TIBCO BW 6 – Integrating with Nexmo API (II): Creating the SSL Connection

In the previous post, we started a sample to create a SOAP wrapper to a SMS Rest API provided by Nexmo and we were capable of define a TIBCO BW 6 process that could create the exact request that the Nexmo Servers are expecting, but we need to configure the SSL connection to finish our sample, and that’s what we are going to do in this post.

If you miss the previous post I encourage you to take a look to get the context and the knowledge about the previos steps. Back to the future past.

First of all, we have to define the compoments that we are going to need to establish the SSL connection. We need to create the following resources:

  • Keystore Provider Resource
  • SSL Client Resource
  • HTTP Client Resource.

One of this resources is linked to the one listed below of them, so the HTTP Client uses a SSL Client Resource that uses a Keystore Provider Resource.ย But, which is the purpose of each of them?

Ok, probably you already knows the HTTP Client Resource, because if the client that we defined when we need to establish a HTTP Connection acting like a client. In this resource we specify at least the host and the port number of the target. We also can define a lot of techical details about the connection but that’s not the purpose of this post, but if you want to go deep you always can take a look at the official documentation from TIBCO where all this parameters are explained.

The SSL Client Resource is a resource that defines the parameters about the SSL Connection when you are acting like a Client, you have the specify the Keystore provider that you are using to create this connection and you also have a lot of technical parameters about the SSL connection (protocol, ciphers allowed, and so on).

And, the last one, the most important of all of them is the one which indicates where is the location of the real keystore (JKS file or similar) is going to use to create the SSL connection.

So we have all the chain in images:

  • First the HTTP Client with the host and port definition and the references of the SSL Client Resource.

2015-11-21_22-19-49

  • Second, the SSL Client Resource and its link to the Keystore Provider Resource:

2015-11-21_22-20-47

  • And last but not least, the Keystore Provider Resource definition:

2015-11-21_22-20-47

And, that’s it! With all these, we can get working our example, as you can see here:

2015-11-21_22-22-16

And here it is the evidence from my phone ๐Ÿ™‚

Screenshot_20151121-222715

 

Advertisements

5 thoughts on “TIBCO BW 6 – Integrating with Nexmo API (II): Creating the SSL Connection

  1. Hi John. First of all, I want to thank you for your comment and your Pull Request in our GitHub repo. I really appreciate it and I hope to review it this weekend ๐Ÿ™‚ but it’s a pleasure to have viewers like you :).

    Regarding to your question both of your approaches are right and you should use them at the same time. Because TIBCO BW 6 today doesn’t have a way to modify a Resource Template using the TIBCO Enterprise Administrator (TIBCO AMX SG already has this feature but it has not been ported to the TIBCO BW stack) so you should give a way to change the parameter at runtime beause it could be possible that the path depends on the environment or something like this.

    And you should not use in a Production environment the internal cacerts file, because as you said this is used internally for other components, so you should create a custom and own keystore. Even it is a good practice to have a specific keystore for each client.

    • As you said we dont have concept of resource templates mapping in TEA…so is it like i cannot deploy a HTTP connector with a specific port in a appnode so that every application/service will listen to the same port and only varies based on the endpoint url as we do in AMX service bus.

  2. In your KeyStoreProviderResource, there is the URL to the cacerts file, which defaults to TIBCO’s internal JRE. The problem I have is I develop on Windows and deploy on Linux. What is the best way of dealing with this? The two solutions I’ve found are:

    1. Put the cacerts in your project and use a relative URL
    2. Have a module parameter which can be set at runtime (*yugh*)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s