我已经配置了Oracle 11G数据库服务器,可以使用钱包和自签名证书与SSL一起使用。钱包已启用自动登录。我使用客户端(sqlplus)从另一台计算机进行了测试。
现在,我正在尝试使用Java JDBC连接到数据库。
我有两个代码版本,都无法使用。首先尝试使用SSO选项:
Connection connection = null;
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";
Properties props = new Properties();
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
//Single sign on
props.setProperty("javax.net.ssl.trustStore", "C:\oracle\wallet\cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
/* Load the database driver */
try
{
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
connection = DriverManager.getConnection(url,props);
if (connection != null) {
System.out.println("You made it, take control your database now!");
} else {
System.out.println("Failed to make connection!");
}
}
catch (SQLException ex) {
ex.printStackTrace();
}
在此版本中,我得到
java.io.IOException: Wallet version not supported
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)
第二个是使用钱包本身:
Connection connection = null;
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.200.191)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=DBSERVICE)))";
Properties props = new Properties();
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
//with password
props.setProperty("javax.net.ssl.trustStore", "C:\oracle\wallet\ewallet.p12");
props.setProperty("javax.net.ssl.trustStorePassword","WalletPasswd1234");
props.setProperty("javax.net.ssl.trustStoreType","PKCS12");
props.setProperty("oracle.net.ssl_cipher_suites","(SSL_RSA_WITH_3DES_EDE_CBC_SHA)");
/* Load the database driver */
try
{
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
connection = DriverManager.getConnection(url,props);
if (connection != null) {
System.out.println("You made it, take control your database now!");
} else {
System.out.println("Failed to make connection!");
}
}
catch (SQLException ex) {
ex.printStackTrace();
}
在此尝试中,我得到
java.io.IOException: Wallet version not supported
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(OracleSSOKeyStoreSpi)
at java.security.KeyStore.load(Unknown Source)
at oracle.net.nt.CustomSSLSocketFactory.getTrustManagerArray(CustomSSLSocketFactory.java:406)
我已经在项目中添加了以下罐子(不确定我什至需要它们):
- ojdbc6.jar
- oraclepki.jar
- osdt_cert.jar
- osdt_core.jar
- ojpse.jar
- osdt_xmlsec.jar
- osdt_wss.jar
- OSDT_SAML.JAR
- ldapjclnt10.jar
- JSSL-1_1.JAR
- jaxen.jar
- javax-ssl-1_1.jar
请建议我如何解决这个问题,谢谢。
请确保使用oraclepki.jar和ojdbc6.jar从12.1.0.2使用,这是迄今为止最新版本。如果问题仍然存在,则可以尝试使用orapki wallet pkcs12_to_jks
将钱包转换为JK文件。完整的命令行看起来像这样(用您自己的<>之间的值):
orapki wallet pkcs12_to_jks -wallet <wallet_directory> -pwd <wallet_password> -jksKeyStoreLoc <keystore.jks> -jksKeyStorepwd <keystore_jks_password> -jksTrustStoreLoc <truststore.jks> -jksTrustStorepwd <truststore_jks_password>
使用JKS文件作为密钥库和TrustStore将比钱包更容易。您需要的只是配置Javax.net.ssl.truststore和Javax.net.ssl.keystore属性。您甚至不需要额外的罐子,例如oraclepki.jar或osdt jars。