Oracle's JDBC driver does some quite CPU-intensive calls during connection creation/authentication, like usages of SecureRandom
(even though /dev/urandom
is used in our case) or AES ciphers.
Example stacktrace snippet of an expensive operation:
javax.crypto.Cipher.doFinal(byte[], int, int, byte[]) line: 2325
oracle.net.aso.e.b(byte[], int, int, byte[]) line: not available
oracle.net.aso.ac.f(byte[]) line: not available
oracle.net.aso.c.f(byte[]) line: not available
oracle.security.o5logon.O5Logon.a(byte[], java.lang.String, java.lang.String) line: not available
oracle.security.o5logon.O5Logon.generateOAuthResponse(int, byte[], java.lang.String, java.lang.String, java.lang.String, byte[], byte[], byte[], byte[], byte[], byte[], int[], int[], boolean, byte, byte[], int, int, byte[], int[]) line: not available
oracle.security.o5logon.O5Logon.generateOAuthResponse(int, byte[], java.lang.String, java.lang.String, byte[], byte[], byte[], byte[], int[], boolean, byte, byte[], int, int, byte[], int[]) line: not available
oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(java.lang.String, java.lang.String, java.lang.String, long, int, int, byte[][]) line: 1179
oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(java.lang.String, java.lang.String, java.lang.String, long) line: 1025
oracle.jdbc.driver.T4CConnection.logon(org.ietf.jgss.GSSCredential) line: 743
oracle.jdbc.driver.T4CConnection(oracle.jdbc.driver.PhysicalConnection).connect(org.ietf.jgss.GSSCredential) line: 793
oracle.jdbc.driver.T4CDriverExtension.getConnection(java.lang.String, java.util.Properties, org.ietf.jgss.GSSCredential) line: 57
oracle.jdbc.OracleDriver(oracle.jdbc.driver.OracleDriver).connect(java.lang.String, java.util.Properties, org.ietf.jgss.GSSCredential) line: 747
oracle.jdbc.OracleDriver(oracle.jdbc.driver.OracleDriver).connect(java.lang.String, java.util.Properties) line: 562
[...]
While this is fine for production and regular test environments, it adds unnecessary CPU costs and latencies for connections to special environments, eg in automated testing scenarios for which we use local database instances with pure testing data.
Question:
Is there a way to disable some or all of those expensive security-related features, eg by lowering or disable authentication of the jdbc driver or any other measure to reduce cpu time?
Are you using any new Oracle features? Like OAUTH authentication, Oracle Cloud database?
From the stack trace it seems to be hard to avoid, this is part of negotiation where client needs to encrypt password before sending it to server. I never saw this as a problem - CPU intensive password encryption. There were problems with Java8 where /dev/random was blocking and client was stalled due to lack of entropy.
For testing purposes you can use worse encryption algorithm. Oracle stores multiple password's hashes delimited by semicolon.
alter user xxx identified by values '.... password hash'.
As documented here: SpiderLabs Blog
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.