Using Java Client tool to test Sterling Order Management System MQ queues over SSL
Once SI users have installed their containerized developer toolkit successfully, they can use the MQ Java™ Client tool packaged with the developer toolkit to connect to a queue on their cloud MQ instance over SSL.
Custom Java client implementation
A custom sample Java client implementation is bundled with developer toolkit. You can run this sample implementation as the MQ Java client tool to perform various tasks that are explained in this topic. You can use the custom sample Java implementation as a reference to do your own custom implementations to connect to Sterling™ Order Management System cloud environment MQ queues. The sample implementation also contains the logic required to reconnect to the cloud environment MQ queues when the MQ instance undergoes failover process.
The sample implementation is available in devtoolkit_docker/compose/docker/mqserver/mqjc/src/com/ibm/mq/samples/jms/JmsPutGet.java.
Prerequisites to use the Java Client tool
Before you start setting up the Java Client tool to connect to a queue on the Cloud MQ instance over SSL, ensure that you have the following information available:
- The server to connect to, namely
<tenant_code>-<env>-<envno>-mq.oms.supply-chain.ibm.com
. - The MQ queue to test.
- The Private key p12 file downloaded from Self Service.
Setting up the Java Client tool
Run the following command from your developer toolkit./om-compose.sh
mqjc-setup <Path to SST P12 file>
Running the Java Client tool
Run the following command from your developer toolkit:./om-compose.sh mqjc
<optional: override parameters>
Parameters to the client
- The following parameters are set by
default:
PORT=15443 CHANNEL=SYSTEM.TLS.SVRCONN QMGR=OM_QMGR CIPHER=SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Optionally, you can set one or more of the following properties in
om-compose.properties to override the default
values:
MQJC_PORT=<overriden port> MQJC_CHANNEL=<overriden channel> MQJC_QMGR=<overriden qmgr> MQJC_CIPHER=<overriden cipher>
Provide appropriate values for the following properties:MQJC_HOST=<host name/ip address of the mq server> MQJC_QUEUE=<name of the queue to test>
- Optionally, pass one or more of the following as override parameters to the
./om-compose.sh mqjc
call. This overrides the values in the code as well as any property set in om-compose.properties.-DMQJC_PORT=<overriden port> -DMQJC_CHANNEL=<overriden channel> -DMQJC_QMGR=<overriden qmgr> -DMQJC_CIPHER=<overriden cipher> -DMQJC_HOST=<host name/ip address of mq server> -DMQJC_QUEUE=<name of the queue to test>
Ciphers to use
- IBM® JRE -
SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Default) - Oracle JRE -
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- IBM JRE -
SSL_RSA_WITH_AES_128_CBC_SHA256
- Oracle JRE -
TLS_RSA_WITH_AES_128_CBC_SHA256
- If you are running the Java Client tool from a developer toolkit on Linux® with an extracted runtime, it will use IBM JRE. If you do not have an extracted runtime, it will use the JRE referred by your
JAVA_HOME
variable, which can be IBM or Oracle JRE based on what you have installed on your machine. - If you are running the Java Client tool from a developer toolkit on Mac, it will use the JRE that is installed on your Mac that is referred by the
JAVA_HOME
variable, since it is the same JRE that is copied to your extracted runtime.
java
-version
. If it contains IBM J9 VM
, then it is IBM JRE. If it contains Java HotSpot VM
, then it is Oracle JRE.Additional arguments
With the MQ client version 9.2.1(CD version) and later, you must use the following JVM argument for Java-based clients or tools:-Dcom.ibm.mq.cfg.SSL.outboundSNI=Hostname
OutboundSNI=HOSTNAME
in the SSL stanza
of the mqclient.ini file. This attribute can be read by C, unmanaged .NET, IBM MQ classes for Java,
and IBM MQ classes for Java, and IBM MQ classes for JMS clients only. -Dcom.ibm.mq.cfg.useIBMCipherMappings=false
Examples
- If you want to test the queue
QUEUE.1
on serverabccorp-qa-1-mq.oms.supply-chain.ibm.com
, which has upgraded ciphers, using IBM JRE, then run the following command:./om-compose.sh mqjc -DMQJC_HOST=abccorp-qa-1-mq.oms.supply-chain.ibm.com -DMQJC_QUEUE=QUEUE.1
- If you want to test the queue
QUEUE.2
on serveroldcorp-dev-1-mq.oms.supply-chain.ibm.com
, which uses old ciphers, using Oracle JRE, then run the following command:./om-compose.sh mqjc -DMQJC_CIPHER=TLS_RSA_WITH_AES_128_CBC_SHA256 -DMQJC_HOST=oldcorp-dev-1-mq.oms.supply-chain.ibm.com -DMQJC_QUEUE=QUEUE.2