SSL

官方地址:http://www.rabbitmq.com/ssl.html

百科:

SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。

分为 单向认证 和 双向认证。RabbitMQ 采用的是双向认证方式。

一、配置过程:

# mkdir testca

# cd testca

# mkdir certs private

# chmod 700 private

# echo 01 > serial

# touch index.txt

下面这段保存成 openssl.cnf 文件

[ ca ]

default_ca = testca

[ testca ]

dir = .

certificate = $dir/cacert.pem

database = $dir/index.txt

new_certs_dir = $dir/certs

private_key = $dir/private/cakey.pem

serial = $dir/serial

default_crl_days =

default_days =

default_md = sha256

policy = testca_policy

x509_extensions = certificate_extensions

[ testca_policy ]

commonName = supplied

stateOrProvinceName = optional

countryName = optional

emailAddress = optional

organizationName = optional

organizationalUnitName = optional

domainComponent = optional

[ certificate_extensions ]

basicConstraints = CA:false

[ req ]

default_bits =

default_keyfile = ./private/cakey.pem

default_md = sha256

prompt = yes

distinguished_name = root_ca_distinguished_name

x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]

commonName = hostname

[ root_ca_extensions ]

basicConstraints = CA:true

keyUsage = keyCertSign, cRLSign

[ client_ca_extensions ]

basicConstraints = CA:false

keyUsage = digitalSignature

extendedKeyUsage = 1.3.6.1.5.5.7.3.

[ server_ca_extensions ]

basicConstraints = CA:false

keyUsage = keyEncipherment

extendedKeyUsage = 1.3.6.1.5.5.7.3.

自己颁发给自己的 ca 证书

# openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes

# openssl x509 -in cacert.pem -out cacert.cer -outform DER

服务器 证书

# cd ..

# ls

testca

# mkdir server

# cd server

# openssl genrsa -out key.pem 2048

# openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes

# cd ../testca

# openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions server_ca_extensions

# cd ../server

# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword

客户端 证书

# cd ..

# ls

server testca

# mkdir client

# cd client

# openssl genrsa -out key.pem 2048

# openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes

# cd ../testca

# openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions

# cd ../client

# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword

将 testca/cacert.pem、server/cert.pem、server/key.pem 复制到 /etc/rabbitmq/ssl/ 目录下面,记得查看权限,否则报 read timeout 异常

添加配置文件

二、java代码测试

cmd命令:

C:\Program Files\Java\jdk1.8.0_25>keytool -import -alias server1 -file D:\openssl\bin\server\cert.pem -keystore D:\openssl\bin\server\rabbitstore

项目截图:(拷贝 client/keycert.p12 和 rabbitstore 到项目中)

import java.io.FileInputStream;

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManagerFactory;

import com.rabbitmq.client.Channel;

import com.rabbitmq.client.Connection;

import com.rabbitmq.client.ConnectionFactory;

import com.rabbitmq.client.GetResponse;

public class Example2 {

     public static void main(String[] args) throws Exception

     {

       char[] keyPassphrase = "MySecretPassword".toCharArray();

       KeyStore ks = KeyStore.getInstance("PKCS12");

       ks.load(new FileInputStream(Class.class.getResource("/").getPath() + "keycert.p12"), keyPassphrase);

       KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

       kmf.init(ks, keyPassphrase);

       char[] trustPassphrase = "rabbitstore".toCharArray();

       KeyStore tks = KeyStore.getInstance("JKS");

       tks.load(new FileInputStream(Class.class.getResource("/").getPath() + "rabbitstore"), trustPassphrase);

       TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

       tmf.init(tks);

       SSLContext c = SSLContext.getInstance("TLSv1.1");

       c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

       ConnectionFactory factory = new ConnectionFactory();

       factory.setHost("");

       factory.setPort(5671);

       factory.setUsername("");

       factory.setPassword("");

       factory.useSslProtocol(c);

       Connection conn = factory.newConnection();

       Channel channel = conn.createChannel();

       channel.queueDeclare("rabbitmq-java-test", false, true, true, null);

       channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes());

       GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);

       if(chResponse == null) {

           System.out.println("No message retrieved");

       } else {

           byte[] body = chResponse.getBody();

           System.out.println("Recieved: " + new String(body));

       }

       channel.close();

       conn.close();

   }

}

结果:

三、c#代码测试

导入自颁发证书

using RabbitMQ.Client;

using RabbitMQ.Util;

using System;

using System.Net.Security;

using System.Text;

namespace TestSSL

{

    class Program

    {

        public static void Main(string[] args)

        {

            try

            {

                ConnectionFactory cf = new ConnectionFactory()

                    {

                        HostName = "",

                        Port = ,

                        UserName = "",

                        Password = ""

                    };

                cf.Ssl.ServerName = "10-10-43-207"; //必须同服务器证书中设置的 CN 名称一致

                cf.Ssl.CertPath = AppDomain.CurrentDomain.BaseDirectory + "client\\keycert.p12";

                cf.Ssl.CertPassphrase = "MySecretPassword";

                cf.Ssl.AcceptablePolicyErrors = //SslPolicyErrors.RemoteCertificateNameMismatch |

                                                SslPolicyErrors.RemoteCertificateNotAvailable |

                                                SslPolicyErrors.RemoteCertificateChainErrors;

                cf.Ssl.Enabled = true;

                using (IConnection conn = cf.CreateConnection())

                {

                    using (IModel ch = conn.CreateModel())

                    {

                        ch.QueueDeclare("rabbitmq-dotnet-test", false, false, false, null);

                        ch.BasicPublish("", "rabbitmq-dotnet-test", null,

                                        Encoding.UTF8.GetBytes("Hello, World"));

                        BasicGetResult result = ch.BasicGet("rabbitmq-dotnet-test", true);

                        if (result == null)

                        {

                            Console.WriteLine("No message received.");

                        }

                        else

                        {

                            Console.WriteLine("Received:");

                            DebugUtil.DumpProperties(result, Console.Out, );

                        }

                        ch.QueueDelete("rabbitmq-dotnet-test");

                    }

                }

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.InnerException);

            }

            Console.ReadKey(true);

        }

    }

}

结果:

最新文章

  1. Fd.Service 轻量级WebApi框架
  2. 解决webkit浏览器中js方法中使用window.event提示未定义的问题
  3. 清除系统日志及数据库(sql server)日志最佳实践
  4. 【C语言入门教程】5.6 函数库和文件
  5. struts2基础——自定义拦截器
  6. alloc、init你弄懂50%了吗?
  7. 封装TableView有可能用到的数据结构和UITableViewCell的一个继承类
  8. Python的类与类型
  9. Java笔试
  10. HDU ACM 1879 继续畅通工程
  11. Django ORM相关
  12. XML与HTML区别
  13. android Toast大全(五种情形)建立属于你自己的Toast
  14. IO流(1)File类构造方法
  15. Visual Studio 2013旗舰版KEY
  16. 关于move
  17. LNMP架构下的nginx、mysql、php的源码安装
  18. 添加APP右上角数字提醒标识
  19. Zabbix学习之路(五)之MySQL监控
  20. UML建模之时序图(Sequence Diagram)教程

热门文章

  1. JS对象实现随机满天小星星实例
  2. cocoapods:安装/更新Ruby环境教程
  3. jQuery extend方法使用及实现
  4. template 不能分别在.h和.cpp中定义模板
  5. spring logback 配置
  6. linux软连接和硬链接
  7. final发布评价
  8. Codeforces Round #379 (Div. 2) F. Anton and School
  9. java 自动登录代码
  10. CDN 技术详解(DNS,GSLB,Cache)