Activemq 使用 SSL

 activeqm 使用ssl 除了配置服务端外客户端连接的时候也需要使用ssl,网上的和官方的资料都比较散，因此收集到一起做写例子，共两个部分。第一部分是配置服务端，第二部分是客户端测试连接。

  http://activemq.apache.org/download.html

 先到官方下载activemq 目前版本是5.2.0，

 

 第一部分 配置服务端

 按官方http://activemq.apache.org/how-do-i-use-ssl.html

的4步分生成ks,和ts文件。

Also see Tomcat's SSL instructions for more info. The following was provided by Colin Kilburn. Thanks Colin!

1. Using keytool, create a certificate for the broker:

   keytool -genkey -alias broker -keyalg RSA -keystore broker.ks

2. Export the broker's certificate so it can be shared with clients:

   keytool -export -alias broker -keystore broker.ks -file broker_cert

3. Create a certificate/keystore for the client:

   keytool -genkey -alias client -keyalg RSA -keystore client.ks

4. Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:

   keytool -import -alias broker -keystore client.ts -file broker_cert

     配置activemq.xml sslContext配好生成文件的路径和密码

   <sslContext keyStore="file:${activemq.base}/conf/broker.ks" keyStorePassword="pwd"            trustStore="file:${activemq.base}/conf/client.ts" trustStorePassword="pwd"/>

    配置ssl端口

<transportConnectors>

  <transportConnector name="ssl" uri="ssl://192.168.1.8:61617"/>

</transportConnectors>

 

启动 activemq  服务端配置完毕。

 

 

    第二部分是客户端测试连接。

    需要服务端生成的client.ks和client.ts文件

 

import java.io.FileInputStream;
import java.security.KeyStore;

import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.activemq.ActiveMQSslConnectionFactory;

/**
 * @author xiaoming
 *
 */
public class SslProducer {

    // keystore client path
    private String keyStore = "E://client.ks";

    // truststore client path
    private String trustStore = "E://client.ts";

    private String keyStorePassword = "pwd";
   
    private String url = "ssl://192.168.1.8:61617";

    public void sendMessage(){
       
        Connection conn = null;
        Session session = null;
        Destination dest = null;
        MessageProducer prd = null;
       
        try{
            //实例化 ActiveMQSslConnectionFactory
            ActiveMQSslConnectionFactory sslConnectionFactory = new ActiveMQSslConnectionFactory();
            //设置连接
            sslConnectionFactory.setBrokerURL(url);
            //设置keystore client path 和 truststore client
            sslConnectionFactory.setKeyAndTrustManagers(getKeyManagers(keyStore, keyStorePassword), getTrustManagers(trustStore),
                                                        new java.security.SecureRandom());
            conn = sslConnectionFactory.createConnection();
            conn.start();
            session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
            dest = session.createQueue("testSsl");
            prd = session.createProducer(dest);
            Message msg = session.createTextMessage("test ssl send....");
            prd.send(msg);
            System.out.println("send success.............");
        }catch(Exception ex){
            ex.printStackTrace();
        }finally{
            try{
            if(prd !=null){
                prd.close();
            }
            if(session !=null ){
                session.close();
            }
            if(conn!=null){
                conn.close();
            }
            }catch(JMSException jex){
                jex.printStackTrace();
            }
        }
       
       

    }

    private TrustManager[] getTrustManagers(String trustStore)
            throws java.security.NoSuchAlgorithmException,
            java.security.KeyStoreException, java.io.IOException,
            java.security.GeneralSecurityException {
        System.out.println("Initiating TrustManagers");

        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream(trustStore), null);
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);

        System.out.println("Initiated TrustManagers");

        return tmf.getTrustManagers();
    }

    private KeyManager[] getKeyManagers(String keyStore, String keyStorePassword)
            throws java.security.NoSuchAlgorithmException,
            java.security.KeyStoreException,
            java.security.GeneralSecurityException,
            java.security.cert.CertificateException, java.io.IOException,
            java.security.UnrecoverableKeyException {
        System.out.println("Initiating KeyManagers");

        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
                .getDefaultAlgorithm());
        kmf.init(ks, keyStorePassword.toCharArray());

        System.out.println("Initiated KeyManagers");

        return kmf.getKeyManagers();

    }

    public static void main(String[] args) {
        SslProducer sslProducer = new SslProducer();
        sslProducer.sendMessage();
    }

}

 

测试发送Message。。。