Java JDBC with SSL: Wallet version not supported or the trustAnchors parameter must be non-empty

Question

I have configured a Oracle 11g database server to work with SSL using a wallet and self signed certificate. The wallet has auto login enabled. I tested the connection using a client (sqlplus) from another machine and it works.

Now I'm trying to connect to the database using Java JDBC.

I have two code version, both do not work. First one is attempting to use the SSO option:

    Connection connection = null;

    String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";

    Properties props = new Properties();
    props.setProperty("user", "dbuser");
    props.setProperty("password", "dbpass");

    //Single sign on
    props.setProperty("javax.net.ssl.trustStore", "C:\\oracle\\wallet\\cwallet.sso");
    props.setProperty("javax.net.ssl.trustStoreType","SSO");

    /* Load the database driver */
    try
    {
        Security.addProvider(new oracle.security.pki.OraclePKIProvider());
        DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
        connection = DriverManager.getConnection(url,props);
        if (connection != null) {
            System.out.println("You made it, take control your database now!");
        } else {
            System.out.println("Failed to make connection!");
        }
    }
    catch (SQLException ex) {
    ex.printStackTrace();
}

In this version I get

java.io.IOException: Wallet version not supported
        at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)

The second one is using the wallet itself:

    Connection connection = null;

    String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";

    Properties props = new Properties();
    props.setProperty("user", "dbuser");
    props.setProperty("password", "dbpass");

    //with password
    props.setProperty("javax.net.ssl.trustStore", "C:\\oracle\\wallet\\ewallet.p12");
    props.setProperty("javax.net.ssl.trustStorePassword","WalletPasswd1234");
    props.setProperty("javax.net.ssl.trustStoreType","PKCS12");
    props.setProperty("oracle.net.ssl_cipher_suites","(SSL_RSA_WITH_3DES_EDE_CBC_SHA)");

    /* Load the database driver */
    try
    {
        Security.addProvider(new oracle.security.pki.OraclePKIProvider());
        DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
        connection = DriverManager.getConnection(url,props);
        if (connection != null) {
            System.out.println("You made it, take control your database now!");
        } else {
            System.out.println("Failed to make connection!");
        }
    }
    catch (SQLException ex) {
    ex.printStackTrace();
}

In this attempt I get

java.io.IOException: Wallet version not supported
        at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)
        at java.security.KeyStore.load(Unknown Source)
        at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:406)

I've added the following JARs to the project (not sure I even need them all):

1. ojdbc6.jar
2. oraclepki.jar
3. osdt_cert.jar
4. osdt_core.jar
5. ojpse.jar
6. osdt_xmlsec.jar
7. osdt_wss.jar
8. osdt_saml.jar
9. ldapjclnt10.jar
10. jssl-1_1.jar
11. jaxen.jar
12. javax-ssl-1_1.jar

Please advise on how I can resolve this, thanks.

Answer 1

Be sure to use oraclepki.jar and ojdbc6.jar from 12.1.0.2 which is the latest version to date. If the problem still persists you can try to convert your wallet into a jks file using orapki wallet pkcs12_to_jks . The full commande line looks like this (replace the values between <> with your own):

orapki wallet pkcs12_to_jks -wallet <wallet_directory> -pwd <wallet_password> -jksKeyStoreLoc <keystore.jks> -jksKeyStorepwd <keystore_jks_password> -jksTrustStoreLoc <truststore.jks> -jksTrustStorepwd <truststore_jks_password>

Using jks files for the keystore and truststore is going to be easier than wallets. All you need is the configure the javax.net.ssl.trustStore and javax.net.ssl.keyStore properties. You don't even need the extra jars like oraclepki.jar or the osdt jars.