使用qpid-proton客户端库在Go中使用SASL EXTERNAL连接到AMQP 1.0 RabbitMQ。

huangapple go评论86阅读模式
英文:

Using SASL EXTERNAL in Go using qpid-proton client library to connect to AMQP 1.0 RabbitMQ

问题

我正在尝试使用自签名证书通过SASL EXTERNAL机制与RabbitMQ建立TLS连接,使用的是https://github.com/apache/qpid-proton提供的golang实现。目标是能够在URI中不指定用户名和密码的情况下连接到RabbitMQ。

RabbitMQ正在以下配置下运行:

      auth_mechanisms.1 = EXTERNAL
      auth_mechanisms.2 = PLAIN
      auth_mechanisms.3 = AMQPLAIN

并且安装了以下插件:

  • rabbitmq_amqp1_0
  • rabbitmq_auth_mechanism_ssl

我已确认使用Node.js库(https://github.com/amqp/rhea)可以使用SASL EXTERNAL进行连接,并且已确认使用qpid-proton库中的Go可以使用PLAIN和ANONYMOUS进行连接,但无法使用Go进行SASL EXTERNAL连接。

我的客户端代码没有返回任何错误,但是RabbitMQ错误日志告诉我客户端关闭了TCP连接:

2021-06-24 18:57:22.029 [info] <0.16358.106> accepting AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671)
2021-06-24 18:57:23.030 [warning] <0.16358.106> closing AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671):
client unexpectedly closed TCP connection

我的客户端代码如下:

package main

import (
        "fmt"
        "github.com/apache/qpid-proton/go/pkg/amqp"
        "github.com/apache/qpid-proton/go/pkg/electron"
        "os"
        "crypto/tls"
        "io/ioutil"
        "crypto/x509"
        "time"
)

func main() {
        keyPair, err := tls.LoadX509KeyPair("client.crt", "client.key")

        if err != nil {
                fmt.Println("Failed to load certificate:", err)
                os.Exit(1)
        }

        rootCa, err := ioutil.ReadFile("rootCA.crt")
        if err != nil {
                fmt.Println("Failed to read root CA:", err)
                os.Exit(1)
        }
        certPool := x509.NewCertPool()
        certPool.AppendCertsFromPEM(rootCa)

        tlsConfig := &tls.Config{
                RootCAs: certPool,
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{keyPair},
        }

        container := electron.NewContainer("myContainer")

        tlsConn, err := tls.Dial("tcp", "rabbitmq.default.svc.cluster.local:5671", tlsConfig)
        if err != nil {
                fmt.Println("Failed to open TLS connection:", err)
                os.Exit(1)
        }
        defer tlsConn.Close()

        conn, err := container.Connection(
                tlsConn,
                electron.SASLEnable(),
                electron.SASLAllowedMechs("EXTERNAL"),
        )
        defer conn.Close(err)

        if err != nil {
                fmt.Println("Failed to open AMQP connection", err)
                os.Exit(1)
        }

        sess, err := conn.Session()

        sender, err := sess.Sender(electron.Target("demo-queue"))

        if err != nil {
                fmt.Println("Creating sender failed:", err)
                os.Exit(1)
        }

        for i := int64(0); i < 100000 ; i++ {
                msg := amqp.NewMessage()
                body := fmt.Sprintf("Test message %d", i)
                msg.Marshal(body)
                sender.SendSync(msg)
                time.Sleep(1*time.Second)
        }
}

以上是您提供的代码的翻译。

英文:

I am trying to make a TLS connection to RabbitMQ with authentication provided by self-signed certificates through the SASL EXTERNAL mechanism using the golang implementation provided by https://github.com/apache/qpid-proton. The goal is to be able to connect to RabbitMQ without specifying the username and password in the URI.

RabbitMQ is running with the following configuration:

      auth_mechanisms.1 = EXTERNAL
      auth_mechanisms.2 = PLAIN
      auth_mechanisms.3 = AMQPLAIN

and plugins:

  • rabbitmq_amqp1_0
  • rabbitmq_auth_mechanism_ssl

I have confirmed that I am able to connect with SASL EXTERNAL using a Node.js library (https://github.com/amqp/rhea) and I have confirmed that connecting with PLAIN and ANONYMOUS works with Go in the qpid-proton library but have been unable to connect with SASL EXTERNAL with Go.

My client code does not return any errors, but the RabbitMQ error logs tell me that the client closed the TCP connection

2021-06-24 18:57:22.029 [info] &lt;0.16358.106&gt; accepting AMQP connection &lt;0.16358.106&gt; (127.0.0.1:50610 -&gt; 127.0.0.1:5671)
2021-06-24 18:57:23.030 [warning] &lt;0.16358.106&gt; closing AMQP connection &lt;0.16358.106&gt; (127.0.0.1:50610 -&gt; 127.0.0.1:5671):
client unexpectedly closed TCP connection

My client code is as follows:

package main
import (
&quot;fmt&quot;
&quot;github.com/apache/qpid-proton/go/pkg/amqp&quot;
&quot;github.com/apache/qpid-proton/go/pkg/electron&quot;
&quot;os&quot;
&quot;crypto/tls&quot;
&quot;io/ioutil&quot;
&quot;crypto/x509&quot;
&quot;time&quot;
)
func main() {
keyPair, err := tls.LoadX509KeyPair(&quot;client.crt&quot;, &quot;client.key&quot;)
if err != nil {
fmt.Println(&quot;Failed to load certificate:&quot;, err)
os.Exit(1)
}
rootCa, err := ioutil.ReadFile(&quot;rootCA.crt&quot;)
if err != nil {
fmt.Println(&quot;Failed to read root CA:&quot;, err)
os.Exit(1)
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(rootCa)
tlsConfig := &amp;tls.Config{
RootCAs: certPool,
InsecureSkipVerify: true,
Certificates: []tls.Certificate{keyPair},
}
container := electron.NewContainer(&quot;myContainer&quot;)
tlsConn, err := tls.Dial(&quot;tcp&quot;, &quot;rabbitmq.default.svc.cluster.local:5671&quot;, tlsConfig)
if err != nil {
fmt.Println(&quot;Failed to open TLS connection:&quot;, err)
os.Exit(1)
}
defer tlsConn.Close()
conn, err := container.Connection(
tlsConn,
electron.SASLEnable(),
electron.SASLAllowedMechs(&quot;EXTERNAL&quot;),
)
defer conn.Close(err)
if err != nil {
fmt.Println(&quot;Failed to open AMQP connection&quot;, err)
os.Exit(1)
}
sess, err := conn.Session()
sender, err := sess.Sender(electron.Target(&quot;demo-queue&quot;))
if err != nil {
fmt.Println(&quot;Creating sender failed:&quot;, err)
os.Exit(1)
}
for i := int64(0); i &lt; 100000 ; i++ {
msg := amqp.NewMessage()
body := fmt.Sprintf(&quot;Test message %d&quot;, i)
msg.Marshal(body)
sender.SendSync(msg)
time.Sleep(1*time.Second)
}
}

答案1

得分: 0

这不是使用qpid-proton客户端库的解决方案,但我最终使用https://github.com/Azure/go-amqp来通过SASL EXTERNAL连接到RabbitMQ。这个库最近添加了这个功能。

英文:

This isn't a solution for using the qpid-proton client library but I ended up using https://github.com/Azure/go-amqp to connect to RabbitMQ through SASL EXTERNAL. This library recently had the functionality added.

huangapple
  • 本文由 发表于 2021年6月29日 05:19:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/68170134.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定