ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » pymqi connect with SSL

Post new topic  Reply to topic
 pymqi connect with SSL « View previous topic :: View next topic » 
Author Message
bobbee
PostPosted: Fri Apr 29, 2022 11:31 am    Post subject: pymqi connect with SSL Reply with quote

Knight

Joined: 20 Sep 2001
Posts: 545
Location: Tampa

I am trying to connect to the QMGR using SSL. This is my code:

Code:
  conn_info = '%s(%s)' % (host, port)
  ssl_cipher_spec = mq_connection_property.get("cipher")
  repos = mq_connection_property.get("repos")
  cd = pymqi.CD()
  print('Channel type in SSL  ', type(channel))
  cd.ChannelName = bytes(channel, 'utf-8')
  cd.ConnectionName = bytes(conn_info, 'utf-8')
  cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
  cd.TransportType = pymqi.CMQC.MQXPT_TCP
  cd.SSLCipherSpec = bytes(ssl_cipher_spec, 'utf-8')
  options = CMQC.MQCNO_NONE
  cd.UserIdentifier = bytes('mqm', 'utf-8')
  cd.Password = bytes('mqm', 'utf-8')
  sco = pymqi.SCO()
  sco.KeyRepository = bytes(repos, 'utf-8')
  logger.debug('MQ SSL Connection Information /n SSLCipherSpec = {a} /n KeyRepository = {b} /n' .format(a=ssl_cipher_spec, b=repos))
  qmgr = pymqi.QueueManager(None)
  qmgr.connect_with_options(queueManager, cd, sco)


I am getting the following error. All the examples show the calling signature as I have it. I have tried the one in the error message. Still get errors on the call structure. What am I missing?

Code:
[mqm@fibbing1 scripts]$ python3 mq_hardening.py /var/mqm/scripts/config.properties BOBBEE
Traceback (most recent call last):
  File "mq_hardening.py", line 104, in <module>
    qmgr.connect_with_options(queueManager, cd, sco)
  File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1617, in connect_with_options
    rv = pymqe.MQCONNX(name, options, cd, user_password, sco.pack())
TypeError: a bytes-like object is required, not 'NoneType'
Back to top
View user's profile Send private message Send e-mail AIM Address
hughson
PostPosted: Sun May 01, 2022 3:26 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1948
Location: Bay of Plenty, New Zealand

Is there a reason why you want to code the SSL stuff into your application instead of using a CCDT and mqclient.ini/env vars?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
hughson
PostPosted: Sun May 01, 2022 3:31 am    Post subject: Re: pymqi connect with SSL Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1948
Location: Bay of Plenty, New Zealand

bobbee wrote:
Code:
  sco = pymqi.SCO()
  sco.KeyRepository = bytes(repos, 'utf-8')
  qmgr = pymqi.QueueManager(None)
  qmgr.connect_with_options(queueManager, cd, sco)


The difference between your code and the examples I have seen is the use of the bytes type you have. I haven't tried this out, but wondering why you have needed to use bytes?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
bobbee
PostPosted: Sun May 01, 2022 5:31 am    Post subject: Reply with quote

Knight

Joined: 20 Sep 2001
Posts: 545
Location: Tampa

I pulled all the byte conversions. I am not getting the byte error now. I did find an error in the properties file which I corrected. 'queueManager' was getting rendered as 'queuemanager'. Now I have this error.

Code:
Traceback (most recent call last):
  File "mq_hardening.py", line 111, in <module>
    qmgr.connect_with_options(queueManager, options, cd, sco)
  File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1580, in connect_with_options
    raise TypeError('Invalid options: %s' % args)
TypeError: not all arguments converted during string formatting


I put in a print of the parameters:

Code:
if ssl == 'NO':
  conn_info = '%s(%s)' % (host, port)
  qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
  conn_info = '%s(%s)' % (host, port)
  ssl_cipher_spec = mq_connection_property.get("cipher")
  repos = mq_connection_property.get("repos")
  cd = pymqi.CD()
  cd.ChannelName = channel
  cd.ConnectionName = conn_info
  cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
  cd.TransportType = pymqi.CMQC.MQXPT_TCP
  cd.SSLCipherSpec = ssl_cipher_spec
  options = CMQC.MQCNO_NONE
  cd.UserIdentifier = 'mqm'

  cd.Password = 'mqm'
  sco = pymqi.SCO()
  sco.KeyRepository = repos
  logger.debug('MQ SSL Connection Information /n queueManager = {a} /n options = {b} /n cd = {c} /n sco = {d} /n' .format(a=queueManager, b=options, c=cd, d=sco))
  qmgr = pymqi.QueueManager(None)
  qmgr.connect_with_options(queueManager, options, cd, sco)


And I got this along with the error. Could it be the conn info? Sometimes you have to enclose the thing in quotes when there is a port.

Code:
2022-05-01 06:19:27,044 - DEBUG - MQ SSL Connection Information /n queueManager = BOBBEE /n options = 0 /n cd = ChannelName: SYSTEM.ADMIN.SVRCONN
Version: 6
ChannelType: 6
TransportType: 2
Desc: b''
QMgrName: b''
XmitQName: b''
ShortConnectionName: b''
MCAName: b''
ModeName: b''
TpName: b''
BatchSize: 50
DiscInterval: 6000
ShortRetryCount: 10
ShortRetryInterval: 60
LongRetryCount: 999999999
LongRetryInterval: 1200
SecurityExit: b''
MsgExit: b''
SendExit: b''
ReceiveExit: b''
SeqNumberWrap: 999999999
MaxMsgLength: 4194304
PutAuthority: 1
DataConversion: 0
SecurityUserData: b''
MsgUserData: b''
SendUserData: b''
ReceiveUserData: b''
UserIdentifier: mqm
Password: mqm
MCAUserIdentifier: b''
MCAType: 1
ConnectionName: 127.0.0.1(1414)
RemoteUserIdentifier: b''
RemotePassword: b''
MsgRetryExit: b''
MsgRetryUserData: b''
MsgRetryCount: 10
MsgRetryInterval: 1000
HeartbeatInterval: 300
BatchInterval: 0
NonPersistentMsgSpeed: 2
StrucLength: 1992
ExitNameLength: 128
ExitDataLength: 32
MsgExitsDefined: 0
SendExitsDefined: 0
ReceiveExitsDefined: 0
MsgExitPtr: 0
MsgUserDataPtr: 0
SendExitPtr: 0
SendUserDataPtr: 0
ReceiveExitPtr: 0
ReceiveUserDataPtr: 0
ClusterPtr: 0
ClustersDefined: 0
NetworkPriority: 0
LongMCAUserIdLength: 0
LongRemoteUserIdLength: 0
LongMCAUserIdPtr: 0
LongRemoteUserIdPtr: 0
MCASecurityId: b''
RemoteSecurityId: b''
SSLCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
SSLPeerNamePtr: 0
SSLPeerNameLength: 0
SSLClientAuth: 0
KeepAliveInterval: -1
LocalAddress: b''
BatchHeartbeat: 0
HdrCompList: [0, -1]
MsgCompList: [0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
CLWLChannelRank: 0
CLWLChannelPriority: 0
CLWLChannelWeight: 50
ChannelMonitoring: 0
ChannelStatistics: 0
SharingConversations: 10
PropertyControl: 0
MaxInstances: 999999999
MaxInstancesPerClient: 999999999
ClientChannelWeight: 0
ConnectionAffinity: 1
BatchDataLimit: 5000
UseDLQ: 2
DefReconnect: 0
CertificateLabel: b''
SPLProtection: 0 /n sco = StrucId: b'SCO '
Version: 5
KeyRepository: /var/mqm/mqm
CryptoHardware: b''
AuthInfoRecCount: 0
AuthInfoRecOffset: 0
AuthInfoRecPtr: 0
KeyResetCount: 0
FipsRequired: 0
EncryptionPolicySuiteB: [1, 0, 0, 0]
CertificateValPolicy: 0
CertificateLabel: b'' /n
Back to top
View user's profile Send private message Send e-mail AIM Address
bobbee
PostPosted: Sun May 01, 2022 5:51 am    Post subject: Reply with quote

Knight

Joined: 20 Sep 2001
Posts: 545
Location: Tampa

Diregar the previous. I got the error:

Code:
Traceback (most recent call last):
  File "mq_hardening.py", line 112, in <module>
    qmgr.connect_with_options(queueManager, cd, sco)
  File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 1610, in connect_with_options
    cd = cd.pack()
  File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 309, in pack
    ensure_not_unicode(v)  # Python 3 bytes check
  File "/usr/local/lib64/python3.6/site-packages/pymqi/__init__.py", line 177, in ensure_not_unicode
    raise TypeError(msg.format(value))
TypeError: Python 3 style string (unicode) found but not allowed here: `SYSTEM.ADMIN.SVRCONN`. Convert to bytes.


Here is the code:

mq_connection_property = get_config_dict('MQConnection')
Code:
print('Connection Property = ',mq_connection_property)
ssl = mq_connection_property.get("ssl")
host = mq_connection_property.get("ip")
port = mq_connection_property.get("port")
queueManager = mq_connection_property.get("queuemanager")
channel = mq_connection_property.get("channel")

logger.debug('MQ Connection Information /n Host = {a} /n Port = {b} /n Queue Manager = {c} /n Channel = {d}' .format(a=host, b=port, c=queueManager, d=channel))
#print('Connection Dictionary = ', mq_connection_property)
if ssl == 'NO':
  conn_info = '%s(%s)' % (host, port)
  qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
  conn_info = '%s(%s)' % (host, port)
  ssl_cipher_spec = mq_connection_property.get("cipher")
  repos = mq_connection_property.get("repos")
  cd = pymqi.CD()
  cd.ChannelName = channel
  cd.ConnectionName = conn_info
  cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
  cd.TransportType = pymqi.CMQC.MQXPT_TCP
  cd.SSLCipherSpec = ssl_cipher_spec
  options = CMQC.MQCNO_NONE
  cd.UserIdentifier = 'mqm'

  cd.Password = 'mqm'
  sco = pymqi.SCO()
  sco.KeyRepository = repos
  logger.debug('MQ SSL Connection Information \n queueManager = {a} \n cd = {b} \n sco = {c} \n' .format(a=queueManager, b=cd, c=sco))
  qmgr = pymqi.QueueManager(None)
#  qmgr.connect_with_options(queueManager, options, cd, sco)
  qmgr.connect_with_options(queueManager, cd, sco)
 
pcf = pymqi.PCFExecute(qmgr)


Here is the display of the parameter list into the call:

Code:
2022-05-01 06:45:40,649 - DEBUG - MQ SSL Connection Information
 queueManager = BOBBEE
 cd = ChannelName: SYSTEM.ADMIN.SVRCONN
Version: 6
ChannelType: 6
TransportType: 2
Desc: b''
QMgrName: b''
XmitQName: b''
ShortConnectionName: b''
MCAName: b''
ModeName: b''
TpName: b''
BatchSize: 50
DiscInterval: 6000
ShortRetryCount: 10
ShortRetryInterval: 60
LongRetryCount: 999999999
LongRetryInterval: 1200
SecurityExit: b''
MsgExit: b''
SendExit: b''
ReceiveExit: b''
SeqNumberWrap: 999999999
MaxMsgLength: 4194304
PutAuthority: 1
DataConversion: 0
SecurityUserData: b''
MsgUserData: b''
SendUserData: b''
ReceiveUserData: b''
UserIdentifier: mqm
Password: mqm
MCAUserIdentifier: b''
MCAType: 1
ConnectionName: 127.0.0.1(1414)
RemoteUserIdentifier: b''
RemotePassword: b''
MsgRetryExit: b''
MsgRetryUserData: b''
MsgRetryCount: 10
MsgRetryInterval: 1000
HeartbeatInterval: 300
BatchInterval: 0
NonPersistentMsgSpeed: 2
StrucLength: 1992
ExitNameLength: 128
ExitDataLength: 32
MsgExitsDefined: 0
SendExitsDefined: 0
ReceiveExitsDefined: 0
MsgExitPtr: 0
MsgUserDataPtr: 0
SendExitPtr: 0
SendUserDataPtr: 0
ReceiveExitPtr: 0
ReceiveUserDataPtr: 0
ClusterPtr: 0
ClustersDefined: 0
NetworkPriority: 0
LongMCAUserIdLength: 0
LongRemoteUserIdLength: 0
LongMCAUserIdPtr: 0
LongRemoteUserIdPtr: 0
MCASecurityId: b''
RemoteSecurityId: b''
SSLCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
SSLPeerNamePtr: 0
SSLPeerNameLength: 0
SSLClientAuth: 0
KeepAliveInterval: -1
LocalAddress: b''
BatchHeartbeat: 0
HdrCompList: [0, -1]
MsgCompList: [0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
CLWLChannelRank: 0
CLWLChannelPriority: 0
CLWLChannelWeight: 50
ChannelMonitoring: 0
ChannelStatistics: 0
SharingConversations: 10
PropertyControl: 0
MaxInstances: 999999999
MaxInstancesPerClient: 999999999
ClientChannelWeight: 0
ConnectionAffinity: 1
BatchDataLimit: 5000
UseDLQ: 2
DefReconnect: 0
CertificateLabel: b''
SPLProtection: 0
 sco = StrucId: b'SCO '
Version: 5
KeyRepository: /var/mqm/mqm
CryptoHardware: b''
AuthInfoRecCount: 0
AuthInfoRecOffset: 0
AuthInfoRecPtr: 0
KeyResetCount: 0
FipsRequired: 0
EncryptionPolicySuiteB: [1, 0, 0, 0]
CertificateValPolicy: 0
CertificateLabel: b''


I know I do not see this in the other examples, but I am pulling my parameters from a property file. Maybe that is the difference?
Back to top
View user's profile Send private message Send e-mail AIM Address
bobbee
PostPosted: Sun May 01, 2022 6:18 am    Post subject: Reply with quote

Knight

Joined: 20 Sep 2001
Posts: 545
Location: Tampa

Thanks Morag for reviewing. I stepped through it one line at a time changing things to remove the 'bytes' format errors. Different encode statement this time. This works. Now getting the infamous 2538 now.

Code:
#
## Connet to QMGR
#

mq_connection_property = get_config_dict('MQConnection')
print('Connection Property = ',mq_connection_property)
ssl = mq_connection_property.get("ssl")
host = mq_connection_property.get("ip")
port = mq_connection_property.get("port")
queueManager = mq_connection_property.get("queuemanager")
channel = mq_connection_property.get("channel")

ssl_asbytes=str.encode(ssl)
host_asbytes=str.encode(host)
port_asbytes=str.encode(port)
queueManager_asbytes=str.encode(queueManager)
channel_asbytes=str.encode(channel)


logger.debug('MQ Connection Information /n Host = {a} /n Port = {b} /n Queue Manager = {c} /n Channel = {d}' .format(a=host, b=port, c=queueManager, d=channel))
#print('Connection Dictionary = ', mq_connection_property)
if ssl == 'NO':
  conn_info = '%s(%s)' % (host, port)
  qmgr = pymqi.connect(queueManager, channel, conn_info)
else:
  conn_info = '%s(%s)' % (host, port)
  conn_info_asbytes=str.encode(conn_info)
  ssl_cipher_spec = mq_connection_property.get("cipher")
  ssl_cipher_spec_asbytes=str.encode(ssl_cipher_spec)
  repos = mq_connection_property.get("repos")
  repos_asbytes=str.encode(repos)
  cd = pymqi.CD()
  cd.ChannelName = channel_asbytes
  cd.ConnectionName = conn_info_asbytes
  cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
  cd.TransportType = pymqi.CMQC.MQXPT_TCP
  cd.SSLCipherSpec = ssl_cipher_spec_asbytes
  options = CMQC.MQCNO_NONE
  cd.UserIdentifier = str.encode('mqm')
  cd.Password = str.encode('mqm')
  sco = pymqi.SCO()
  sco.KeyRepository = repos_asbytes
  logger.debug('MQ SSL Connection Information \n queueManager = {a} \n cd = {b} \n sco = {c} \n' .format(a=queueManager, b=cd, c=sco))
  qmgr = pymqi.QueueManager(None)
#  qmgr.connect_with_options(queueManager, options, cd, sco)
  qmgr.connect_with_options(queueManager, cd, sco)
Back to top
View user's profile Send private message Send e-mail AIM Address
EnigmaticCypher
PostPosted: Sat May 07, 2022 4:12 am    Post subject: Reply with quote

Newbie

Joined: 01 Jan 2022
Posts: 5

Bobbee, a couple of things to note for you.

1. Please don't use the client variables from the CMQC module. Import the CMQXC module and use the variables from that. The client vars in CMQC do not account for differences in 32/64 bit systems, and have been marked as deprecated since PyMQI 1.0.

2. When wanting to make a string that's bytes in Python, you can prefix the string with a b. Like so:

Code:
b"The string"


This is much cleaner than calling str.encode() everywhere.

3. I should hope you're using Python 3, ideally a supported version, meaning 3.7 or higher. If that's the case, you do not need to use the % style of string formatting. You can use python 3's f-strings instead which are much cleaner to read. As an example:

Code:

conn_info = f"{host}({port})"


4. Regarding 2538, check the usual suspects. Firewalls, DNS names, listeners not running, incorrect ports specified, etc.


Last edited by EnigmaticCypher on Sat May 07, 2022 10:18 pm; edited 1 time in total
Back to top
View user's profile Send private message
bobbee
PostPosted: Sat May 07, 2022 10:29 am    Post subject: Reply with quote

Knight

Joined: 20 Sep 2001
Posts: 545
Location: Tampa

Thank you for the tips
Back to top
View user's profile Send private message Send e-mail AIM Address
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » pymqi connect with SSL
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.