ballerina-platform · ayeshLK · Nov 14, 2023 · Nov 6, 2023 · Nov 6, 2023 · Nov 6, 2023
@@ -9,15 +9,14 @@ distribution-version = "2201.8.0"
 
 [[package]]
 org = "ballerina"
-name = "io"
-version = "1.6.0"
-scope = "testOnly"
+name = "crypto"
+version = "2.5.0"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"},
-	{org = "ballerina", name = "lang.value"}
+	{org = "ballerina", name = "time"}
 ]
 modules = [
-	{org = "ballerina", packageName = "io", moduleName = "io"}
+	{org = "ballerina", packageName = "crypto", moduleName = "crypto"}
 ]
 
 [[package]]
@@ -37,15 +36,6 @@ dependencies = [
 	{org = "ballerina", name = "jballerina.java"}
 ]
 
-[[package]]
-org = "ballerina"
-name = "lang.value"
-version = "0.0.0"
-scope = "testOnly"
-dependencies = [
-	{org = "ballerina", name = "jballerina.java"}
-]
-
 [[package]]
 org = "ballerina"
 name = "test"
@@ -63,7 +53,6 @@ modules = [
 org = "ballerina"
 name = "time"
 version = "2.4.0"
-scope = "testOnly"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"}
 ]
@@ -76,7 +65,7 @@ org = "ballerinax"
 name = "ibm.ibmmq"
 version = "0.1.1"
 dependencies = [
-	{org = "ballerina", name = "io"},
+	{org = "ballerina", name = "crypto"},
 	{org = "ballerina", name = "jballerina.java"},
 	{org = "ballerina", name = "test"},
 	{org = "ballerina", name = "time"}

@@ -117,7 +117,7 @@ task commitTomlFiles {
                     standardOutput = stdOut
                 }
                 println stdOut.toString()
-                sleep(5 * 1000)
+                sleep(10 * 1000)
             } else {
                 println "IBMMQ server is already running."
             }
@@ -140,7 +140,7 @@ task commitTomlFiles {
                     standardOutput = stdOut
                 }
                 println stdOut.toString()
-                sleep(5 * 1000)
+                sleep(10 * 1000)
             } else {
                 println "IBMMQ server is not started."
             }

@@ -103,3 +103,108 @@ public const int MQGMO_CONVERT = 16384;
 
 # Subscribe Option create
 public const int MQSO_CREATE = 2;
+
+// SSL cipher suite related constants
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with 3DES encryption and SHA integrity.
+public const string SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = "SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with AES 128-bit encryption and SHA-256 integrity.
+public const string SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = "SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with AES 128-bit GCM encryption and SHA-256 integrity.
+public const string SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = "SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with AES 256-bit CBC encryption and SHA-384 integrity.
+public const string SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = "SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with AES 256-bit GCM encryption and SHA-384 integrity.
+public const string SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = "SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with NULL encryption and SHA integrity (not recommended for production use).
+public const string SSL_ECDHE_ECDSA_WITH_NULL_SHA = "SSL_ECDHE_ECDSA_WITH_NULL_SHA";
+
+# SSL cipher suite using ECDHE-ECDSA for key exchange with RC4 128-bit encryption and SHA integrity (not recommended for production use).
+public const string SSL_ECDHE_ECDSA_WITH_RC4_128_SHA = "SSL_ECDHE_ECDSA_WITH_RC4_128_SHA";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with 3DES encryption and SHA integrity.
+public const string SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = "SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with AES 128-bit encryption and SHA-256 integrity.
+public const string SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with AES 128-bit GCM encryption and SHA-256 integrity.
+public const string SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = "SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with AES 256-bit CBC encryption and SHA-384 integrity.
+public const string SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with AES 256-bit GCM encryption and SHA-384 integrity.
+public const string SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with NULL encryption and SHA integrity (not recommended for production use).
+public const string SSL_ECDHE_RSA_WITH_NULL_SHA = "SSL_ECDHE_RSA_WITH_NULL_SHA";
+
+# SSL cipher suite using ECDHE-RSA for key exchange with RC4 128-bit encryption and SHA integrity (not recommended for production use).
+public const string SSL_ECDHE_RSA_WITH_RC4_128_SHA = "SSL_ECDHE_RSA_WITH_RC4_128_SHA";
+
+# SSL cipher suite using RSA for key exchange with 3DES encryption and SHA integrity.
+public const string SSL_RSA_WITH_3DES_EDE_CBC_SHA = "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
+
+# SSL cipher suite using RSA for key exchange with AES 128-bit encryption and SHA integrity.
+public const string SSL_RSA_WITH_AES_128_CBC_SHA = "SSL_RSA_WITH_AES_128_CBC_SHA";
+
+# SSL cipher suite using RSA for key exchange with AES 128-bit encryption, SHA-256 integrity.
+public const string SSL_RSA_WITH_AES_128_CBC_SHA256 = "SSL_RSA_WITH_AES_128_CBC_SHA256";
+
+# SSL cipher suite using RSA for key exchange with AES 128-bit GCM encryption, SHA-256 integrity.
+public const string SSL_RSA_WITH_AES_128_GCM_SHA256 = "SSL_RSA_WITH_AES_128_GCM_SHA256";
+
+# SSL cipher suite using RSA for key exchange with AES 256-bit CBC encryption and SHA integrity.
+public const string SSL_RSA_WITH_AES_256_CBC_SHA = "SSL_RSA_WITH_AES_256_CBC_SHA";
+
+# SSL cipher suite using RSA for key exchange with AES 256-bit CBC encryption, SHA-256 integrity.
+public const string SSL_RSA_WITH_AES_256_CBC_SHA256 = "SSL_RSA_WITH_AES_256_CBC_SHA256";
+
+# SSL cipher suite using RSA for key exchange with AES 256-bit GCM encryption, SHA-384 integrity.
+public const string SSL_RSA_WITH_AES_256_GCM_SHA384 = "SSL_RSA_WITH_AES_256_GCM_SHA384";
+
+# SSL cipher suite using RSA for key exchange with DES encryption and SHA integrity (not recommended for production use).
+public const string SSL_RSA_WITH_DES_CBC_SHA = "SSL_RSA_WITH_DES_CBC_SHA";
+
+# SSL cipher suite using RSA for key exchange with NULL encryption and SHA-256 integrity (not recommended for production use).
+public const string SSL_RSA_WITH_NULL_SHA256 = "SSL_RSA_WITH_NULL_SHA256";
+
+# SSL cipher suite using RSA for key exchange with RC4 128-bit encryption and SHA integrity (not recommended for production use).
+public const string SSL_RSA_WITH_RC4_128_SHA = "SSL_RSA_WITH_RC4_128_SHA";
+
+# TLS 1.2 protocol version.
+public const string TLS12 = "*TLS12";
+
+# SSL cipher suite using AES 128-bit GCM encryption, SHA-256 integrity.
+public const string TLS_AES_128_GCM_SHA256 = "TLS_AES_128_GCM_SHA256";
+
+# SSL cipher suite using AES 256-bit GCM encryption, SHA-384 integrity.
+public const string TLS_AES_256_GCM_SHA384 = "TLS_AES_256_GCM_SHA384";
+
+# SSL cipher suite using ChaCha20-Poly1305 encryption, SHA-256 integrity.
+public const string TLS_CHACHA20_POLY1305_SHA256 = "TLS_CHACHA20_POLY1305_SHA256";
+
+# SSL cipher suite using AES 128-bit CCM encryption, SHA-256 integrity.
+public const string TLS_AES_128_CCM_SHA256 = "TLS_AES_128_CCM_SHA256";
+
+# SSL cipher suite using AES 128-bit CCM 8 encryption, SHA-256 integrity.
+public const string TLS_AES_128_CCM_8_SHA256 = "TLS_AES_128_CCM_8_SHA256";
+
+# Any supported SSL/TLS cipher suite.
+public const string ANY = "*ANY";
+
+# TLS 1.3 protocol version.
+public const string TLS13 = "*TLS13";
+
+# TLS 1.2 or higher protocol version.
+public const string TLS12ORHIGHER = "*TLS12ORHIGHER";
+
+# TLS 1.3 or higher protocol version.
+public const string TLS13ORHIGHER = "*TLS13ORHIGHER";
+
@@ -4,9 +4,32 @@ services:
   mq:
     image: icr.io/ibm-messaging/mq:latest
     container_name: ibmmq-test
+    depends_on:
+      mq-tls:
+        condition: service_started
     ports:
       - "1414:1414"
-      - "9443:9443"
     environment:
       - LICENSE=accept
       - MQ_QMGR_NAME=QM1
+    healthcheck:
+      test: ["CMD-SHELL", "chkmqstarted"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  mq-tls:
+    image: icr.io/ibm-messaging/mq:latest
+    container_name: ibmmq-test-tls
+    ports:
+      - "1415:1414"
+    environment:
+      - LICENSE=accept
+      - MQ_QMGR_NAME=QM2
+    volumes:
+      - ./secrets:/etc/mqm/pki/keys/mykey
+    healthcheck:
+      test: ["CMD-SHELL", "chkmqstarted"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
diff --git a/ballerina/tests/resources/secrets/key.crt b/ballerina/tests/resources/secrets/key.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIUbOkGm9o9WyEPrS24muCCT5XoxM4wDQYJKoZIhvcNAQEL
+BQAwajELMAkGA1UEBhMCU0wxEDAOBgNVBAgMB1dlc3Rlcm4xEDAOBgNVBAcMB0Nv
+bG9tYm8xDTALBgNVBAoMBFdTTzIxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYD
+VQQDDAlsb2NhbGhvc3QwHhcNMjMxMTA4MDkxMjMwWhcNMzMxMTA1MDkxMjMwWjBq
+MQswCQYDVQQGEwJTTDEQMA4GA1UECAwHV2VzdGVybjEQMA4GA1UEBwwHQ29sb21i
+bzENMAsGA1UECgwEV1NPMjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNVBAMM
+CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLSPhJk
+nRNVZuaSGKECkqEdSXVL+5Kx0eRHbsnPcArvensa/I0qPyOJrmXw+M994DU2VHEZ
+MZGuxZXOVoLZIMiFql/joAEe1PfpZB5e+XmTooiH7mo9jBm5HCExz+jfejioBISY
+0uIfbSKjALtz9t9+Xm/Gzgasnc8jb78G9XcXR1ZdvZ2pS5V7gmS5mLbN3YopWWut
+ldWwP03w/eduNshcV7lvryQ8fjhzk4yaRGvXA/B5e38OAP9lU64OdkZbQWfz1jkA
+J1U7tvfReZp6fCQPLy0PJvB2erq53x+RKVo9jXRpOR0uLu2nzsbjjYsH4vOtpyfl
+2FBJlYXznBKi060CAwEAAaNTMFEwHQYDVR0OBBYEFAGbDMXxRlfyRd6QaI3iWS5N
+nwXsMB8GA1UdIwQYMBaAFAGbDMXxRlfyRd6QaI3iWS5NnwXsMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBALfInQFuUPVcnBch7/Ry6GfujBQrZaPM
+zlOrgOQHhKF4ILKsKzT2oXEFqdaGTEWwUVJXlstL+vJfIzvqwDQxQ6Nca0vL9zxp
+SmUyG2mgaTTbluzxm7eP5OHPofChGT1jlxotpX+Ng3w3GEwtAAQ9PkU6eIS2EyTZ
+I7SnUMMXKJBmDsI8in6MYpHyWxjtGpX53NBjew0uuvsqUV+VsJ83y0DPIsByiXAv
+5m7777JDpNt/6MZ29qcAry9zUZx+hEh8jJgt439i1JBe/RMN2uCWr0p3BK+QHg91
+jFKRWW75kBt0c6kjNTJwrfuODPOMSxNh/0jfgez8EFBtNSQlt2/uqxc=
+-----END CERTIFICATE-----
diff --git a/ballerina/tests/resources/secrets/key.key b/ballerina/tests/resources/secrets/key.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDC0j4SZJ0TVWbm
+khihApKhHUl1S/uSsdHkR27Jz3AK73p7GvyNKj8jia5l8PjPfeA1NlRxGTGRrsWV
+zlaC2SDIhapf46ABHtT36WQeXvl5k6KIh+5qPYwZuRwhMc/o33o4qASEmNLiH20i
+owC7c/bffl5vxs4GrJ3PI2+/BvV3F0dWXb2dqUuVe4JkuZi2zd2KKVlrrZXVsD9N
+8P3nbjbIXFe5b68kPH44c5OMmkRr1wPweXt/DgD/ZVOuDnZGW0Fn89Y5ACdVO7b3
+0XmaenwkDy8tDybwdnq6ud8fkSlaPY10aTkdLi7tp87G442LB+Lzracn5dhQSZWF
+85wSotOtAgMBAAECggEAF1j202F3aY+8izlK9lDGncRSv1nhxkzFKKRe5JSVitn0
+RbiQN6KuemXPnqvoRYWCTx45tGwegqT9TNyzhW7b/Ov35RH0ZO36+9Leir07DJTi
+z5XqvpStq4+BjYDYt8HAdfW8xN9DtpGplJMQTWayWUpdquuaWTZqmx5WEACXfjP4
+cWk2lS14+6JzRDrxCkxmptutVl3LTo4qq3BVaMKJp4d2Hr5YgP4qtf2Xy8BuHhwV
+vzFNO1OsQWjIClnl+FD/bIUF+cUXjO1VThM+7oV/4w441/IjwHc7ulMcwCBvw2H9
+YkRJo7UTso0ZzjRnxSJdXwbyrAdnfke01t7wGGfNSQKBgQDjSYMhXQv0hpdTElSi
+V7yj4VI0ygfzxryrmsdvRQ2AGW3XP//tLS00fvLTDvJfih7cNG+HPTPnWustXVWK
+dnBfZ+R3LZGiMt6sLeDNXBx4I/hIXyS4G1GCZvFvRZtk5r2Zkzv/z+n5RB8vxGFB
+a+rpfoI5whle0wJ/hO7nEko/hwKBgQDbbse0nuCLoVNvL4LX0nimfD1rXGDvCTtg
+RyzrXRU13cRFNdHT2T8EOi1ySNhE43kOZjcNNFQEvxse+icEHvYJ6X1lNjn/0hYL
+APE6CfDPPmhC+iXD81w+nb7zCbSUzapNDP6ucql3+OiiSrt4NG0CzLWCSq1lB7OX
+IEBjqn6YKwKBgQDQfJpAfG1+/AbLOMFRuVFcsk8KBViOEPr4Hp5aPulHXAwZqqdE
+FHCm+twbJlbFtJjiPWcgks+NpSSdFERnIoWpvk8f0zkHo8oF/n97YMbsnXIeUMgJ
+6WU3TN6ixyLnx5Cb0ybyXPGuqQJCes0LicaOMHGcMaO8C6r69iF+7JQW+QKBgEdJ
+fxGbx+E04PEvIzfQRaf4ls+JLGibvDF0DhDMpbZhPIErkeZcHo/WAqutJK2EpPBb
+nqjohh8gosP2irRZBp+DvlwiOMd2Tfj3LmcnkZcSdDbGI3y8VAx3nPBCB+uLwTbU
+8Oxljc7PC2ymEK9lgMC3FoSklB5NWTfQn3qBii0PAoGAM83xtShEckoIn0a6+COO
+ntlLRMLjqawJK63YA4fseZCR3yncWn/m8FIpzGF/l4AKI12yav+/uLNZsym6PWZe
+kL8eVDRgGx59AhB12k4YRVinr3dgId9LaYVq50UYNrFo6u3tFSbya2QYTabm6Cjt
+89179uM5V2ne1mcZZ9FLMrA=
+-----END PRIVATE KEY-----
@@ -14,24 +14,68 @@
 // specific language governing permissions and limitations
 // under the License.
 
+import ballerina/crypto;
+
 # Options which can be provided when opening an IBM MQ topic.
 public type OPEN_TOPIC_OPTION OPEN_AS_SUBSCRIPTION|OPEN_AS_PUBLICATION;
 
+# The SSL Cipher Suite to be used for secure communication with the IBM MQ server.
+public type SSL_CIPHER_SUITE SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA|SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+    |SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+    |SSL_ECDHE_ECDSA_WITH_NULL_SHA|SSL_ECDHE_ECDSA_WITH_RC4_128_SHA|SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA|SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+    |SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256|SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384|SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    |SSL_ECDHE_RSA_WITH_NULL_SHA|SSL_ECDHE_RSA_WITH_RC4_128_SHA|SSL_RSA_WITH_3DES_EDE_CBC_SHA|SSL_RSA_WITH_AES_128_CBC_SHA
+    |SSL_RSA_WITH_AES_128_CBC_SHA256|SSL_RSA_WITH_AES_128_GCM_SHA256|SSL_RSA_WITH_AES_256_CBC_SHA|SSL_RSA_WITH_AES_256_CBC_SHA256
+    |SSL_RSA_WITH_AES_256_GCM_SHA384|SSL_RSA_WITH_DES_CBC_SHA|SSL_RSA_WITH_NULL_SHA256|SSL_RSA_WITH_RC4_128_SHA
+    |TLS12|TLS_AES_128_GCM_SHA256|TLS_AES_256_GCM_SHA384|TLS_CHACHA20_POLY1305_SHA256|TLS_AES_128_CCM_SHA256
+    |TLS_AES_128_CCM_8_SHA256|ANY|TLS13|TLS12ORHIGHER|TLS13ORHIGHER;
+
 # IBM MQ queue manager configurations.
 #
-# + name - Name of the queue manager
-# + host - IBM MQ server host
-# + port - IBM MQ server port 
+# + name - Name of the queue manager  
+# + host - IBM MQ server host  
+# + port - IBM MQ server port  
 # + channel - IBM MQ channel  
 # + userID - IBM MQ userId  
-# + password - IBM MQ user password
+# + password - IBM MQ user password  
+# + secureSocket - Configurations related to SSL/TLS encryption
+# + sslCipherSuite - Defines the combination of key exchange, encryption, 
+#   and integrity algorithms used for establishing a secure SSL/TLS connection
 public type QueueManagerConfiguration record {|
     string name;
     string host;
     int port = 1414;
     string channel;
     string userID?;
     string password?;
+    SecureSocket secureSocket?;
+    SSL_CIPHER_SUITE sslCipherSuite?;
+|};
+
+# Configurations for secure communication with the IBM MQ server.
+#
+# + cert - Configurations associated with crypto:TrustStore or single certificate file that the client trusts
+# + key - Configurations associated with crypto:KeyStore or combination of certificate and private key of the client
+# + provider - Name of the security provider used for SSL connections. The default value is the default security provider
+# of the JVM
+public type SecureSocket record {|
+    crypto:TrustStore|string cert;
+    record {|
+        crypto:KeyStore keyStore;
+        string keyPassword?;
+    |}|CertKey key?;
+    string provider?;
+|};
+
+# Represents a combination of certificate, private key, and private key password if encrypted.
+#
+# + certFile - A file containing the certificate
+# + keyFile - A file containing the private key in PKCS8 format
+# + keyPassword - Password of the private key if it is encrypted
+public type CertKey record {|
+    string certFile;
+    string keyFile;
+    string keyPassword?;
 |};
 
 # IBM MQ get message options.

@@ -26,6 +26,7 @@ dependencies {
 
     implementation group: 'org.ballerinalang', name: 'ballerina-lang', version: "${ballerinaLangVersion}"
     implementation group: 'org.ballerinalang', name: 'ballerina-runtime', version: "${ballerinaLangVersion}"
+    implementation group: 'io.ballerina.stdlib', name: 'crypto-native', version: "${stdlibCryptoVersion}"
     implementation group: 'org.json', name: 'json', version: "${jsonVersion}"
     implementation group: 'com.ibm.mq', name: 'com.ibm.mq.allclient', version: "${ibmMQVersion}"
 }