Perform Secure Lookups
TIBCO Enterprise Message Service client programs can perform secure JNDI lookups using the Transport Layer Security (TLS) protocol. To accomplish this, the client program must set TLS properties in the environment when the
InitialContext
is created. The TLS properties are similar to the TLS properties for the TIBCO Enterprise Message Service server.
See TLS Protocol for more information about using TLS in the TIBCO Enterprise Message Service server.
The following examples illustrate how to create an
InitialContext
that can be used to perform JNDI lookups using the TLS protocol.
- Java
In this example, the port number specified for the
Context.PROVIDER_URL
is set to the TLS listen port that was specified in the server configuration filetibjsmd.conf
. The value forTibjmsContext.SECURITY_PROTOCOL
is set tossl
. Finally, the value ofTibjmsContext.SSL_ENABLE_VERIFY_HOST
is set to "false" to turn off server authentication. Because of this, no trusted certificates need to be provided and the client will then not verify the server it is using for the JNDI lookup against the server’s certificate.Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.tibco.tibjms.naming.TibjmsInitialContextFactory");
env.put(Context.PROVIDER_URL, tibjmsnaming://jmshost:7223);
env.put(Context.URL_PKG_PREFIXES, "com.tibco.tibjms.naming")
env.put(TibjmsContext.SECURITY_PROTOCOL, "ssl");
env.put(TibjmsContext.SSL_ENABLE_VERIFY_HOST,
new Boolean("false"));
Context context = new InitialContext(env);
- C
Create a
tibemsSSLParams
object and use thetibemsSSLParams_SetIdentityFile
function to establish the client identity by means of apkcs12
file. Use thetibemsLookupContext_CreateSSL
function to create atibemsLookupContext
object that uses a TLS connection for the initial context.tibemsLookupContext* context = NULL;
tibemsConnection_Factory factory = NULL;
tibemsSSLParams sslParams = NULL;
tibems_status status = TIBEMS_OK;
sslParams = tibemsSSLParams_Create();
status = tibemsSSLParams_SetIdentityFile(
ssl_params,
"client_identity.p12",
TIBEMS_SSL_ENCODING_AUTO);
status = tibemsLookupContext_CreateSSL(
&context,
"tcp://localhost:7222",
"userName",
"password",
sslParams,
"pk_password");
- C#
Create a
ILookupContext
object for the initial context over a TLS connection. The TLS Store Info consists of a pkcs12 file that identifies the client and the client’s password, which are stored in anEMSSSLFileStoreInfo
object.string ssl_identity = client_identity.p12;
string ssl_target_hostname = "server";
string ssl_password = "password";
EMSSSLFileStoreInfo StoreInfo = new EMSSSLFileStoreInfo();
info.SetSSLClientIdentity(ssl_identity);
info.SetSSLPassword(ssl_password.ToCharArray());
Hashtable env = new Hashtable();
env.Add(LookupContext.PROVIDER_URL, "adc1.na.tibco.com:10636");
env.Add(LookupContext.SECURITY_PRINCIPAL", "myUserName");
env.Add(LookupContext.SECURITY_CREDENTIALS", "myPassword");
env.Add(LookupContext.SECURITY_PROTOCOL, "ssl");
env.Add(LookupContext.SSL_TARGET_HOST_NAME,
ssl_target_hostname);env.Add(LookupContext.SSL_STORE_TYPE,
EMSSSLStoreType.EMSSSL_STORE_TYPE_FILE);env.Add(LookupContext.SSL_STORE_INFO, StoreInfo);