首页 > 代码库 > RabbitMQ(五)
RabbitMQ(五)
SSL
官方地址:http://www.rabbitmq.com/ssl.html
百科:
SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
分为 单向认证 和 双向认证。RabbitMQ 采用的是双向认证方式。
一、配置过程:
# mkdir testca# cd testca# mkdir certs private# chmod 700 private# echo 01 > serial# touch index.txt
下面这段保存成 openssl.cnf 文件
[ ca ]default_ca = testca[ testca ]dir = .certificate = $dir/cacert.pemdatabase = $dir/index.txtnew_certs_dir = $dir/certsprivate_key = $dir/private/cakey.pemserial = $dir/serialdefault_crl_days = 7default_days = 365default_md = sha256policy = testca_policyx509_extensions = certificate_extensions[ testca_policy ]commonName = suppliedstateOrProvinceName = optionalcountryName = optionalemailAddress = optionalorganizationName = optionalorganizationalUnitName = optionaldomainComponent = optional[ certificate_extensions ]basicConstraints = CA:false[ req ]default_bits = 2048default_keyfile = ./private/cakey.pemdefault_md = sha256prompt = yesdistinguished_name = root_ca_distinguished_namex509_extensions = root_ca_extensions[ root_ca_distinguished_name ]commonName = hostname[ root_ca_extensions ]basicConstraints = CA:truekeyUsage = keyCertSign, cRLSign[ client_ca_extensions ]basicConstraints = CA:falsekeyUsage = digitalSignatureextendedKeyUsage = 1.3.6.1.5.5.7.3.2[ server_ca_extensions ]basicConstraints = CA:falsekeyUsage = keyEnciphermentextendedKeyUsage = 1.3.6.1.5.5.7.3.1
自己颁发给自己的 ca 证书
# openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes# openssl x509 -in cacert.pem -out cacert.cer -outform DER
服务器 证书
# cd ..# lstestca# mkdir server# cd server# openssl genrsa -out key.pem 2048# openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes# cd ../testca# openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions server_ca_extensions# cd ../server# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword
客户端 证书
# cd ..# lsserver testca# mkdir client# cd client# openssl genrsa -out key.pem 2048# openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes# cd ../testca# openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions# cd ../client# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword
将 testca/cacert.pem、server/cert.pem、server/key.pem 复制到 /etc/rabbitmq/ssl/ 目录下面,记得查看权限,否则报 read timeout 异常
添加配置文件
二、java代码测试(c#暂未通过,握手失败)
cmd命令:
C:\Program Files\Java\jdk1.8.0_25>keytool -import -alias server1 -file D:\openssl\bin\server\cert.pem -keystore D:\openssl\bin\server\rabbitstore
项目截图:(拷贝 client/keycert.p12 和 rabbitstore 到项目中)
import java.io.FileInputStream;import java.security.KeyStore;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManagerFactory;import com.rabbitmq.client.Channel;import com.rabbitmq.client.Connection;import com.rabbitmq.client.ConnectionFactory;import com.rabbitmq.client.GetResponse;public class Example2 { public static void main(String[] args) throws Exception { char[] keyPassphrase = "MySecretPassword".toCharArray(); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(new FileInputStream(Class.class.getResource("/").getPath() + "keycert.p12"), keyPassphrase); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, keyPassphrase); char[] trustPassphrase = "rabbitstore".toCharArray(); KeyStore tks = KeyStore.getInstance("JKS"); tks.load(new FileInputStream(Class.class.getResource("/").getPath() + "rabbitstore"), trustPassphrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(tks); SSLContext c = SSLContext.getInstance("TLSv1.1"); c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); ConnectionFactory factory = new ConnectionFactory(); factory.setHost(""); factory.setPort(5671); factory.setUsername(""); factory.setPassword(""); factory.useSslProtocol(c); Connection conn = factory.newConnection(); Channel channel = conn.createChannel(); channel.queueDeclare("rabbitmq-java-test", false, true, true, null); channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes()); GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false); if(chResponse == null) { System.out.println("No message retrieved"); } else { byte[] body = chResponse.getBody(); System.out.println("Recieved: " + new String(body)); } channel.close(); conn.close(); }}
结果:
RabbitMQ(五)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。