I have code where I connect to a broker using the JMX protocol but without SSL. I made the broker settings so that it works via SSL, but how can I attach a certificate in an application that uses JMX?
Configuration from broker.xml
:
<acceptor name="main-connector">tcp://localhost:61617?tcpSendBufferSize=1048576;amqpMinLargeMessageSize=102400;tcpReceiveBufferSize=1048576;sslEnabled=true;keyStorePath=keystore_server.jks;trustStorePath=truststore_server.jks;keyStorePassword=qwerty;trustStorePassword=qwerty;needClientAuth=true;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;enabledCipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA;enabledProtocols=TLSv1.3,TLSv1.2</acceptor>
The structure of my broker folder:
My code for connecting via JMX:
public static MBeanServerConnection connectBroker(String brokerUrl, String login, String password) {
MBeanServerConnection mBeanServerConnection = null;
try {
Map<String, String[]> env = new HashMap();
String[] creds = {login, password};
env.put(JMXConnector.CREDENTIALS, creds);
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + brokerUrl + "/jmxrmi"), env);
mBeanServerConnection = connector.getMBeanServerConnection();
DialogsAlert.brokerJmxRmiConnectionSuccess.showAndWait();
LOGGER.log(Level.INFO,"success" + brokerUrl);
} catch (Exception e) {
LOGGER.log(Level.WARNING,"fail", e);
}
return mBeanServerConnection;
}
I don't really understand how to enclose my keystore.
The first problem with your broker configuration is that JMX connectivity is not configured in broker.xml
. It is configured in management.xml
as described in the documentation. Keep in mind that JMX and JMS connections are completely different. JMS is for messaging and JMX is for management.
SSL parameters can be configured on the JMX client application using these system properties:
javax.net.ssl.keyStore
javax.net.ssl.keyStoreType
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStoreType
javax.net.ssl.trustStorePassword
More details are available in the Java documentation.