|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
|
|
pymqi connect with SSL |
« View previous topic :: View next topic » |
Author |
Message
|
bobbee |
Posted: Fri Apr 29, 2022 11:31 am Post subject: pymqi connect with SSL |
|
|
Knight
Joined: 20 Sep 2001 Posts: 545 Location: Tampa
|
I am trying to connect to the QMGR using SSL. This is my code:
Code: |
conn_info = '%s(%s)' % (host, port)
ssl_cipher_spec = mq_connection_property.get("cipher")
repos = mq_connection_property.get("repos")
cd = pymqi.CD()
print('Channel type in SSL ', type(channel))
cd.ChannelName = bytes(channel, 'utf-8')
cd.ConnectionName = bytes(conn_info, 'utf-8')
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = bytes(ssl_cipher_spec, 'utf-8')
options = CMQC.MQCNO_NONE
cd.UserIdentifier = bytes('mqm', 'utf-8')
cd.Password = bytes('mqm', 'utf-8')
sco = pymqi.SCO()
sco.KeyRepository = bytes(repos, 'utf-8')
logger.debug('MQ SSL Connection Information /n SSLCipherSpec = {a} /n KeyRepository = {b} /n' .format(a=ssl_cipher_spec, b=repos))
qmgr = pymqi.QueueManager(None)
qmgr.connect_with_options(queueManager, cd, sco) |
I am getting the following error. All the examples show the calling signature as I have it. I have tried the one in the error message. Still get errors on the call structure. What am I missing?
Code: |
[mqm@fibbing1 scripts]$ python3 mq_hardening.py /var/mqm/scripts/config.properties BOBBEE
Traceback (most recent call last):
File "mq_hardening.py", line 104, in <module>
qmgr.connect_with_options(queueManager, cd, sco)
File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1617, in connect_with_options
rv = pymqe.MQCONNX(name, options, cd, user_password, sco.pack())
TypeError: a bytes-like object is required, not 'NoneType' |
|
|
Back to top |
|
|
hughson |
Posted: Sun May 01, 2022 3:26 am Post subject: |
|
|
Padawan
Joined: 09 May 2013 Posts: 1948 Location: Bay of Plenty, New Zealand
|
Is there a reason why you want to code the SSL stuff into your application instead of using a CCDT and mqclient.ini/env vars?
Cheers,
Morag _________________ Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
Back to top |
|
|
hughson |
Posted: Sun May 01, 2022 3:31 am Post subject: Re: pymqi connect with SSL |
|
|
Padawan
Joined: 09 May 2013 Posts: 1948 Location: Bay of Plenty, New Zealand
|
bobbee wrote: |
Code: |
sco = pymqi.SCO()
sco.KeyRepository = bytes(repos, 'utf-8')
qmgr = pymqi.QueueManager(None)
qmgr.connect_with_options(queueManager, cd, sco) |
|
The difference between your code and the examples I have seen is the use of the bytes type you have. I haven't tried this out, but wondering why you have needed to use bytes?
Cheers,
Morag _________________ Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
Back to top |
|
|
bobbee |
Posted: Sun May 01, 2022 5:31 am Post subject: |
|
|
Knight
Joined: 20 Sep 2001 Posts: 545 Location: Tampa
|
I pulled all the byte conversions. I am not getting the byte error now. I did find an error in the properties file which I corrected. 'queueManager' was getting rendered as 'queuemanager'. Now I have this error.
Code: |
Traceback (most recent call last):
File "mq_hardening.py", line 111, in <module>
qmgr.connect_with_options(queueManager, options, cd, sco)
File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1580, in connect_with_options
raise TypeError('Invalid options: %s' % args)
TypeError: not all arguments converted during string formatting |
I put in a print of the parameters:
Code: |
if ssl == 'NO':
conn_info = '%s(%s)' % (host, port)
qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
conn_info = '%s(%s)' % (host, port)
ssl_cipher_spec = mq_connection_property.get("cipher")
repos = mq_connection_property.get("repos")
cd = pymqi.CD()
cd.ChannelName = channel
cd.ConnectionName = conn_info
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec
options = CMQC.MQCNO_NONE
cd.UserIdentifier = 'mqm'
cd.Password = 'mqm'
sco = pymqi.SCO()
sco.KeyRepository = repos
logger.debug('MQ SSL Connection Information /n queueManager = {a} /n options = {b} /n cd = {c} /n sco = {d} /n' .format(a=queueManager, b=options, c=cd, d=sco))
qmgr = pymqi.QueueManager(None)
qmgr.connect_with_options(queueManager, options, cd, sco) |
And I got this along with the error. Could it be the conn info? Sometimes you have to enclose the thing in quotes when there is a port.
Code: |
2022-05-01 06:19:27,044 - DEBUG - MQ SSL Connection Information /n queueManager = BOBBEE /n options = 0 /n cd = ChannelName: SYSTEM.ADMIN.SVRCONN
Version: 6
ChannelType: 6
TransportType: 2
Desc: b''
QMgrName: b''
XmitQName: b''
ShortConnectionName: b''
MCAName: b''
ModeName: b''
TpName: b''
BatchSize: 50
DiscInterval: 6000
ShortRetryCount: 10
ShortRetryInterval: 60
LongRetryCount: 999999999
LongRetryInterval: 1200
SecurityExit: b''
MsgExit: b''
SendExit: b''
ReceiveExit: b''
SeqNumberWrap: 999999999
MaxMsgLength: 4194304
PutAuthority: 1
DataConversion: 0
SecurityUserData: b''
MsgUserData: b''
SendUserData: b''
ReceiveUserData: b''
UserIdentifier: mqm
Password: mqm
MCAUserIdentifier: b''
MCAType: 1
ConnectionName: 127.0.0.1(1414)
RemoteUserIdentifier: b''
RemotePassword: b''
MsgRetryExit: b''
MsgRetryUserData: b''
MsgRetryCount: 10
MsgRetryInterval: 1000
HeartbeatInterval: 300
BatchInterval: 0
NonPersistentMsgSpeed: 2
StrucLength: 1992
ExitNameLength: 128
ExitDataLength: 32
MsgExitsDefined: 0
SendExitsDefined: 0
ReceiveExitsDefined: 0
MsgExitPtr: 0
MsgUserDataPtr: 0
SendExitPtr: 0
SendUserDataPtr: 0
ReceiveExitPtr: 0
ReceiveUserDataPtr: 0
ClusterPtr: 0
ClustersDefined: 0
NetworkPriority: 0
LongMCAUserIdLength: 0
LongRemoteUserIdLength: 0
LongMCAUserIdPtr: 0
LongRemoteUserIdPtr: 0
MCASecurityId: b''
RemoteSecurityId: b''
SSLCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
SSLPeerNamePtr: 0
SSLPeerNameLength: 0
SSLClientAuth: 0
KeepAliveInterval: -1
LocalAddress: b''
BatchHeartbeat: 0
HdrCompList: [0, -1]
MsgCompList: [0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
CLWLChannelRank: 0
CLWLChannelPriority: 0
CLWLChannelWeight: 50
ChannelMonitoring: 0
ChannelStatistics: 0
SharingConversations: 10
PropertyControl: 0
MaxInstances: 999999999
MaxInstancesPerClient: 999999999
ClientChannelWeight: 0
ConnectionAffinity: 1
BatchDataLimit: 5000
UseDLQ: 2
DefReconnect: 0
CertificateLabel: b''
SPLProtection: 0 /n sco = StrucId: b'SCO '
Version: 5
KeyRepository: /var/mqm/mqm
CryptoHardware: b''
AuthInfoRecCount: 0
AuthInfoRecOffset: 0
AuthInfoRecPtr: 0
KeyResetCount: 0
FipsRequired: 0
EncryptionPolicySuiteB: [1, 0, 0, 0]
CertificateValPolicy: 0
CertificateLabel: b'' /n |
|
|
Back to top |
|
|
bobbee |
Posted: Sun May 01, 2022 5:51 am Post subject: |
|
|
Knight
Joined: 20 Sep 2001 Posts: 545 Location: Tampa
|
Diregar the previous. I got the error:
Code: |
Traceback (most recent call last):
File "mq_hardening.py", line 112, in <module>
qmgr.connect_with_options(queueManager, cd, sco)
File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1610, in connect_with_options
cd = cd.pack()
File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 309, in pack
ensure_not_unicode(v) # Python 3 bytes check
File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 177, in ensure_not_unicode
raise TypeError(msg.format(value))
TypeError: Python 3 style string (unicode) found but not allowed here: `SYSTEM.ADMIN.SVRCONN`. Convert to bytes.
|
Here is the code:
mq_connection_property = get_config_dict('MQConnection')
Code: |
print('Connection Property = ',mq_connection_property)
ssl = mq_connection_property.get("ssl")
host = mq_connection_property.get("ip")
port = mq_connection_property.get("port")
queueManager = mq_connection_property.get("queuemanager")
channel = mq_connection_property.get("channel")
logger.debug('MQ Connection Information /n Host = {a} /n Port = {b} /n Queue Manager = {c} /n Channel = {d}' .format(a=host, b=port, c=queueManager, d=channel))
#print('Connection Dictionary = ', mq_connection_property)
if ssl == 'NO':
conn_info = '%s(%s)' % (host, port)
qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
conn_info = '%s(%s)' % (host, port)
ssl_cipher_spec = mq_connection_property.get("cipher")
repos = mq_connection_property.get("repos")
cd = pymqi.CD()
cd.ChannelName = channel
cd.ConnectionName = conn_info
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec
options = CMQC.MQCNO_NONE
cd.UserIdentifier = 'mqm'
cd.Password = 'mqm'
sco = pymqi.SCO()
sco.KeyRepository = repos
logger.debug('MQ SSL Connection Information \n queueManager = {a} \n cd = {b} \n sco = {c} \n' .format(a=queueManager, b=cd, c=sco))
qmgr = pymqi.QueueManager(None)
# qmgr.connect_with_options(queueManager, options, cd, sco)
qmgr.connect_with_options(queueManager, cd, sco)
pcf = pymqi.PCFExecute(qmgr) |
Here is the display of the parameter list into the call:
Code: |
2022-05-01 06:45:40,649 - DEBUG - MQ SSL Connection Information
queueManager = BOBBEE
cd = ChannelName: SYSTEM.ADMIN.SVRCONN
Version: 6
ChannelType: 6
TransportType: 2
Desc: b''
QMgrName: b''
XmitQName: b''
ShortConnectionName: b''
MCAName: b''
ModeName: b''
TpName: b''
BatchSize: 50
DiscInterval: 6000
ShortRetryCount: 10
ShortRetryInterval: 60
LongRetryCount: 999999999
LongRetryInterval: 1200
SecurityExit: b''
MsgExit: b''
SendExit: b''
ReceiveExit: b''
SeqNumberWrap: 999999999
MaxMsgLength: 4194304
PutAuthority: 1
DataConversion: 0
SecurityUserData: b''
MsgUserData: b''
SendUserData: b''
ReceiveUserData: b''
UserIdentifier: mqm
Password: mqm
MCAUserIdentifier: b''
MCAType: 1
ConnectionName: 127.0.0.1(1414)
RemoteUserIdentifier: b''
RemotePassword: b''
MsgRetryExit: b''
MsgRetryUserData: b''
MsgRetryCount: 10
MsgRetryInterval: 1000
HeartbeatInterval: 300
BatchInterval: 0
NonPersistentMsgSpeed: 2
StrucLength: 1992
ExitNameLength: 128
ExitDataLength: 32
MsgExitsDefined: 0
SendExitsDefined: 0
ReceiveExitsDefined: 0
MsgExitPtr: 0
MsgUserDataPtr: 0
SendExitPtr: 0
SendUserDataPtr: 0
ReceiveExitPtr: 0
ReceiveUserDataPtr: 0
ClusterPtr: 0
ClustersDefined: 0
NetworkPriority: 0
LongMCAUserIdLength: 0
LongRemoteUserIdLength: 0
LongMCAUserIdPtr: 0
LongRemoteUserIdPtr: 0
MCASecurityId: b''
RemoteSecurityId: b''
SSLCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
SSLPeerNamePtr: 0
SSLPeerNameLength: 0
SSLClientAuth: 0
KeepAliveInterval: -1
LocalAddress: b''
BatchHeartbeat: 0
HdrCompList: [0, -1]
MsgCompList: [0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
CLWLChannelRank: 0
CLWLChannelPriority: 0
CLWLChannelWeight: 50
ChannelMonitoring: 0
ChannelStatistics: 0
SharingConversations: 10
PropertyControl: 0
MaxInstances: 999999999
MaxInstancesPerClient: 999999999
ClientChannelWeight: 0
ConnectionAffinity: 1
BatchDataLimit: 5000
UseDLQ: 2
DefReconnect: 0
CertificateLabel: b''
SPLProtection: 0
sco = StrucId: b'SCO '
Version: 5
KeyRepository: /var/mqm/mqm
CryptoHardware: b''
AuthInfoRecCount: 0
AuthInfoRecOffset: 0
AuthInfoRecPtr: 0
KeyResetCount: 0
FipsRequired: 0
EncryptionPolicySuiteB: [1, 0, 0, 0]
CertificateValPolicy: 0
CertificateLabel: b'' |
I know I do not see this in the other examples, but I am pulling my parameters from a property file. Maybe that is the difference? |
|
Back to top |
|
|
bobbee |
Posted: Sun May 01, 2022 6:18 am Post subject: |
|
|
Knight
Joined: 20 Sep 2001 Posts: 545 Location: Tampa
|
Thanks Morag for reviewing. I stepped through it one line at a time changing things to remove the 'bytes' format errors. Different encode statement this time. This works. Now getting the infamous 2538 now.
Code: |
#
## Connet to QMGR
#
mq_connection_property = get_config_dict('MQConnection')
print('Connection Property = ',mq_connection_property)
ssl = mq_connection_property.get("ssl")
host = mq_connection_property.get("ip")
port = mq_connection_property.get("port")
queueManager = mq_connection_property.get("queuemanager")
channel = mq_connection_property.get("channel")
ssl_asbytes=str.encode(ssl)
host_asbytes=str.encode(host)
port_asbytes=str.encode(port)
queueManager_asbytes=str.encode(queueManager)
channel_asbytes=str.encode(channel)
logger.debug('MQ Connection Information /n Host = {a} /n Port = {b} /n Queue Manager = {c} /n Channel = {d}' .format(a=host, b=port, c=queueManager, d=channel))
#print('Connection Dictionary = ', mq_connection_property)
if ssl == 'NO':
conn_info = '%s(%s)' % (host, port)
qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
conn_info = '%s(%s)' % (host, port)
conn_info_asbytes=str.encode(conn_info)
ssl_cipher_spec = mq_connection_property.get("cipher")
ssl_cipher_spec_asbytes=str.encode(ssl_cipher_spec)
repos = mq_connection_property.get("repos")
repos_asbytes=str.encode(repos)
cd = pymqi.CD()
cd.ChannelName = channel_asbytes
cd.ConnectionName = conn_info_asbytes
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec_asbytes
options = CMQC.MQCNO_NONE
cd.UserIdentifier = str.encode('mqm')
cd.Password = str.encode('mqm')
sco = pymqi.SCO()
sco.KeyRepository = repos_asbytes
logger.debug('MQ SSL Connection Information \n queueManager = {a} \n cd = {b} \n sco = {c} \n' .format(a=queueManager, b=cd, c=sco))
qmgr = pymqi.QueueManager(None)
# qmgr.connect_with_options(queueManager, options, cd, sco)
qmgr.connect_with_options(queueManager, cd, sco) |
|
|
Back to top |
|
|
EnigmaticCypher |
Posted: Sat May 07, 2022 4:12 am Post subject: |
|
|
Newbie
Joined: 01 Jan 2022 Posts: 5
|
Bobbee, a couple of things to note for you.
1. Please don't use the client variables from the CMQC module. Import the CMQXC module and use the variables from that. The client vars in CMQC do not account for differences in 32/64 bit systems, and have been marked as deprecated since PyMQI 1.0.
2. When wanting to make a string that's bytes in Python, you can prefix the string with a b. Like so:
This is much cleaner than calling str.encode() everywhere.
3. I should hope you're using Python 3, ideally a supported version, meaning 3.7 or higher. If that's the case, you do not need to use the % style of string formatting. You can use python 3's f-strings instead which are much cleaner to read. As an example:
Code: |
conn_info = f"{host}({port})"
|
4. Regarding 2538, check the usual suspects. Firewalls, DNS names, listeners not running, incorrect ports specified, etc.
Last edited by EnigmaticCypher on Sat May 07, 2022 10:18 pm; edited 1 time in total |
|
Back to top |
|
|
bobbee |
Posted: Sat May 07, 2022 10:29 am Post subject: |
|
|
Knight
Joined: 20 Sep 2001 Posts: 545 Location: Tampa
|
|
Back to top |
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|