带有SSL的Java JDBC:不支持电子钱包版本,或者trustAnchors参数必须为非空
[英]Java JDBC with SSL: Wallet version not supported or the trustAnchors parameter must be non-empty
问题描述
I have configured a Oracle 11g database server to work with SSL using a wallet and self signed certificate. 
我已将Oracle 11g数据库服务器配置为使用钱包和自签名证书与SSL一起使用。 The wallet has auto login enabled. 钱包已启用自动登录。 I tested the connection using a client (sqlplus) from another machine and it works. 我使用另一台计算机上的客户端(sqlplus)测试了连接,并且该连接有效。
Now I'm trying to connect to the database using Java JDBC. 现在,我尝试使用Java JDBC连接到数据库。
I have two code version, both do not work. 我有两个代码版本,两者都不起作用。 First one is attempting to use the SSO option: 第一个尝试使用SSO选项:
Connection connection = null;
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";
Properties props = new Properties();
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
//Single sign on
props.setProperty("javax.net.ssl.trustStore", "C:\\oracle\\wallet\\cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
/* Load the database driver */
try
{
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
connection = DriverManager.getConnection(url,props);
if (connection != null) {
System.out.println("You made it, take control your database now!");
} else {
System.out.println("Failed to make connection!");
}
}
catch (SQLException ex) {
ex.printStackTrace();
}
In this version I get 在这个版本中,我得到
java.io.IOException: Wallet version not supported
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)
The second one is using the wallet itself: 第二个是使用钱包本身:
Connection connection = null;
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";
Properties props = new Properties();
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
//with password
props.setProperty("javax.net.ssl.trustStore", "C:\\oracle\\wallet\\ewallet.p12");
props.setProperty("javax.net.ssl.trustStorePassword","WalletPasswd1234");
props.setProperty("javax.net.ssl.trustStoreType","PKCS12");
props.setProperty("oracle.net.ssl_cipher_suites","(SSL_RSA_WITH_3DES_EDE_CBC_SHA)");
/* Load the database driver */
try
{
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
connection = DriverManager.getConnection(url,props);
if (connection != null) {
System.out.println("You made it, take control your database now!");
} else {
System.out.println("Failed to make connection!");
}
}
catch (SQLException ex) {
ex.printStackTrace();
}
In this attempt I get 通过这种尝试,我得到
java.io.IOException: Wallet version not supported
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)
at java.security.KeyStore.load(Unknown Source)
at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:406)
I've added the following JARs to the project (not sure I even need them all): 我已经将以下JAR添加到了项目中(不确定我是否全部都需要它们):
- ojdbc6.jar ojdbc6.jar
- oraclepki.jar oraclepki.jar
- osdt_cert.jar osdt_cert.jar
- osdt_core.jar osdt_core.jar
- ojpse.jar ojpse.jar
- osdt_xmlsec.jar osdt_xmlsec.jar
- osdt_wss.jar osdt_wss.jar
- osdt_saml.jar osdt_saml.jar
- ldapjclnt10.jar ldapjclnt10.jar
- jssl-1_1.jar jssl-1_1.jar
- jaxen.jar jaxen.jar
- javax-ssl-1_1.jar javax-ssl-1_1.jar
Please advise on how I can resolve this, thanks. 请告知我如何解决此问题,谢谢。
1 个解决方案
解决方案1
0 2017-02-03 08:34:53
Be sure to use oraclepki.jar and ojdbc6.jar from 12.1.0.2 which is the latest version to date. 确保使用12.1.0.2以来的最新版本的oraclepki.jar和ojdbc6.jar。 If the problem still persists you can try to convert your wallet into a jks file using orapki wallet pkcs12_to_jks . 如果问题仍然存在,则可以尝试使用orapki wallet pkcs12_to_jks将钱包转换成jks文件。 The full commande line looks like this (replace the values between <> with your own): 完整的命令行如下所示(将<>之间的值替换为您自己的值):
orapki wallet pkcs12_to_jks -wallet <wallet_directory> -pwd <wallet_password> -jksKeyStoreLoc <keystore.jks> -jksKeyStorepwd <keystore_jks_password> -jksTrustStoreLoc <truststore.jks> -jksTrustStorepwd <truststore_jks_password>
Using jks files for the keystore and truststore is going to be easier than wallets. 将jks文件用于密钥库和信任库将比钱包更容易。 All you need is the configure the javax.net.ssl.trustStore and javax.net.ssl.keyStore properties. 您只需要配置javax.net.ssl.trustStore和javax.net.ssl.keyStore属性。 You don't even need the extra jars like oraclepki.jar or the osdt jars. 您甚至不需要额外的jar,例如oraclepki.jar或osdt jar。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.