Android client using SSL
608 views
Skip to first unread message
bry...@webbtide.com
Oct 17, 2016, 4:38:59 AM10/17/16
to rabbitmq-users
Just getting started with RabbitMQ, and trying to understand some of the SSL setups.
I've currently got a Android app which uses web sockets to communicate with a Tomcat server, and I'm wanting to swap this out and use RabbitMQ. The SSL connection is established with this snippet of code:
When I look at similar code from the RabbitMQ web site (https://www.rabbitmq.com/ssl.html) the example program
The differences I see is that the keystore password and pass phrase are hard coded in the RabbitMQ client. I don't know enough about this to understand if I need to do this, or can I just use the same pattern as I currently do which generates a keystore on the fly, and just have the .pem file on the Android.
Any help greatly appreciated.
I've currently got a Android app which uses web sockets to communicate with a Tomcat server, and I'm wanting to swap this out and use RabbitMQ. The SSL connection is established with this snippet of code:
/**
* pin certificate
* Download the Certificate (.cert/.crt) file from your server where all web services are
* deployed and keep the file in ‘Assets’ folder of the android project.
* See: https://www.piappbank.com.au/forum/static/list/Develop/albert-guidelines/development-principles/CertPin.html
* <p>
* https://hutter.io/2016/02/09/java-create-self-signed-ssl-certificates-for-tomcat/
* <p>
* 1. create jks file for use with Tomcat:
* $ keytool -genkey -keystore android.keystore -alias ANDROID -keyalg RSA -keysize 4096 -validity 3650
* 2. create PEM file to load here. NB This command exports public key only
* $ keytool -exportcert -alias ANDROID -keystore android.keystore -rfc -file android.pem
*
* @return
*/
SSLContext applyCertificate() {
SSLContext sslContext = null;
InputStream inputStream = null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
inputStream = PaymentActivity.this.getAssets().open(SSLCERT); // <<-- android.pem
Certificate certificate = certificateFactory.generateCertificate(inputStream);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
keyStore.setCertificateEntry("ca", certificate);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
......
return sslContext;
}
/**
* setup websocket => calls Payment Activity
* <p>
* See https://github.com/TakahikoKawasaki/nv-websocket-client
*/
void setupWebSocket() {
if (ws == null) {
try {
ws = new WebSocketFactory().setSSLContext(applyCertificate()).createSocket(SERVER_URL);
ws.addListener(new WebSocketAdapter() {
........
When I look at similar code from the RabbitMQ web site (https://www.rabbitmq.com/ssl.html) the example program
public static void main(String[] args) throws Exception
{
char[] keyPassphrase = "MySecretPassword".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("/path/to/client/keycert.p12"), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
char[] trustPassphrase = "rabbitstore".toCharArray();
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream("/path/to/trustStore"), trustPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLSv1.1");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
The differences I see is that the keystore password and pass phrase are hard coded in the RabbitMQ client. I don't know enough about this to understand if I need to do this, or can I just use the same pattern as I currently do which generates a keystore on the fly, and just have the .pem file on the Android.
Any help greatly appreciated.
Arnaud Cogoluegnes
Oct 17, 2016, 8:14:23 AM10/17/16
to rabbitm...@googlegroups.com
If you only want to check the server identity, your snippet looks good. You can then use the ConnectionFactory.useSsl(SSLContext context) to pass the SSLContext in.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages