Tomcat 中的 Oracle ADB TLS 连接错误

问题描述 投票:0回答:1

当我使用 TLS 机制从 Tomcat 托管的 [版本 9.0.65] / [jdk8 - 202 build] 应用程序连接到 OCI ADB 实例时,它会失败并出现不同的错误。但是,当我下载钱包文件并使用钱包位置设置 JVM 参数时,它可以工作 -
下面的代码片段

PoolDataSource ds = PoolDataSourceFactory.getPoolDataSource();
        try {
            ds.setConnectionFactoryClassName("oracle.jdbc.pool.OracleDataSource");
            ds.setURL(
                    "jdbc:oracle:thin:@(description= (address=(protocol=tcps)(port=1521)(host=ip.address.of.adb))(connect_data=(service_name=$service_name))(security=(ssl_server_dn_match=no)))");
            ds.setUser("myUser");
            ds.setPassword("********");
            ds.setInitialPoolSize(5);
            ds.setMinPoolSize(5);
            ds.setMaxPoolSize(10);
        } catch (Exception ignore) {
            throw new IllegalArgumentException("Error occurred while trying to configure datasource");
        }

它适用于以下钱包虚拟机参数

-Doracle.net.wallet_location=/path/to/wallet
-Doracle.net.tns_admin=/path/to/wallet

错误的一个例子是我没有设置钱包位置。我只需要 TLS 连接,不需要钱包

Caused by: oracle.net.ns.NetException: Unable to initialize the trust store.
    at oracle.net.nt.CustomSSLSocketFactory.trustStoreFailure(CustomSSLSocketFactory.java:766)
    at oracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:417)
    ... 32 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at oracle.net.nt.CustomSSLSocketFactory.loadFileBasedKeyStore(CustomSSLSocketFactory.java:1153)
    at oracle.net.nt.CustomSSLSocketFactory.loadKeyStore(CustomSSLSocketFactory.java:1125)
    at oracle.net.nt.CustomSSLSocketFactory.createSSLContext(CustomSSLSocketFactory.java:408)
    ... 32 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
    ... 39 more
oracle tomcat9 mtls oracle-wallet
1个回答
0
投票

ADB TLS 连接不需要证书或带有 jks 文件的钱包。 我的 tomcat 配置为 -

javax.net.ssl.trustStore= my private certificate

当我删除它时,应用程序与 ADB 连接没有问题。 但是,如果您需要指定trutsStore,则将oracle证书从钱包导入到您本地的truststore,并将密码传递到您本地的trustStore

 javax.net.ssl.trustStorePassword= my-password
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.