Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE YET Document hostname verification for Java client #572

Closed
wants to merge 1 commit into from
Closed

DO NOT MERGE YET Document hostname verification for Java client #572

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 38 additions & 22 deletions site/ssl.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1004,14 +1004,11 @@ Or, in the classic config format:
import java.io.*;
import java.security.*;


import com.rabbitmq.client.*;

public class Example1
{
public static void main(String[] args) throws Exception
{
public class Example1 {

public static void main(String[] args) throws Exception {
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
Expand All @@ -1027,16 +1024,14 @@ public class Example1
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes());


GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
if (chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
System.out.println("Received: " + new String(body));
}


channel.close();
conn.close();
}
Expand Down Expand Up @@ -1069,18 +1064,15 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
<p>Our next example will be a modification of the previous one, to now
use our Key Store with our Key Manager and Trust Manager</p>
<pre class="sourcecode java">
import java.io.*;
import java.security.*;
import javax.net.ssl.*;

import com.rabbitmq.client.*;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;

import com.rabbitmq.client.*;

public class Example2
{
public static void main(String[] args) throws Exception
{
public class Example2 {

public static void main(String[] args) throws Exception {
char[] keyPassphrase = &quot;MySecretPassword&quot;.toCharArray();
KeyStore ks = KeyStore.getInstance(&quot;PKCS12&quot;);
ks.load(new FileInputStream(&quot;/path/to/client/keycert.p12&quot;), keyPassphrase);
Expand All @@ -1102,23 +1094,22 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
factory.setHost(&quot;localhost&quot;);
factory.setPort(5671);
factory.useSslProtocol(c);
factory.enableHostnameVerification();

Connection conn = factory.newConnection();
Channel channel = conn.createChannel();

channel.queueDeclare(&quot;rabbitmq-java-test&quot;, false, true, true, null);
channel.basicPublish(&quot;&quot;, &quot;rabbitmq-java-test&quot;, null, &quot;Hello, World&quot;.getBytes());


GetResponse chResponse = channel.basicGet(&quot;rabbitmq-java-test&quot;, false);
if(chResponse == null) {
if (chResponse == null) {
System.out.println(&quot;No message retrieved&quot;);
} else {
byte[] body = chResponse.getBody();
System.out.println(&quot;Recieved: &quot; + new String(body));
System.out.println(&quot;Received: &quot; + new String(body));
}


channel.close();
conn.close();
}
Expand All @@ -1128,6 +1119,31 @@ keytool -import -alias server1 -file /path/to/server/cert.pem -keystore /path/to
your RabbitMQ server with a certificate that has not been imported
into the key store and watch the verification exceptions decorate your
screen.</p>
<p>
Note hostname verification must be explicitly enabled with
<code>ConnectionFactory#enableHostnameVerification()</code>. This checks
that the server certificate has been issued for the hostname the
client is requested. If you're using Java 6, you need to add
the Commons HttpClient dependency to your project, e.g. for Maven
and Gradle:
</p>
<pre class="sourcecode xml">
&lt;!-- Maven dependency to add for hostname verification on Java 6 --&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.apache.httpcomponents&lt;/groupId&gt;
&lt;artifactId&gt;httpclient&lt;/artifactId&gt;
&lt;version&gt;4.5.6&lt;/version&gt;
&lt;/dependency&gt;
</pre>
<pre class="sourcecode groovy">
// Gradle dependency to add for hostname verification on Java 6
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6'
</pre>
<p>If you don't want to use Commons HttpClient, use
<code>ConnectionFactory#enableHostnameVerification(HostnameVerifier)</code>
with the <code>HostnameVerifier</code> instance of your choice. Again, this is
needed only for Java 6, hostname verification is built-in in Java 7 and more.
</p>
</doc:subsection>

</doc:section>
Expand Down