IBM MQ 在 SSL 握手时抛出 java.lang.UnsupportedOperationException 异常。

huangapple go评论111阅读模式
英文:

IBM MQ throws java.lang.UnsupportedOperationException on SSL handshake

问题

在调用时:

MQQueueConnectionFactory cf ...
cf.createConnection();

com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.handshakeCompleted 方法开始:

public void handshakeCompleted(HandshakeCompletedEvent event) {
 X509Certificate[] peerCertificateChain = event.getPeerCertificateChain();
 ...

javax.net.ssl.SSLSession 中的 getPeerCertificateChain 方法:

default X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    throw new UnsupportedOperationException("This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.");
}

导致此异常:

Exception in thread "HandshakeCompletedNotify-Thread" java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
    at java.base/javax.net.ssl.SSLSession.getPeerCertificateChain(SSLSession.java:295)
    at java.base/javax.net.ssl.HandshakeCompletedEvent.getPeerCertificateChain(HandshakeCompletedEvent.java:173)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.handshakeCompleted(RemoteTCPConnection.java:2448)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake$1.run(TransportContext.java:685)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake$1.run(TransportContext.java:682)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake.run(TransportContext.java:682)
    at java.base/java.lang.Thread.run(Thread.java:832)

项目唯一的 IBM MQ 依赖项是:

com.ibm.mq:com.ibm.mq.allclient:9.2.0.0

为什么 javax.net.ssl.getPeerCertificateChain() 调用了该已弃用方法?看起来问题出现在 HandshakeCompletedEvent 类中,而不是 MQ。

编辑:此问题始于 Java 15。

英文:

When calling:

MQQueueConnectionFactory cf ...
cf.createConnection();

The com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.handshakeCompleted method begins:

public void handshakeCompleted(HandshakeCompletedEvent event) {
 X509Certificate[] peerCertificateChain = event.getPeerCertificateChain();
 ...

getPeerCertificateChain in javax.net.ssl.SSLSession:

default X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    throw new UnsupportedOperationException("This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.");
}

causing this exception:

Exception in thread "HandshakeCompletedNotify-Thread" java.lang.UnsupportedOperationException: This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.
    at java.base/javax.net.ssl.SSLSession.getPeerCertificateChain(SSLSession.java:295)
    at java.base/javax.net.ssl.HandshakeCompletedEvent.getPeerCertificateChain(HandshakeCompletedEvent.java:173)
    at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.handshakeCompleted(RemoteTCPConnection.java:2448)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake$1.run(TransportContext.java:685)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake$1.run(TransportContext.java:682)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
    at java.base/sun.security.ssl.TransportContext$NotifyHandshake.run(TransportContext.java:682)
    at java.base/java.lang.Thread.run(Thread.java:832)

The project's only IBM MQ dependency is:

com.ibm.mq:com.ibm.mq.allclient:9.2.0.0

Why is javax.net.ssl.getPeerCertificateChain() calling that deprecated method? It looks like the problem is in the HandshakeCompletedEvent class, not MQ.

Edit: This issue started with Java 15.

答案1

得分: 5

在最新发布中,他们显然提供了对JAVA 17的支持。

来源:

英文:

In the latest release, they apparently provide JAVA 17 support.

Sources:

答案2

得分: 2

在你的问题中,你提到这在Java 15下失败,并且你发布了一个自己的答案,建议使用Java 14或更早的版本。


根据IBM MQ 9.2详细系统要求页面上的“支持的软件”选项卡,IBM仅支持在Java 8和Java 11的各个版本上运行MQ v9.2。

以下是今天(2020年9月25日)在该页面上显示的版本,但我建议始终参考上述IBM页面以获取当前结果:

  • 带有OpenJ9 JVM的AdoptOpenJDK:11及未来的修补程序包
  • Java开发工具包:V8R0及未来的修补程序包
  • IBM运行时环境,Java技术版:8及未来的修补程序包
  • IBM运行时环境,Java技术版:8.0.1及未来的修补程序包
  • IBM运行时环境,Java技术版:8.0.4.1及未来的修补程序包
  • IBM运行时环境,Java技术版:8.0.5.0及未来的修补程序包
  • IBM运行时环境,Java技术版:8.0.6.0及未来的修补程序包
  • Oracle Java SDK/JRE/JDK:8.0及未来的修补程序包
  • Oracle Java SDK/JRE/JDK:11.0.1及未来的修补程序包

在IBM的官方MQ v9.2系统要求页面上未列出的任何Java版本都将自担风险。如果你使用的是Java 14,并且遇到了需要从IBM获取支持的问题,他们可能会告诉你该版本不受支持,并要求你在受支持的版本上复现该问题。

英文:

In your question you mention that this was failing with Java 15 and you posted a self answer to use Java 14 or earlier.


According to the "Supported Software" tab of the IBM MQ 9.2 Detailed System Requirements page IBM only supports MQ v9.2 on various versions of Java 8 and Java 11.

I am listing below the versions that show up on that page today (September 25 2020), but I would suggest always referring back to the IBM page above for current results:

  • AdoptOpenJDK with OpenJ9 JVM: 11 and future fix packs
  • Developer Kit for Java: V8R0 and future fix packs
  • IBM Runtime Environment, Java Technology Edition: 8 and future fix packs
  • IBM Runtime Environment, Java Technology Edition: 8.0.1 and future fix packs
  • IBM Runtime Environment, Java Technology Edition: 8.0.4.1 and future fix packs
  • IBM Runtime Environment, Java Technology Edition: 8.0.5.0 and future fix packs
  • IBM Runtime Environment, Java Technology Edition: 8.0.6.0 and future fix packs
  • Oracle Java SDK/JRE/JDK: 8.0 and future fix packs
  • Oracle Java SDK/JRE/JDK: 11.0.1 and future fix packs

Using any version of Java not listed on IBM's official MQ v9.2 System Requirements page would be at your own risk. If you were using Java 14 and had an issue that you needed to get support from IBM on, they would likely tell you that it is not supported at that version and to reproduce the problem at a supported version.

答案3

得分: 2

我创建了一个库,如果您可以以编程方式访问 MQConnectionFactory,它可能会解决这个问题。legacy-compatibility-ssl-socket-factory 为您提供了一个实现了 getPeerCertificateChain()SSLSession,通过委托给不同的 SSLSocketFactorygetPeerCertificates() 来实现。

mqConnectionFactory.setSSLSocketFactory(new LegacyCompatibilitySSLSocketFactory());
英文:

I created a library that may work around the problem if you have programmatic access to the MQConnectionFactory . legacy-compatibility-ssl-socket-factory gives you a SSLSession that implements getPeerCertificateChain() by delegating to getPeerCertificates() of a different SSLSocketFactory .

mqConnectionFactory.setSSLSocketFactory(new LegacyCompatibilitySSLSocketFactory());

答案4

得分: 2

IBM MQ客户端9.2.4.0支持Java 17

> MQ 9.2.4
> - 通过对均衡集群的更新实现智能工作负载再平衡
> - 在现有强大安全机制的基础上增强了安全性能,旨在确保您的关键业务数据得到保护
> - MQ客户端支持新的Java™ 11运行时
> - MQ客户端支持Java 17运行时

> IBM MQ客户端支持Java 17
> - IBM MQ 9.2.4为IBM MQ Java类和IBM MQ JMS类(适用于Oracle和Adoptium)添加了对Java 17的支持。

如果使用Maven,您可能可以通过以下方式进行修复:

<dependency>
    <groupId>com.ibm.mq</groupId>
    <artifactId>com.ibm.mq.allclient</artifactId>
    <version>9.2.4.0</version>
</dependency>
英文:

IBM MQ client 9.2.4.0 supports Java 17

https://www.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/899/ENUSLP21-0278/index.html

> MQ 9.2.4
> - Intelligent workload rebalancing with updates to uniform clusters
> - Security enhancements that build on the existing robust security mechanisms in MQ, designed to ensure that your mission-critical
> business data is protected
> - MQ client support for new Java™ 11 runtimes
> - MQ client support for Java 17 runtimes

https://www.ibm.com/docs/en/ibm-mq/9.2?topic=wnim9-whats-new-in-mq-924-multiplatforms-base-advanced-entitlement#mq924_new_multibaseadv__java17support

> Java 17 support for IBM MQ Clients
> - IBM MQ 9.2.4 adds Java 17 support for IBM MQ classes for Java and IBM MQ classes for JMS for Oracle and Oracle and Adoptium.

If using maven, you can likely fix via

<dependency>
    <groupId>com.ibm.mq</groupId>
    <artifactId>com.ibm.mq.allclient</artifactId>
    <version>9.2.4.0</version>
</dependency>

答案5

得分: 1

解决方案:使用Java 14或更早版本。

英文:

Solution: Use Java 14 or earlier.

huangapple
  • 本文由 发表于 2020年9月25日 11:14:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/64057285.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定