IBM MQ SSL keystore rewritten

test-harness/src/main/java/cz/moneta/test/harness/connectors/messaging/IbmMqConnector.java

@@ -1,7 +1,10 @@
 package cz.moneta.test.harness.connectors.messaging;
 
+import java.io.FileInputStream;
+import java.io.InputStream;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -16,6 +19,10 @@ import javax.jms.JMSException;
 import javax.jms.JMSRuntimeException;
 import javax.jms.Message;
 import javax.jms.TextMessage;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -51,6 +58,8 @@ public class IbmMqConnector implements Connector {
 	private static final long DEFAULT_POLL_INTERVAL_MS = 100;
 	private static final long DEFAULT_MAX_POLL_INTERVAL_MS = 1000;
 
+	private static final String TLS_VERSION = "TLSv1.2";
+
 	private final MQConnectionFactory connectionFactory;
 	private JMSContext jmsContext;
 	private final String queueManager;
@@ -78,15 +87,6 @@ public class IbmMqConnector implements Connector {
 		this.password = password;
 
 		try {
-			if (keystorePath != null && !keystorePath.isBlank()) {
-				System.setProperty("javax.net.ssl.keyStore", keystorePath);
-				System.setProperty("javax.net.ssl.trustStore", keystorePath);
-				if (keystorePassword != null) {
-					System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword);
-					System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword);
-				}
-			}
-
 			connectionFactory = new MQConnectionFactory();
 			connectionFactory.setConnectionNameList(connectionNameList);
 			connectionFactory.setQueueManager(queueManager);
@@ -99,6 +99,11 @@ public class IbmMqConnector implements Connector {
 				connectionFactory.setStringProperty(WMQConstants.PASSWORD, password);
 			}
 
+			if (keystorePath != null && !keystorePath.isBlank() && keystorePassword != null
+					&& !keystorePassword.isBlank()) {
+				connectionFactory.setSSLSocketFactory(getSslSocketFactory(keystorePath, keystorePassword));
+			}
+
 			if (sslCipherSuite != null && !sslCipherSuite.isBlank()) {
 				connectionFactory.setSSLCipherSuite(sslCipherSuite);
 			}
@@ -462,4 +467,36 @@ public class IbmMqConnector implements Connector {
 			}
 		}
 	}
+
+	private SSLSocketFactory getSslSocketFactory(String keystorePath, String keystorePassword) throws Exception {
+		// --- keystore ---
+		KeyStore keyStore = KeyStore.getInstance("JKS");
+		InputStream ksStream = IbmMqConnector.class.getClassLoader().getResourceAsStream(keystorePath);
+
+		if (ksStream == null) {
+			throw new IllegalStateException("Keystore not found: " + keystorePath);
+		}
+		keyStore.load(ksStream, keystorePassword.toCharArray());
+		
+		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+		kmf.init(keyStore, keystorePassword.toCharArray());
+
+		// --- truststore ---
+		KeyStore trustStore = KeyStore.getInstance("JKS");
+		InputStream tsStream = IbmMqConnector.class.getClassLoader().getResourceAsStream(keystorePath);
+
+		if (tsStream == null) {
+			throw new IllegalStateException("Truststore not found: " + keystorePath);
+		}
+		trustStore.load(tsStream, keystorePassword.toCharArray());
+
+		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+		tmf.init(trustStore);
+
+		// --- SSL context ---
+		SSLContext sslContext = SSLContext.getInstance(TLS_VERSION);
+		sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+
+		return sslContext.getSocketFactory();
+	}
 }

test-harness/src/main/java/cz/moneta/test/harness/endpoints/imq/ImqFirstVisionEndpoint.java

@@ -38,6 +38,8 @@ public class ImqFirstVisionEndpoint implements Endpoint {
 	private static final String VAULT_PATH_KEY = "vault.imq-first-vision.secrets.path";
 	private static final String VAULT_KEYSTORE_PASSWORD_KEY = "keystorePassword";
 	
+	private static final String KEYSTORE_PATH = "keystores/imq-keystore.jks";
+
 	/**
 	 * Constructor that reads configuration from StoreAccessor.
 	 */
@@ -52,12 +54,9 @@ public class ImqFirstVisionEndpoint implements Endpoint {
 
 		loadCredentialsFromVault();
 
-		// SSL configuration (optional)
-		String keystorePath = "/home/kamma/aa/mq-docker/truststore.jks";
-
 		try {
 			this.connector = new IbmMqConnector(connectionNameList, channel, queueManager, username, password,
-					keystorePath, keystorePassword, sslCipherSuite);
+					KEYSTORE_PATH, keystorePassword, sslCipherSuite);
 
 			LOG.info("Initialized IBM MQ First Vision endpoint for queue manager: {}", queueManager);
 

tests/src/test/resources/envs/mq

@@ -7,8 +7,6 @@ endpoints.imq-first-vision.connection-name-list=localhost(1414)
 endpoints.imq-first-vision.channel=DEV.APP.SVRCONN
 endpoints.imq-first-vision.queue-manager=QM1
 endpoints.imq-first-vision.ssl-cipher-suite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-endpoints.imq-first-vision.keystore.path=/home/kamma/aa/mq-docker/truststore.jks
-endpoints.imq-first-vision.keystore.password=changeit
 
 #IBM MQ queues
 endpoints.imq-first-vision.payment-notifications.queue=DEV.QUEUE.1