On 5 September 2014 14:41, Dr. Frank Heuschen <[email protected]>
wrote:
> Hi,
>
>
>
> I am trying out to use proton-j 0.7 to communicate with a AMQP server that
> always uses SSL encryption. On order to do so, we received a pem file from
> the organisation operating the broker.
>
> While the proton-c port uses this file directly and worked like a charm, in
> Java it is not working with SSL at all for me.
>
>
>
> I tried the following:
>
> /// ==== 8< ==== ///
>
> if (addresses.size() < 1) {
>
>
> this.addresses.add("amqps://some_ip:some_port/queue://some_queue_name");
>
> this.addresses.add("amqps:// some_ip:some_port
> /topic://some_topic_name");
>
> }
>
> /// ==== 8< ==== ///
>
> messenger.start();
>
>
>
> messenger.setCertificate("path_2_file.pem");
>
> messenger.setPrivateKey("path_2_file.pem ");
>
>
>
So - I'm no expert on the Messenger API, but if you are the client
connecting to a server providing SSL I would expect that you should be
providing the certificates that you trust. The API calls above would seem
to be for the case where you are writing the server and you are providing
the certificate and the private key for the certificate.
Messenger appears to provide a method
messenger.setTrustedCertificates(String trusted);
Have you tried using this, and removing the two statements above?
>
> for (String address : addresses) {
>
> messenger.subscribe(address);
>
> }
>
> messenger.recv();
>
> /// ==== 8< ==== ///
>
>
>
> As soon as the function messenger.recv(); is called, the application is
> searching for classes from org. bouncycastle, which I added in the version
> 1.47 in maven, because the desired Functions are no longer available in
> later versions.
>
>
>
> Afterwards (as the bouncycastle stuff is available) I always receive the
> following error:
>
>
>
> org.apache.qpid.proton.engine.TransportException:
> org.apache.qpid.proton.engine.TransportException: File path_2_file.pem does
> not provide a object of the required type. Read an object of class
> org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey whilst
> expecting an implementation of one of the following : [class
> java.security.cert.Certificate]
>
>
>
As above - I think you are making the wrong API calls, calling
setPrivateKey() you would need to be providing a file containing an RSA
Private Key... but as the client you don't need to do this - you only need
to provide the certificate of the server you trust, or the certificate of a
signing authority who has signed the certificate of your server.
Hope this helps,
Rob
> What needs to be done, to have this working with the same pem files as in
> C?
> Should I convert the file to another format?
>
>
>
> Thanks an kind regards
>
> Frank
>
>
