当我使用 TLS 机制从 Tomcat 托管的 [版本 9.0.65] / [jdk8 - 202 build] 应用程序连接到 OCI ADB 实例时,它会失败并出现不同的错误。但是,当我下载钱包文件并使用钱包位置设置 JVM 参数时,它可以工作 -
下面的代码片段
PoolDataSource ds = PoolDataSourceFactory.getPoolDataSource();
try {
ds.setConnectionFactoryClassName("oracle.jdbc.pool.OracleDataSource");
ds.setURL(
"jdbc:oracle:thin:@(description= (address=(protocol=tcps)(port=1521)(host=ip.address.of.adb))(connect_data=(service_name=$service_name))(security=(ssl_server_dn_match=no)))");
ds.setUser("myUser");
ds.setPassword("********");
ds.setInitialPoolSize(5);
ds.setMinPoolSize(5);
ds.setMaxPoolSize(10);
} catch (Exception ignore) {
throw new IllegalArgumentException("Error occurred while trying to configure datasource");
}
它适用于以下钱包虚拟机参数
-Doracle.net.wallet_location=/path/to/wallet
-Doracle.net.tns_admin=/path/to/wallet
错误的一个例子是我没有设置钱包位置。我只需要 TLS 连接,不需要钱包
Caused by: oracle.net.ns.NetException: Unable to initialize the trust store.
at oracle.net.nt.CustomSSLSocketFactory.trustStoreFailure(CustomSSLSocketFactory.java:766)
at oracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:417)
... 32 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
at java.security.KeyStore.load(KeyStore.java:1445)
at oracle.net.nt.CustomSSLSocketFactory.loadFileBasedKeyStore(CustomSSLSocketFactory.java:1153)
at oracle.net.nt.CustomSSLSocketFactory.loadKeyStore(CustomSSLSocketFactory.java:1125)
at oracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:408)
... 32 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
... 39 more
ADB TLS 连接不需要证书或带有 jks 文件的钱包。 我的 tomcat 配置为 -
javax.net.ssl.trustStore= my private certificate
当我删除它时,应用程序与 ADB 连接没有问题。 但是,如果您需要指定trutsStore,则将oracle证书从钱包导入到您本地的truststore,并将密码传递到您本地的trustStore
javax.net.ssl.trustStorePassword= my-password