0

I have code where I connect to a broker using the JMX protocol but without SSL. I made the broker settings so that it works via SSL, but how can I attach a certificate in an application that uses JMX?

Configuration from broker.xml:

<acceptor name="main-connector">tcp://localhost:61617?tcpSendBufferSize=1048576;amqpMinLargeMessageSize=102400;tcpReceiveBufferSize=1048576;sslEnabled=true;keyStorePath=keystore_server.jks;trustStorePath=truststore_server.jks;keyStorePassword=qwerty;trustStorePassword=qwerty;needClientAuth=true;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;enabledCipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA;enabledProtocols=TLSv1.3,TLSv1.2</acceptor>

The structure of my broker folder:

enter image description here

My code for connecting via JMX:

public static MBeanServerConnection connectBroker(String brokerUrl, String login, String password) {
    MBeanServerConnection mBeanServerConnection = null;
    try {
        Map<String, String[]> env = new HashMap();
        String[] creds = {login, password};
        env.put(JMXConnector.CREDENTIALS, creds);
        JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + brokerUrl + "/jmxrmi"), env);
        mBeanServerConnection = connector.getMBeanServerConnection();
        DialogsAlert.brokerJmxRmiConnectionSuccess.showAndWait();
        LOGGER.log(Level.INFO,"success" + brokerUrl);
    } catch (Exception e) {
        LOGGER.log(Level.WARNING,"fail", e);
    }
    return mBeanServerConnection;
}

I don't really understand how to enclose my keystore.

Justin Bertram
  • 29,372
  • 4
  • 21
  • 43
Vanish
  • 57
  • 6

1 Answers1

1

The first problem with your broker configuration is that JMX connectivity is not configured in broker.xml. It is configured in management.xml as described in the documentation. Keep in mind that JMX and JMS connections are completely different. JMS is for messaging and JMX is for management.

SSL parameters can be configured on the JMX client application using these system properties:

  • javax.net.ssl.keyStore
  • javax.net.ssl.keyStoreType
  • javax.net.ssl.keyStorePassword
  • javax.net.ssl.trustStore
  • javax.net.ssl.trustStoreType
  • javax.net.ssl.trustStorePassword

More details are available in the Java documentation.

Justin Bertram
  • 29,372
  • 4
  • 21
  • 43
  • The JMX settings are configured in broker.xml and management.xml. If you need to use system properties, can I change them at runtime? Let's say it will be a graphical application that will dynamically change the parameters on the button. Will they be able to change at runtime? And how can I finally connect to the broker via ssl? – Vanish Aug 28 '23 at 07:56
  • What JMX connectivity settings are in `broker.xml`? – Justin Bertram Aug 28 '23 at 21:44
  • You can change system properties at runtime. Simply use [`System.setProperty()`](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/System.html#setProperty(java.lang.String,java.lang.String)). – Justin Bertram Aug 28 '23 at 21:45
  • jmx settings in broker.xml: true In Map env should I put these values? env.put("jmx.remote.x.password.file", System.getProperty("password.file","")); – Vanish Aug 29 '23 at 08:14
  • The `jmx-management-enabled` is just a general switch to enable JMX management on the broker. It doesn't control anything related to _connectivity_. The `jmx.remote.x.password.file` property is for configuration of the MBean _server_, not the client. – Justin Bertram Aug 29 '23 at 20:30