I already wrote about jdbc hello world and listener with tcps.
Let’s combine both technologies !
TCPS.java
import java.util.Properties;
import java.security.Security;
import java.sql.*;
import javax.net.ssl.*;
public class TCPS {
public static void main(String argv[]) throws SQLException {
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(Host=dbsrv001)(Port=12345))(CONNECT_DATA=(SID=DB01)))";
Properties props = new Properties();
props.setProperty("user", "scott");
props.setProperty("password", "tiger");
props.setProperty("javax.net.ssl.trustStore","cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
DriverManager.registerDriver(new oracle.jdbc.OracleDriver());
Connection conn = DriverManager.getConnection(url, props);
ResultSet res = conn.
prepareCall("select 'Hello SSL World' txt from dual").
executeQuery();
res.next();
System.out.println(res.getString("TXT"));
}
}
I have an auto-login wallet (cwallet.sso) with the trusted certificate from the server.
There are a few jar’s to use:
$ CLASSPATH=$ORACLE_HOME/jdbc/lib/ojdbc5.jar
$ CLASSPATH=$CLASSPATH:$ORACLE_HOME/jlib/oraclepki.jar
$ CLASSPATH=$CLASSPATH:$ORACLE_HOME/jlib/osdt_cert.jar
$ CLASSPATH=$CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar
$ CLASSPATH=$CLASSPATH:.
$ export CLASSPATH
$ javac TCPS.java
$ java TCPS
Hello SSL World
Greatly inspired by Jean de Lavarene’s white paper : SSL With Oracle JDBC Thin Driver
Hi,
Have you faced issues with JRE1.7 with Oracle11g release 2 for SSL with JDBC Thin Driver.
I tried to write a simple program to establish connection but am getting the following error. The same code works with JRE1.6 but fails with JRE 1.7.
The thin driver used is ojdbc6.jar
The error wihch I get is :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
Regards,
Shrinath.
I have not tested it yet, but read note 1498108.1
SSL weak algorithm suites have been removed from the JDK (in other words, JDK 7 is more strict)
Would that be an issue? Since I am using the oraclepki.jar as the registered security provider to establish connection in 1.6
Let me know the link which you were referring to for this one.
Regards,
Shrinath.
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PATCH&id=1498108.1
You need to have an Oracle Support account to access this page
Thanks. Will have a look.
Pingback: SSL with PKCS12 truststore | Laurent Schneider