2
我米試圖爲Oracle JDBC配置SSL和I M文件 http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128.pdfOracle JDBC瘦驅動SSL
我有我自己的機器Oracle服務器和客戶端以下。這是一個POC。
我使用案例#1僅使用SSL進行加密。我listener.ora貌似
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
)
)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\xxx\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
我sqlnet.ora看起來像
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Priya\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
我tnsnames.ora在Oracle服務器上
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
我甚至更新客戶端上的tnsnames.ora
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
我Java.security
security.provider.10 = oracle.security.pki.OraclePKIProvider
我使用orapki工具創建的服務器錢包自動登錄。
我的示例代碼:
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=orcl)))";
System.out.println("set properties");
Properties props = new Properties();
props.setProperty("user", "XXXXX");
props.setProperty("password", "XXXXX");
props.setProperty("oracle.net.ssl_cipher_suites",
"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, "
+ "SSL_DH_anon_WITH_RC4_128_MD5,"
+ "SSL_DH_anon_WITH_DES_CBC_SHA)");
System.out.println("get connection");
Connection con = DriverManager.getConnection(url, props);
System.out.println("got a connection");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("select sysdate from dual");
while (rs.next()) {
System.out.println("result = "+rs.getString(1));
}
rs.close();
stmt.close();
con.close();
和I M得到以下錯誤:
set properties
get connection
trustStore is: C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
...............
.............
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1441881635 bytes = { 236, 186, 144, 113, 184, 49, 37, 30, 105, 22, 80, 151, 167, 186, 10, 227, 160, 97, 62, 9, 21, 123, 5, 153, 25, 55, 40, 140 }
Session ID: {}
Cipher Suites: [SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 56
0000: 01 00 00 34 03 01 56 F1 5E 23 EC BA 90 71 B8 31 ...4..V.^#...q.1
0010: 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B %.i.P......a>...
0020: 05 99 19 37 28 8C 00 00 06 00 1B 00 18 00 1A 01 ...7(...........
0030: 00 00 05 FF 01 00 01 00 ........
main, WRITE: TLSv1 Handshake, length = 56
[write] MD5 and SHA1 hashes: len = 53
0000: 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 18 00 ........ .......
0010: 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 31 25 .....V.^#...q.1%
0020: 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B 05 .i.P......a>....
0030: 99 19 37 28 8C ..7(.
main, WRITE: SSLv2 client hello message, length = 53
[Raw write]: length = 55
0000: 80 35 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 .5........ .....
0010: 18 00 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 .......V.^#...q.
0020: 31 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 1%.i.P......a>..
0030: 7B 05 99 19 37 28 8C ....7(.
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: Software caused connection abort: recv failed
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:657)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:560)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at tr.com.pos.genius.background.Test.main(Test.java:75)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:422)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:460)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
... 6 more
我米用java 6和Oracle 11g,ojdbc6.jar。
我是一個SSL新手。任何指針或建議都會有所幫助。
Java 1.6相當古老。它是否適合你使用sqlplus? – ibre5041
沒有我得到ORA-12570:TNS:使用sqlplus時數據包讀取器失敗。不幸的是,我們的prj是用java 6編寫的。 – user3657792
只是爲了排除顯而易見的問題,你的聽衆是否已經重新啓動以接收你所做的任何更改? 'lsnrctl status'顯示你的期望?你可以做一個測試'ssh -p 2484 localhost'並看看有什麼功能嗎?想知道是否可能有本地防火牆,您需要爲該端口找個漏洞。 –