diff --git a/test-harness/src/main/java/cz/moneta/test/harness/connectors/messaging/IbmMqConnector.java b/test-harness/src/main/java/cz/moneta/test/harness/connectors/messaging/IbmMqConnector.java index 533d922..85db0dc 100644 --- a/test-harness/src/main/java/cz/moneta/test/harness/connectors/messaging/IbmMqConnector.java +++ b/test-harness/src/main/java/cz/moneta/test/harness/connectors/messaging/IbmMqConnector.java @@ -1,7 +1,10 @@ package cz.moneta.test.harness.connectors.messaging; +import java.io.FileInputStream; +import java.io.InputStream; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; +import java.security.KeyStore; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; @@ -16,6 +19,10 @@ import javax.jms.JMSException; import javax.jms.JMSRuntimeException; import javax.jms.Message; import javax.jms.TextMessage; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManagerFactory; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -51,6 +58,8 @@ public class IbmMqConnector implements Connector { private static final long DEFAULT_POLL_INTERVAL_MS = 100; private static final long DEFAULT_MAX_POLL_INTERVAL_MS = 1000; + private static final String TLS_VERSION = "TLSv1.2"; + private final MQConnectionFactory connectionFactory; private JMSContext jmsContext; private final String queueManager; @@ -78,15 +87,6 @@ public class IbmMqConnector implements Connector { this.password = password; try { - if (keystorePath != null && !keystorePath.isBlank()) { - System.setProperty("javax.net.ssl.keyStore", keystorePath); - System.setProperty("javax.net.ssl.trustStore", keystorePath); - if (keystorePassword != null) { - System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword); - System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword); - } - } - connectionFactory = new MQConnectionFactory(); connectionFactory.setConnectionNameList(connectionNameList); connectionFactory.setQueueManager(queueManager); @@ -99,6 +99,11 @@ public class IbmMqConnector implements Connector { connectionFactory.setStringProperty(WMQConstants.PASSWORD, password); } + if (keystorePath != null && !keystorePath.isBlank() && keystorePassword != null + && !keystorePassword.isBlank()) { + connectionFactory.setSSLSocketFactory(getSslSocketFactory(keystorePath, keystorePassword)); + } + if (sslCipherSuite != null && !sslCipherSuite.isBlank()) { connectionFactory.setSSLCipherSuite(sslCipherSuite); } @@ -462,4 +467,36 @@ public class IbmMqConnector implements Connector { } } } + + private SSLSocketFactory getSslSocketFactory(String keystorePath, String keystorePassword) throws Exception { + // --- keystore --- + KeyStore keyStore = KeyStore.getInstance("JKS"); + InputStream ksStream = IbmMqConnector.class.getClassLoader().getResourceAsStream(keystorePath); + + if (ksStream == null) { + throw new IllegalStateException("Keystore not found: " + keystorePath); + } + keyStore.load(ksStream, keystorePassword.toCharArray()); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, keystorePassword.toCharArray()); + + // --- truststore --- + KeyStore trustStore = KeyStore.getInstance("JKS"); + InputStream tsStream = IbmMqConnector.class.getClassLoader().getResourceAsStream(keystorePath); + + if (tsStream == null) { + throw new IllegalStateException("Truststore not found: " + keystorePath); + } + trustStore.load(tsStream, keystorePassword.toCharArray()); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(trustStore); + + // --- SSL context --- + SSLContext sslContext = SSLContext.getInstance(TLS_VERSION); + sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + + return sslContext.getSocketFactory(); + } } diff --git a/test-harness/src/main/java/cz/moneta/test/harness/endpoints/imq/ImqFirstVisionEndpoint.java b/test-harness/src/main/java/cz/moneta/test/harness/endpoints/imq/ImqFirstVisionEndpoint.java index e742ab1..85d5e57 100644 --- a/test-harness/src/main/java/cz/moneta/test/harness/endpoints/imq/ImqFirstVisionEndpoint.java +++ b/test-harness/src/main/java/cz/moneta/test/harness/endpoints/imq/ImqFirstVisionEndpoint.java @@ -37,6 +37,8 @@ public class ImqFirstVisionEndpoint implements Endpoint { private static final String SSL_CIPHER_SUITE_KEY = "endpoints.imq-first-vision.ssl-cipher-suite"; private static final String VAULT_PATH_KEY = "vault.imq-first-vision.secrets.path"; private static final String VAULT_KEYSTORE_PASSWORD_KEY = "keystorePassword"; + + private static final String KEYSTORE_PATH = "keystores/imq-keystore.jks"; /** * Constructor that reads configuration from StoreAccessor. @@ -52,12 +54,9 @@ public class ImqFirstVisionEndpoint implements Endpoint { loadCredentialsFromVault(); - // SSL configuration (optional) - String keystorePath = "/home/kamma/aa/mq-docker/truststore.jks"; - try { this.connector = new IbmMqConnector(connectionNameList, channel, queueManager, username, password, - keystorePath, keystorePassword, sslCipherSuite); + KEYSTORE_PATH, keystorePassword, sslCipherSuite); LOG.info("Initialized IBM MQ First Vision endpoint for queue manager: {}", queueManager); diff --git a/test-harness/src/main/resources/keystores/imq-keystore.jks b/test-harness/src/main/resources/keystores/imq-keystore.jks new file mode 100644 index 0000000..7576490 Binary files /dev/null and b/test-harness/src/main/resources/keystores/imq-keystore.jks differ diff --git a/tests/src/test/resources/envs/mq b/tests/src/test/resources/envs/mq index ab1f0ee..04feec2 100644 --- a/tests/src/test/resources/envs/mq +++ b/tests/src/test/resources/envs/mq @@ -7,8 +7,6 @@ endpoints.imq-first-vision.connection-name-list=localhost(1414) endpoints.imq-first-vision.channel=DEV.APP.SVRCONN endpoints.imq-first-vision.queue-manager=QM1 endpoints.imq-first-vision.ssl-cipher-suite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -endpoints.imq-first-vision.keystore.path=/home/kamma/aa/mq-docker/truststore.jks -endpoints.imq-first-vision.keystore.password=changeit #IBM MQ queues endpoints.imq-first-vision.payment-notifications.queue=DEV.QUEUE.1