我们的项目转向在所有数据库连接中使用SSL,我们已经使用SSL和JDBC瘦驱动程序指南成功地为基于Java的批处理系统完成了此操作。我们现在的任务是配置在 Websphere 中运行的 Web 应用程序,以使用这些 SSL 连接到数据库。
按照这篇博文中列出的分步说明进行操作后,我们在运行测试连接时出现错误(为 jvm 设置了-Djavax.net.debug=all):
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O Default : 2, READ: TLSv1 Handshake, >length = 4
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O *** ServerHelloDone
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O [read] MD5 and SHA1 hashes: len = 4
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O 0000: 0e 00 00 00 ....
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O ClientHandshaker: KeyManager com.ibm.jsse2.hd
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O *** Certificate chain [06/11/13 06:17:44:042 GMT] 00000024 SystemOut O ***
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O JsseJCE: Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O JsseJCE: Using cipher RSA/SSL/PKCS1Padding from provider TBD via init
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O %% Invalidated: [Session-23, SSL_RSA_WITH_RC4_128_MD5]
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O [Raw read]: length = 4
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O 0000: 0e 00 00 00 ....
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O Default : 2, READ: TLSv1 Handshake, length = 4
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O *** ServerHelloDone
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O [read] MD5 and SHA1 hashes: len = 4
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O 0000: 0e 00 00 00 ....
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O ClientHandshaker: KeyManager com.ibm.jsse2.hd
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O *** Certificate chain
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut O ***
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O JsseJCE: Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O JsseJCE: Using cipher RSA/SSL/PKCS1Padding from provider TBD via init
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O %% Invalidated: [Session-23, SSL_RSA_WITH_RC4_128_MD5]
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O Default : 2, SEND TLSv1 ALERT: fatal, description = unexpected_message
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut O Default : 2, WRITE: TLSv1 Alert, length = 2
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut O [Raw write]: length = 7
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut O 0000: 15 03 01 00 02 02 0a .......
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut O Default : 2, called closeSocket()
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut O Default : 2, called close()
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut O Default : 2, called closeInternal(true)
[06/11/13 06:17:44:045 GMT] 00000024 DSConfigurati W DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource. Encountered java
.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002.
java.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:441)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:157)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:94)
at com.ibm.ws.rsadapter.DSConfigurationHelper$2.run(DSConfigurationHelper.java:1687)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5343)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5431)
at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
at com.ibm.ws.rsadapter.DSConfigurationHelper$3.run (DSConfigurationHelper.java:1703)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1715)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1610)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:3242)
at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:3918)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49)
at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1331)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1224)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
at com.ibm.ws.management.connector.ipc.CallRouter.route(CallRouter.java:242)
at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink.doWork(IPCConnectorInboundLink.java:353)
at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink$IPCConnectorReadCallback.complete(IPCConnectorInboundLink.java:595)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)
这表明潜在的错误是RSA预主密钥错误,我已经在SO上用谷歌搜索了该错误;不幸的是,到目前为止,没有任何结果有所帮助。
- 这是在 Websphere 版本 7 上。
- 我们使用的是 PKCS12 证书。
- 我们在 Linux Websphere 服务器上使用 IBM java 1.6.0。
- 我知道证书很好,因为它们可用于在我们的批处理过程中进行连接。
- 我也知道 Web 应用程序应该能够处理这些连接,因为使用 JNDI 和 Tomcat 中的 SSL 数据源工作正常。
我正在做的事情有什么不对劲的地方吗?有没有人对解决此错误或进一步了解其根本原因有建议?
我最近遇到了类似的问题和"RSA 预主密钥错误",只是尝试连接到 SQL 服务器数据库。似乎sunjce_provider.jar文件不在我的类路径中。
> ~/source/java/tester$ echo $JAVA_HOME # given $JAVA_HOME is set...
/usr/lib/jvm/java-7-openjdk-amd64/
> find $JAVA_HOME -iname "*sunjce*jar" # find sunjce
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/sunjce_provider.jar
java -Djava.ext.dirs=lib:$JAVA_HOME/jre/lib/ext -jar build/MyAppJar.jar
我希望这有所帮助。