Perform Secure Lookups

TIBCO Enterprise Message Service client programs can perform secure JNDI lookups using the Transport Layer Security (TLS) protocol. To accomplish this, the client program must set TLS properties in the environment when the InitialContext is created. The TLS properties are similar to the TLS properties for the TIBCO Enterprise Message Service server.

See TLS Protocol for more information about using TLS in the TIBCO Enterprise Message Service server.

The following examples illustrate how to create an InitialContext that can be used to perform JNDI lookups using the TLS protocol.

• Java

  In this example, the port number specified for the Context.PROVIDER_URL is set to the TLS listen port that was specified in the server configuration file tibjsmd.conf. The value for TibjmsContext.SECURITY_PROTOCOL is set to ssl. Finally, the value of TibjmsContext.SSL_ENABLE_VERIFY_HOST is set to "false" to turn off server authentication. Because of this, no trusted certificates need to be provided and the client will then not verify the server it is using for the JNDI lookup against the server’s certificate.

  Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
           "com.tibco.tibjms.naming.TibjmsInitialContextFactory");
    env.put(Context.PROVIDER_URL, tibjmsnaming://jmshost:7223);
    env.put(Context.URL_PKG_PREFIXES, "com.tibco.tibjms.naming")
    env.put(TibjmsContext.SECURITY_PROTOCOL, "ssl");
    env.put(TibjmsContext.SSL_ENABLE_VERIFY_HOST, 
           new Boolean("false"));
  Context context = new InitialContext(env);

• C

  Create a tibemsSSLParams object and use the tibemsSSLParams_SetIdentityFile function to establish the client identity by means of a pkcs12 file. Use the tibemsLookupContext_CreateSSL function to create a tibemsLookupContext object that uses a TLS connection for the initial context.

  tibemsLookupContext*     context   = NULL;
  tibemsConnection_Factory factory   = NULL;
  tibemsSSLParams          sslParams = NULL;
  tibems_status            status    = TIBEMS_OK;
   
  sslParams = tibemsSSLParams_Create(); 
  status = tibemsSSLParams_SetIdentityFile(
                                   ssl_params,
                                   "client_identity.p12",
                                   TIBEMS_SSL_ENCODING_AUTO);
   
  status = tibemsLookupContext_CreateSSL(
                                   &context,
                                    "tcp://localhost:7222",
                                   "userName",
                                   "password",
                                   sslParams,
                                   "pk_password");

• C#

  Create a ILookupContext object for the initial context over a TLS connection. The TLS Store Info consists of a pkcs12 file that identifies the client and the client’s password, which are stored in an EMSSSLFileStoreInfo object.

  string ssl_identity  = client_identity.p12;
  string ssl_target_hostname =  "server";
  string ssl_password = "password";
   
  EMSSSLFileStoreInfo StoreInfo = new EMSSSLFileStoreInfo();
    info.SetSSLClientIdentity(ssl_identity);
    info.SetSSLPassword(ssl_password.ToCharArray());
   
  Hashtable env = new Hashtable();
    env.Add(LookupContext.PROVIDER_URL, "adc1.na.tibco.com:10636");
    env.Add(LookupContext.SECURITY_PRINCIPAL", "myUserName");
    env.Add(LookupContext.SECURITY_CREDENTIALS", "myPassword");
    env.Add(LookupContext.SECURITY_PROTOCOL, "ssl");             
    env.Add(LookupContext.SSL_TARGET_HOST_NAME,                      ssl_target_hostname);
    env.Add(LookupContext.SSL_STORE_TYPE,                      EMSSSLStoreType.EMSSSL_STORE_TYPE_FILE);
    env.Add(LookupContext.SSL_STORE_INFO, StoreInfo);

Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.