我已将所有证书添加到cacerts中。使用来自MQ团队的这些证书和jks,我创建了一个SSLConnectionFactory。并将其传递给Mqconnectionfactory。我添加了VM参数:
u8
我们有无限的JCE策略,JDK 1.8,IBM MQ所有客户端9.0.4.0
示例代码
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false
-Djavax.net.debug=all
-Dcom.ibm.mq.cfg.preferTLS=true
错误如下
private SSLSocketFactory getSocketFactory() {
KeyStore ks;
SSLSocketFactory sslSocketFactory = null;
String keystoreFile = environment.getProperty("ibmmq.keystoreFile");
String truststoreFile = environment.getProperty("ibmmq.truststoreFile");
String keystorePassword = environment.getProperty("ibmmq.keystorePassword");
String trustStorePassword = environment.getProperty("ibmmq.trustStorePassword");
try {
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystoreFile), keystorePassword.toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(truststoreFile), trustStorePassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
keyManagerFactory.init(ks, keystorePassword.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
sslSocketFactory = sslContext.getSocketFactory();
logger.info("Initialized ssl socket factory... " + sslSocketFactory.toString());
} catch (KeyStoreException e) {
logger.error("KeyStoreException on getSocketFactory due to {}", e);
} catch (NoSuchAlgorithmException e) {
logger.error("NoSuchAlgorithmException on getSocketFactory due to {}", e);
} catch (CertificateException e) {
logger.error("CertificateException on getSocketFactory due to {}", e);
} catch (FileNotFoundException e) {
logger.error("FileNotFoundException on getSocketFactory due to {}", e);
} catch (IOException e) {
logger.error("IOException on getSocketFactory due to {}", e);
} catch (UnrecoverableKeyException e) {
logger.error("UnrecoverableKeyException on getSocketFactory due to {}", e);
} catch (KeyManagementException e) {
logger.error("KeyManagementException on getSocketFactory due to {}", e);
}
return sslSocketFactory;
}
private MQQueueConnectionFactory mqQueueConnectionFactoryBill() {
MQQueueConnectionFactory mqQueueConnectionFactory = new MQQueueConnectionFactory();
try {
mqQueueConnectionFactory.setHostName(environment.getProperty("ibmmq.host"));
mqQueueConnectionFactory.setPort(environment.getProperty("ibmmq.port", Integer.class));
mqQueueConnectionFactory.setTransportType(WMQConstants.WMQ_CM_CLIENT);
mqQueueConnectionFactory.setCCSID(WMQConstants.CCSID_UTF8);
mqQueueConnectionFactory.setChannel(environment.getProperty("ibmmq.channel"));
mqQueueConnectionFactory.setQueueManager(environment.getProperty("ibmmq.queue-manager"));
mqQueueConnectionFactory.setSSLCipherSuite(environment.getProperty("ibmmq.cipher.suite"));
mqQueueConnectionFactory.setSSLSocketFactory(getSocketFactory());
mqQueueConnectionFactory.setSSLFipsRequired(false);
System.out.println("mqQueueConnectionFactory initialized..!!! ==> " + mqQueueConnectionFactory.toString());
//System.out.println("mqQueueConnectionFactory connection ..!!! ==> " + mqQueueConnectionFactory.createConnection());
//System.out.println("mqQueueConnectionFactory ..!!! ==> " + mqQueueConnectionFactory.getClientReconnectOptions());
} catch (Exception e) {
e.printStackTrace();
}
return mqQueueConnectionFactory;
}
@Bean
public CachingConnectionFactory cachingConnectionFactory() {
CachingConnectionFactory cachingConnectionFactory = new CachingConnectionFactory();
cachingConnectionFactory.setTargetConnectionFactory(userCredentialsConnectionFactoryAdapterBill());
cachingConnectionFactory.setSessionCacheSize(500);
cachingConnectionFactory.setCacheProducers(true);
cachingConnectionFactory.setReconnectOnException(true);
return cachingConnectionFactory;
}
private UserCredentialsConnectionFactoryAdapter userCredentialsConnectionFactoryAdapterBill() {
UserCredentialsConnectionFactoryAdapter userCredentialsConnectionFactoryAdapter = new UserCredentialsConnectionFactoryAdapter();
userCredentialsConnectionFactoryAdapter.setUsername(environment.getProperty("ibmmq.username"));
userCredentialsConnectionFactoryAdapter.setPassword(environment.getProperty("ibmmq.password"));
userCredentialsConnectionFactoryAdapter.setTargetConnectionFactory(mqQueueConnectionFactoryBill());
return userCredentialsConnectionFactoryAdapter;
}
@Bean
public SimpleMessageListenerContainer sampleQueueContainer(@Autowired MessageListener listener) {
SimpleMessageListenerContainer container = new SimpleMessageListenerContainer();
container.setConnectionFactory(cachingConnectionFactory());
container.setDestinationName(environment.getProperty("ibmmq.mq.name"));
container.setMessageListener(listener);
container.afterPropertiesSet();
container.start();
return container;
}