问题
I have to create a client to listen to messages on a queue. SSL is being used and I am developing in dot net. I have trawled through hundreds of pages of documentation and forums to find something clear and concise and it looks like it just isn't like that!
I have a jks, and I am able to telnet to the server where the queue is being published. Below is the code I have so far...
var factoryfactory = XMSFactoryFactory.GetInstance(XMSC.CT_WMQ);
var connectionfactory = factoryfactory.CreateConnectionFactory();
connectionfactory.SetIntProperty(XMSC.WMQ_CONNECTION_MODE,XMSC.WMQ_CM_CLIENT_UNMANAGED);
connectionfactory.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, @"C:\...\spindev1.key");
connectionfactory.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SPEC, "SHA_WITH_RSA");
connectionfactory.SetStringProperty(XMSC.WMQ_CHANNEL, "SPINDEV1");
var connection = connectionfactory.CreateConnection();
I assume there must be a password somewhere but I cannot figure out how. My current error is 2538.
EDIT
So I just added IP and Port and now I'm getting error code 2393.
connectionfactory.SetStringProperty(XMSC.WMQ_HOST_NAME, "**.***.***.***");
connectionfactory.SetIntProperty(XMSC.WMQ_PORT, 1431);
EDIT 2
Okay so now I have managed to start using the code provided by the people who are providing the queue data, however he says that in order to use the SSL keys the application must be run as spindev1 - surely that would mean creating a whole new account?
回答1:
For XMS .NET, the key store must be of CMS type, not JKS. JKS is for Java clients. CMS key store will have ".kdb" as the file extension. So specify a CMS key store file name (without the .kdb extension) for XMSC.WMQ_SSL_KEY_REPOSITORY.
On the CipherSpec you are using, I could not find SHA_WITH_RSA in MQ. Can you verify if the name is correct or you can try with a different cipher.
HTH
回答2:
Okay issues have now been resolved. Below is the extract of code which is creating and starting the connection. One of the main problems was the SSL keys were made for a user called dev1, whereas my user is mcanty. If I'd known more I'm sure this result would have come sooner.
public SISMQConnection(string connectionFactoryName, string queueName, string sslPeerName,
string bindingsFilePath, string sslKeyRepository)
{
try
{
Hashtable aHashtable = new Hashtable { { "XMSC_IC_URL", bindingsFilePath } };
InitialContext jndi = new InitialContext(aHashtable);
//Java Naming and Directory Interface (JNDI)
_queueObject = (IDestination)jndi.Lookup(queueName);
_queueManager = (IConnectionFactory)jndi.Lookup(connectionFactoryName);
_queueManager.SetStringProperty(XMSC.WMQ_SSL_PEER_NAME, string.Format("CN=\"{0}\"", sslPeerName));
_queueManager.SetIntProperty(XMSC.WMQ_CONNECTION_MODE, XMSC.WMQ_CM_CLIENT_UNMANAGED);
_queueManager.SetStringProperty(XMSC.WMQ_SSL_KEY_REPOSITORY, sslKeyRepository);
_queueManager.SetStringProperty(XMSC.WMQ_SSL_CIPHER_SPEC, "DES_SHA_EXPORT");
}
catch (Exception e)
{
}
}
public void Connect()
{
try
{
IConnection QueueConnection = _queueManager.CreateConnection();
QueueSession = QueueConnection.CreateSession(true, AcknowledgeMode.AutoAcknowledge);
IMessageConsumer QueueConsumer = QueueSession.CreateConsumer(_queueObject);
QueueConsumer.MessageListener = OnNewMessageCallback;
QueueConnection.Start();
}
catch (Exception e)
{
}
}
来源:https://stackoverflow.com/questions/11247129/setting-up-net-ibm-xms-client-with-ssl