对Java客户端使用SSL支持& WebSphere MQ

时间:2017-06-24 06:33:20

标签: java ssl ibm-mq

我正在尝试使用Java客户端连接到IBM MQ。我已按照以下教程设置了必要的keydatabase,keystore和truststore文件。

  

https://qadeer786.wordpress.com/2013/10/08/using-ssl-support-for-java-clients-websphere-mq/

当我运行Java客户端时,它会给我以下错误。

com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'.
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:249)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:450)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:487)
    at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:97)
    at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:194)
    at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:868)
    at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:816)
    at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:758)
    at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:200)
    at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:682)
    at esb.wso2.org.client.MQConnectionBuilder.<init>(MQConnectionBuilder.java:52)
    at esb.wso2.org.client.MQConnectionBuilder.getInstance(MQConnectionBuilder.java:60)
    at esb.wso2.org.client.MQProducer.<init>(MQProducer.java:20)
    at esb.wso2.org.client.MQClient.main(MQClient.java:7)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
    at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
    at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
    at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916)
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:235)
    ... 13 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
    ... 18 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290)
    ... 23 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
    ... 30 more
com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2397'.
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:249)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:450)
    at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:487)
    at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:97)
    at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:194)
    at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:868)
    at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:816)
    at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:758)
    at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:200)
    at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:682)
    at esb.wso2.org.client.MQConnectionBuilder.getQueueManager(MQConnectionBuilder.java:68)
    at esb.wso2.org.client.MQProducer.<init>(MQProducer.java:22)
    at esb.wso2.org.client.MQClient.main(MQClient.java:7)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
    at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
    at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
    at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916)
    at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:235)
    ... 12 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.startHandshake,5=default]
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1329)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
    at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
    at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
    ... 17 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1298)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection$6.run(RemoteTCPConnection.java:1290)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1290)
    ... 22 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
    ... 29 more

下面是获取队列管理器(qmanager)日志文件。

 2017-06-24 11:31:11 - Process(25266.5) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9660: SSL key repository: password stash file absent or unusable.

EXPLANATION:

The SSL key repository cannot be used because MQ cannot obtain a password to access
 it. Reasons giving rise to this error include: 

(a) the key database file and password stash file are not present in the
      location configured for the key repository, 

(b) the key database file exists in the correct place but that no password
      stash file has been created for it, 

(c) the files are present in the correct place but the userid under which MQ is
      running does not have permission to read them, 

(d) one or both of the files are corrupt. 


The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
----- amqccisa.c : 6283 -------------------------------------------------------
2017-06-24 11:31:11 - Process(25266.5) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9999: Channel '????' to host 'localhost (127.0.0.1)' ended abnormally.

EXPLANATION:
The channel program running under process ID 25266 for channel '????' ended
abnormally. The host name is 'localhost (127.0.0.1)'; in some cases the host
name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 930 --------------------------------------------------------
2017-06-24 11:33:54 - Process(25266.6) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9660: SSL key repository: password stash file absent or unusable.

EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include: 
(a) the key database file and password stash file are not present in the
  location configured for the key repository, 
(b) the key database file exists in the correct place but that no password
  stash file has been created for it, 
(c) the files are present in the correct place but the userid under which MQ is
  running does not have permission to read them, 
(d) one or both of the files are corrupt. 

The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
----- amqccisa.c : 6283 -------------------------------------------------------
2017-06-24 11:33:54 - Process(25266.6) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9999: Channel '????' to host 'localhost (127.0.0.1)' ended abnormally.

EXPLANATION:
The channel program running under process ID 25266 for channel '????' ended
abnormally. The host name is 'localhost (127.0.0.1)'; in some cases the host
name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 930 --------------------------------------------------------
2017-06-24 11:33:55 - Process(25266.7) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9660: SSL key repository: password stash file absent or unusable.

EXPLANATION:
The SSL key repository cannot be used because MQ cannot obtain a password to
access it. Reasons giving rise to this error include: 
(a) the key database file and password stash file are not present in the
  location configured for the key repository, 
(b) the key database file exists in the correct place but that no password
  stash file has been created for it, 
(c) the files are present in the correct place but the userid under which MQ is
  running does not have permission to read them, 
(d) one or both of the files are corrupt. 

The channel is '????'; in some cases its name cannot be determined and so is
shown as '????'. The channel did not start.
ACTION:
Ensure that the key repository variable is set to where the key database file
is. Ensure that a password stash file has been associated with the key database
file in the same directory, and that the userid under which MQ is running has
read access to both files. If both are already present and readable in the
correct place, delete and recreate them. Restart the channel.
----- amqccisa.c : 6283 -------------------------------------------------------
2017-06-24 11:33:55 - Process(25266.7) User(root) Program(amqrmppa)
                    Host(hasitha-HP-Pavilion-g6-Notebook-PC) Installation(Installation1)
                    VRMF(8.0.0.4) QMgr(qmanager)

AMQ9999: Channel '????' to host 'localhost (127.0.0.1)' ended abnormally.

EXPLANATION:
The channel program running under process ID 25266 for channel '????' ended
abnormally. The host name is 'localhost (127.0.0.1)'; in some cases the host
name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 930 --------------------------------------------------------

有关如何解决此问题的任何想法。我有用户组mqm,root和$ USER(hasitha)都是该组的用户。

1 个答案:

答案 0 :(得分:1)

您所遵循的教程似乎是在Windows上,但从您的最终评论中我认为您使用的是Unix系统。

您需要检查队列管理器的密钥数据库文件的所有权。

您的队列管理器错误日志提示: - 

(c) the files are present in the correct place but the userid under which MQ is
      running does not have permission to read them,

进入包含队列管理器密钥数据库文件的目录,在教程中使用C:\ temp \ ssldemo1 \,并使用以下命令将其中四个文件的所有权更改为mqm: - 

chown mqm TEST.QM1.*
相关问题
最新问题