Our next example will be a modification of the previous one, to now use our Key Store with our Key Manager and Trust Manager
- import java.io.*;
- import java.security.*;
- import javax.net.ssl.*;
-
- import com.rabbitmq.client.*;
+import java.io.*;
+import java.security.*;
+import javax.net.ssl.*;
+import com.rabbitmq.client.*;
- public class Example2
- {
- public static void main(String[] args) throws Exception
- {
+public class Example2 {
+ public static void main(String[] args) throws Exception {
char[] keyPassphrase = "MySecretPassword".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("/path/to/client/keycert.p12"), keyPassphrase);
@@ -1102,6 +1094,7 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
+ factory.enableHostnameVerification();
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
@@ -1109,16 +1102,14 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes());
-
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
- if(chResponse == null) {
+ if (chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
- System.out.println("Recieved: " + new String(body));
+ System.out.println("Received: " + new String(body));
}
-
channel.close();
conn.close();
}
@@ -1128,6 +1119,31 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
your RabbitMQ server with a certificate that has not been imported
into the key store and watch the verification exceptions decorate your
screen.
+
+ Note hostname verification must be explicitly enabled with
+ ConnectionFactory#enableHostnameVerification(). This checks
+ that the server certificate has been issued for the hostname the
+ client is requested. If you're using Java 6, you need to add
+ the Commons HttpClient dependency to your project, e.g. for Maven
+ and Gradle:
+
+
+<!-- Maven dependency to add for hostname verification on Java 6 -->
+<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.5.6</version>
+</dependency>
+
+
+// Gradle dependency to add for hostname verification on Java 6
+compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6'
+
+ If you don't want to use Commons HttpClient, use
+ ConnectionFactory#enableHostnameVerification(HostnameVerifier)
+ with the HostnameVerifier instance of your choice. Again, this is
+ needed only for Java 6, hostname verification is built-in in Java 7 and more.
+