Securing JMS Communication with an Application Certificate

I have a client application using the Eclipse Workbench framework. I'd like my client app to connect/subscribe to a JMS topic using a certificate provided in the jar file. That is, I'm NOT using the end user's certificate - it's an app cert.

Now the obvious security risk is that anyone can open up my jar file and take out the cert and use it to connect to the JMS queue without using my client app. (That's bad).

You might say, use a password on the certificate and encrypt the password. BUT... The client app would need to decrypt the password before providing it to the JMS connection. And so the decryption code would have to be in the client Jar file, which a bad guy could decompile and get the code that decrypts the password too. So now he has the cert and the password.

Finally, here's my question... Is there a way to tie the application's certificate to the jar file or to the code s开发者_运维技巧o that only my client application can use that cert to connect to the JMS queue?

Thanks for reading this far.

That's the standard DRM problem. You want to ship something encrypted so that Bad Guys can't do something unauthorized. But the product you ship to customers needs to decrypt it so those customers can use it in the way you authorize.

If you find bullet-proof solution, sell it for $1B to Hollywood. Heck, sell it for $1.1B and give me my cut for the idea.

OK, it doesn't need to be bullet-proof? Now you're down to trying to hide it like you describe above. What's the value of what you're trying to protect? If it's low, little effort will be expended to work around your solution and maybe it'll stand. If it's high value, someone will crack it (see Hollywood as an example).