May 31
Custom SSL factory
icon1 Niklas | icon2 Tags: , , , . | icon4 05 31st, 2008| icon3No Comments »

I’ve been having this code around for a long time but never seemed to get the time to publish it. Some time ago one of my colleagues asked for a similar solution which finally got me cleaning up the code and publishing it.

Lets have a look at the problem at hand. Using SSL sockets with most Java APIs means setting a bunch of system properties, javax.net.ssl.keyStore and friends. Here be dragons. Using the system properties are in most cases a horrible idea. First of all, the JRE implementation is completely silent on any issues found when it tries to use these system properties, for example due to the key store file path being incorrect. Instead, the SSL handshake will fail in wondrous ways. This will in no way tell you what the real problem is unless you dive into the SSL trace logs. And that’s not an exercise I would recommend for anyone that doesn’t enjoy tedious log files and SSL internals.

In addition, using system properties means the same keystore and truststore must be used for the entire JVM, at least if your application is multithreaded. Want to use different keys for different connections. No can do.

However, some cases the API will allow for providing a custom SSL socket factory. WebSphere MQ is an example of such an API. As described in this post by Peter Broadhurst, you can quite easily provide such a custom socket factory with the benefit of getting much improved exceptions if anything goes wrong.

So, I took some code I had since before, merged it with Peters code and got the following. You use it like this. 


        MQQueueConnectionFactory qcf = new MQQueueConnectionFactory();
        qcf.setQueueManager("MYQM");
        qcf.setHostName("localhost");
        qcf.setChannel("SYSTEM.ADMIN.SVRCONN");
        qcf.setSSLCipherSuite(CipherSuite.NULL_SHA);
        qcf.setTransportType(1);

        File ks = new File("mykeystore.jks");

        // create our factory
        PojoSslSocketFactoryFactory sf = new PojoSslSocketFactoryFactory();
        // setting only the key store means that
        // it will also be used as the truststore
        sf.setKeyStore(ks);
        sf.setKeyStorePassword("secret");

	  // create the socket factory
        qcf.setSSLSocketFactory(sf.createSocketFactory());

        Connection conn = qcf.createConnection();

Pretty damn easy. And a huge improvement for those who like getting told what’s wrong with ones configuration. Using the code above, you can also use different key stores within the same JVM.

The code is available as part of the wmq-util project, however it is generic and could be used in most applications using SSL sockets where you would normally used the system properties.

Now we can only hope that, for example, IBM starts using something similar in the WMQ Explorer and WMB Toolkit to make SSL issues easier to debug.

If anyone is interested, I also got the code to make it possible to have multiple keys in the same key store and configure the one needed for each connection. I haven’t yet integrated it with the above code but if there is any interest I’ll do that as well.

May 30

WebSphere Message Broker has since version 6 sported a Java API that can be used to perform various actions, primarily message transformations. Users of the API will quickly find that it consists of a low level object model, much like the W3C XML DOM. After some additional use, one will find that the API has some odd inconsistencies, for example will an object model built with the MRM and XML domains differ in how value nodes are created. After a while, most users will grow increasingly frustrated. As programmers we know that adding another level of indirection solves any problem. Thus we’ll create a high level abstraction on top of the WMB API. All WMB shops I’m familiar with has done this. All solving their immediate needs.

Enter wmb-util. It’s yet another such API, but this time it’s open source and freely available for anyone to use under a commercially friendly license. It sprung out of a project we did at work for a customer and together with the customer we opted for opening up the project rather than creating another proprietary version. For us this means we can reuse it in other customer projects. For the customer it means they’ll get fixes for free, either from our other customer projects or from other users of the library. Hopefully all wins.

So, what does the library contain? The most important part, and the part I’ll cover today, is that very abstraction of the WMB API. Basically, it offers high(er)-level classes for a few, typically message types:

  • Headers (MQMD, RFH2, Properties, HTTPInput
  • XML messages
  • SOAP messages
  • Simple record based flat files (dubbed TDS in the library)
  • Blobs

More messages can be added as need be. Each of the header and payload classes contains a set of static factory methods, used to create, wrap or remove messages. The classes work directly on the underlying WMB object model, meaning you can mix wmb-util code with use of the WMB API directly as you like. For example if you like to perform an XPath query and then use the TdsRecord to perform actions on the resulting elements.

The API aims to make the client code completely portable between the different message domains. More specifically, it should not have any imptact on your code if you use MRM, XML, XMLNS or XMLNSC.

Enough talk, let’s look at some examples:

In this case we create a MQ message containing a simple XML payload from scratch


        // create an empty output message using the regular WMB API
        MbMessage outMessage = new MbMessage();

        // create an MQMD header, using the default values
        MqmdHeader mqmd = MqmdHeader.create(outMessage);
        // this is a text message
        mqmd.setFormat(MqmdHeader.FORMAT_MQSTR);

        // create a XML payload
        XmlPayload payload = XmlPayload.create(outMessage);
        payload.declareNamespace("myns", NS);

        // now, this code will be exactly the same whether using
        // the XML domains or MRM. We'll handle the nodes types,
        // value nodes and the missing root element in MRM. Don't worry.
        XmlElement root = payload.createRootElement(NS, "root");

        // set an attribute
        root.setAttribute("my-attribute", "foo");
        root.createLastChild(NS, "child");

        ... // send the message just like you always do

As seen above, you won’t have to worry about things like domains, node types, weird ways of setting up namespace prefixes or that WMB will in some cases use an at-sign in front of attribute names. And you don’t have to look up what the minimal attributes needed to create an MQMD header are. You have been copying the input message instead, haven’t you?

We invite you all to use and participate in the project. All feedback is welcome, and patches double so.

May 27
QOTD
icon1 Niklas | icon2 Tags: . | icon4 05 27th, 2008| icon3No Comments »

Microsoft needs to fix the problems it has, not the problems it would like to have

James Governor, Note to Microsoft: You Need to Identify The Real Competition

May 22
UML is screwed
icon1 Niklas | icon2 Tags: , . | icon4 05 22nd, 2008| icon35 Comments »

This is a perfect summary of why UML is screwed. In fact, I would add in three more points to the list:

Fat boy

Fat boy by mandj98

  • UML has failed to make sense in agile development. Agile developers prefer code over formalism and coding is very much part of the thinking process. Doing a major modeling exercise does fit well into this
  • Open source developers don’t use UML. Again, open source developers communicate using code (I read tons of commit logs each day): The very nature of heterogeneous communities means you can’t force tools on them, and since the availability of good, free tools and interoperability between them is severely lacking, UML just doesn’t work beyond simple diagrams. And since open source is more important than ever, this is significant
  • The support for advanced refactoring in modern IDEs means we keep changing our code all the time. Keeping a model up-to-date gets impossible very quickly

All in all, UML is screwed.

Like many of the commentators on the post above, I use simple class diagrams and sequence diagrams to communicate. Usually as part of white board sessions. Despite many attempts, I now never use the UML meta model. The formalism in UML doesn’t help or interest me.

On a separate note, number 12 on the list in the original post is “Treat software development like manufacturing”. This might be my favorite fallacy of software development management. But that’s for a different post.

May 3
Anyone know what this is?
icon1 Niklas | icon2 | icon4 05 3rd, 2008| icon33 Comments »


Anyone know what this is?, originally uploaded by protocol7.