Perform Secure Lookups

TIBCO Enterprise Message Service client programs can perform secure JNDI lookups using the Secure Sockets Layer (SSL) protocol. To accomplish this, the client program must set SSL properties in the environment when the InitialContext is created. The SSL properties are similar to the SSL properties for the TIBCO Enterprise Message Service server.

See SSL Protocol for more information about using SSL in the TIBCO Enterprise Message Service server.

The following examples illustrate how to create an InitialContext that can be used to perform JNDI lookups using the SSL protocol.

• Java

  In this example, the port number specified for the Context.PROVIDER_URL is set to the SSL listen port that was specified in the server configuration file tibjsmd.conf. The value for TibjmsContext.SECURITY_PROTOCOL is set to ssl. Finally, the value of TibjmsContext.SSL_ENABLE_VERIFY_HOST is set to "false" to turn off server authentication. Because of this, no trusted certificates need to be provided and the client will then not verify the server it is using for the JNDI lookup against the server’s certificate.

  Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
           "com.tibco.tibjms.naming.TibjmsInitialContextFactory");
    env.put(Context.PROVIDER_URL, tibjmsnaming://jmshost:7223);
    env.put(Context.URL_PKG_PREFIXES, "com.tibco.tibjms.naming")
    env.put(TibjmsContext.SECURITY_PROTOCOL, "ssl");
    env.put(TibjmsContext.SSL_ENABLE_VERIFY_HOST, 
           new Boolean("false"));
  Context context = new InitialContext(env);

• C

  Create a tibemsSSLParams object and use the tibemsSSLParams_SetIdentityFile function to establish the client identity by means of a pkcs12 file. Use the tibemsLookupContext_CreateSSL function to create a tibemsLookupContext object that uses an SSL connection for the initial context.

  tibemsLookupContext*     context   = NULL;
  tibemsConnection_Factory factory   = NULL;
  tibemsSSLParams          sslParams = NULL;
  tibems_status            status    = TIBEMS_OK;
  
  sslParams = tibemsSSLParams_Create(); 
  status = tibemsSSLParams_SetIdentityFile(
                                   ssl_params,
                                   "client_identity.p12",
                                   TIBEMS_SSL_ENCODING_AUTO);
  
  status = tibemsLookupContext_CreateSSL(
                                   &context,
                                    "tibjmsnaming://localhost:7222",
                                   "userName",
                                   "password",
                                   sslParams,
                                   "pk_password");

• C#

  Create a ILookupContext object for the initial context over an SSL connection. The SSL Store Info consists of a pkcs12 file that identifies the client and the client’s password, which are stored in an EMSSSLFileStoreInfo object.

  string ssl_identity  = client_identity.p12;
  string ssl_target_hostname =  "server";
  string ssl_password = "password";
  
  EMSSSLFileStoreInfo StoreInfo = new EMSSSLFileStoreInfo();
    info.SetSSLClientIdentity(ssl_identity);
    info.SetSSLPassword(ssl_password.ToCharArray());
  
  Hashtable env = new Hashtable();
    env.Add(LookupContext.PROVIDER_URL, "adc1.na.tibco.com:10636");
    env.Add(LookupContext.SECURITY_PRINCIPAL", "myUserName");
    env.Add(LookupContext.SECURITY_CREDENTIALS", "myPassword");
    env.Add(LookupContext.SECURITY_PROTOCOL, "ssl");             
    env.Add(LookupContext.SSL_TARGET_HOST_NAME,                      ssl_target_hostname);
    env.Add(LookupContext.SSL_STORE_TYPE,                      EMSSSLStoreType.EMSSSL_STORE_TYPE_FILE);
    env.Add(LookupContext.SSL_STORE_INFO, StoreInfo);

Copyright © Cloud Software Group, Inc. All rights reserved.