activeqm 使用ssl 除了配置服务端外客户端连接的时候也需要使用ssl,网上的和官方的资料都比较散,因此收集到一起做写例子,共两个部分。第一部分是配置服务端,第二部分是客户端测试连接。
http://activemq.apache.org/download.html
先到官方下载activemq 目前版本是5.2.0,
第一部分 配置服务端
按官方http://activemq.apache.org/how-do-i-use-ssl.html
的4步分生成ks,和ts文件。
Also see Tomcat's SSL instructions for more info. The following was provided by Colin Kilburn. Thanks Colin!
- Using keytool, create a certificate for the broker:
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
- Export the broker's certificate so it can be shared with clients:
keytool -export -alias broker -keystore broker.ks -file broker_cert
- Create a certificate/keystore for the client:
keytool -genkey -alias client -keyalg RSA -keystore client.ks
- Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:
keytool -import -alias broker -keystore client.ts -file broker_cert
配置activemq.xml sslContext配好生成文件的路径和密码
<sslContext keyStore="file:${activemq.base}/conf/broker.ks" keyStorePassword="pwd" trustStore="file:${activemq.base}/conf/client.ts" trustStorePassword="pwd"/>
配置ssl端口
<transportConnectors>
<transportConnector name="ssl" uri="ssl://192.168.1.8:61617"/>
</transportConnectors>
启动 activemq 服务端配置完毕。
第二部分是客户端测试连接。
需要服务端生成的client.ks和client.ts文件
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.activemq.ActiveMQSslConnectionFactory;
/**
* @author xiaoming
*
*/
public class SslProducer {
// keystore client path
private String keyStore = "E://client.ks";
// truststore client path
private String trustStore = "E://client.ts";
private String keyStorePassword = "pwd";
private String url = "ssl://192.168.1.8:61617";
public void sendMessage(){
Connection conn = null;
Session session = null;
Destination dest = null;
MessageProducer prd = null;
try{
//实例化 ActiveMQSslConnectionFactory
ActiveMQSslConnectionFactory sslConnectionFactory = new ActiveMQSslConnectionFactory();
//设置连接
sslConnectionFactory.setBrokerURL(url);
//设置keystore client path 和 truststore client
sslConnectionFactory.setKeyAndTrustManagers(getKeyManagers(keyStore, keyStorePassword), getTrustManagers(trustStore),
new java.security.SecureRandom());
conn = sslConnectionFactory.createConnection();
conn.start();
session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
dest = session.createQueue("testSsl");
prd = session.createProducer(dest);
Message msg = session.createTextMessage("test ssl send....");
prd.send(msg);
System.out.println("send success.............");
}catch(Exception ex){
ex.printStackTrace();
}finally{
try{
if(prd !=null){
prd.close();
}
if(session !=null ){
session.close();
}
if(conn!=null){
conn.close();
}
}catch(JMSException jex){
jex.printStackTrace();
}
}
}
private TrustManager[] getTrustManagers(String trustStore)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException, java.io.IOException,
java.security.GeneralSecurityException {
System.out.println("Initiating TrustManagers");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(trustStore), null);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
System.out.println("Initiated TrustManagers");
return tmf.getTrustManagers();
}
private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.GeneralSecurityException,
java.security.cert.CertificateException, java.io.IOException,
java.security.UnrecoverableKeyException {
System.out.println("Initiating KeyManagers");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(ks, keyStorePassword.toCharArray());
System.out.println("Initiated KeyManagers");
return kmf.getKeyManagers();
}
public static void main(String[] args) {
SslProducer sslProducer = new SslProducer();
sslProducer.sendMessage();
}
}
测试发送Message。。。