 05, 2016 10:38 am Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3020
Location: London, ON Canada

ravi21588 wrote:
Iam using MQ 7.5 libraries in standalone java application and MQ 7.5 Resource Adapter in Jboss EAP server.

MQ v7.5 what?????? It is a 4 digit number. You did not read those links careful enough. The MQ JAR files need to be at least v7.5.0.5.

And depending on the cipher suite, you may need to set the JVM environment variable "com.ibm.jsse2.disableSSLv3=false".

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
ravi21588
PostPosted: Sat Nov 05, 2016 3:33 pm Post subject: Reply with quote

Newbie

Joined: 27 May 2016
Posts: 5

Hi,
I tried based upon your suggestions i had used MQClient 7.5.0.7 in my standalone java program and the cipher suite iam using is TLS_RSA_WITH_AES_128_CBC_SHA256 TLS V 1.2. i had added the property System.setProperty("com.ibm.jsse2.TLSv12","false"); but still iam getting the same error.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sat Nov 05, 2016 8:11 pm Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19383
Location: LI,NY

ravi21588 wrote:
Hi,
I tried based upon your suggestions i had used MQClient 7.5.0.7 in my standalone java program and the cipher suite iam using is TLS_RSA_WITH_AES_128_CBC_SHA256 TLS V 1.2. i had added the property System.setProperty("com.ibm.jsse2.TLSv12","false"); but still i am getting the same error.

Not sure you can modify properties that way. You may have to use jvm args like
java -Dcom.ibm.jss2.TLSV12="false" This will set the property before the JVM gets started...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
tomleend
PostPosted: Wed Nov 09, 2016 7:02 am Post subject: Reply with quote

Acolyte

Joined: 24 Jan 2014
Posts: 50

It's okay to call
Code:
 System.setProperty(String, String)
within the application to set properties so long as they are done before any MQ classes for JMS API calls are made and this will work. (Though I agree with fjb_saper in that it is probably better to set them as -D arguments when invoking the JRE).

Now, in the application code you provided, I see you commented out the line:

Quote:
System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");


Why is that? You need this Java system property to tell the MQ Java client to use the Oracle Java CipherSuite to MQ CipherSpec mappings. If that is not defined, then specifying the CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 will certainly result in the MQRC 2400 as that Cipher is not valid in the IBM Java mappings.

Have a good read through this Blog post and all of the APARs it references:

https://www.ibm.com/developerworks/community/blogs/messaging/entry/MQ_Java_TLS_Ciphers_Non_IBM_JREs_APARs_IT06775_IV66840_IT09423_IT10837_HELP_ME_PLEASE

It should tell you everything you need to know to fix your issue.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Java / JMSISeries MQ 8.0.0.5 SSL implementation and Jboss EAP 6.1
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.