我已经创建了自己的证书并配置了postgresql.conf文件:
...
#authentication_timeout = 1min # 1s-600s
ssl = true # (change requires restart)
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# (change requires restart)
#ssl_prefer_server_ciphers = on # (change requires restart)
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
ssl_cert_file = '/etc/ssl/certs/company/database/certificate' # (change requires restart)
ssl_key_file = '/etc/ssl/certs/company/database/key' # (change requires restart)
ssl_ca_file = '/usr/share/ca-certificates/company/ca/certificate' # (change requires restart)
#ssl_crl_file = '' # (change requires restart)
#password_encryption = on
#db_user_namespace = off
#row_security = on
...
然后,我允许我的服务器连接我的数据库pg_hba.conf:
...
hostssl postgres postgres XXX.XXX.XXX.XXX/0 md5
...
所以,我可以通过psql命令行连接到它:
psql (9.5.3)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=#
但是,当我尝试通过我的java应用程序打开与数据库的连接时,即使我提供包含我的数据库证书的信任库,我仍然没有与它建立连接:
mvn package -Djavax.net.ssl.trustStore=/opt/app/truststore -Djavax.net.ssl.trustStorePassword=changeit
例外:
2016-05-23 16:28:32,900 WARN [com.mchange.v2.resourcepool.BasicResourcePool] - <Having failed to acquire a resource, com.mchange.v2.resourcepool.BasicResourcePool@75fa1be3 is interrupting all Threads waiting on a resource to check out. Will try again in response to new client requests.>
2016-05-23 16:28:32,900 WARN [com.mchange.v2.resourcepool.BasicResourcePool] - <com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@2be057bf -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception: >
java.lang.NullPointerException
at org.postgresql.Driver.parseURL(Driver.java:532)
at org.postgresql.Driver.acceptsURL(Driver.java:431)
at java.sql.DriverManager.getDriver(DriverManager.java:299)
at com.mchange.v2.c3p0.DriverManagerDataSource.driver(DriverManagerDataSource.java:285)
at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:161)
at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:161)
at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:147)
at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:202)
at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1138)
at com.mchange.v2.resourcepool.BasicResourcePool.doAcquireAndDecrementPendingAcquiresWithinLockOnSuccess(BasicResourcePool.java:1125)
at com.mchange.v2.resourcepool.BasicResourcePool.access$700(BasicResourcePool.java:44)
at com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask.run(BasicResourcePool.java:1870)
at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696)
2016-05-23 16:28:32,901 WARN [com.mchange.v2.resourcepool.BasicResourcePool] - <Having failed to acquire a resource, com.mchange.v2.resourcepool.BasicResourcePool@75fa1be3 is interrupting all Threads waiting on a resource to check out. Will try again in response to new client requests.>
通过psql一切似乎都运行正常,而不是我的应用程序。
有什么建议吗?
修改
我的props.properties文件:
uatDb.user=postgres
uatDb.password=password
uatDb.driverClass=org.postgresql.Driver
uatDb.jdbcUrl=jdbc:postgresql://<server_name>:1234/uat?ssl=true
uatDb.port=5443
uatDb.name=uat
uatDb.host=<server_name>
答案 0 :(得分:3)
我也相信需要一个密钥库。由于ssl = true应该需要私钥用于自签名证书。我还要添加&#34; nonValidating SSLFactory&#34;设置
?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
此外,server_name:1234的端口设置与5432不匹配。
"parseUrl"是一个空错误,可能是JDBC url中某个位置错误设置的变量。
答案 1 :(得分:2)
url=jdbc:postgresql://<host_url_or_ip>:<port>/<db_name>?currentSchema=<schema_name>&sslmode=verify-ca&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory
注意:如果schema_name是public,则不需要。但是端口即使是默认端口(即5432),也必须提供。
对于sslmode值,参考:https://jdbc.postgresql.org/documentation/head/ssl-client.html
设置sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory以启用验证。
对于非验证ssl连接,您可以使用sslfactory=org.postgresql.ssl.NonValidatingFactory
但是请记住,一旦启用SSL验证,它可能需要根CA证书。
您可以选择以下各种选项(可能并不详尽。但是这些选项对我有用。)
PGSSLROOTCERT env变量设置为其路径或-Djavax.net.ssl.trustStore=[trust_store_path] -Djavax.net.ssl.trustStorePassword=[trust_store_password]。如果您使用的是默认信任库,即JRE的cacerts,则不需要这两个env变量。参考:
https://jdbc.postgresql.org/documentation/head/ssl-client.html
答案 2 :(得分:0)
如果您不需要验证数据库客户端,只需在ssl_ca_file中注释掉postgresql.conf。
ssl_ca_file-受信任的证书颁发机构,检查客户端证书是否由受信任的证书颁发机构签名。
您的数据库URL应该如下所示:
url=jdbc:postgresql://host:5432/db_name?ssl=true&sslmode=require
有关sslmode的更多详细信息,请参见PostgreSQL JDBC docs。
否则,如果需要验证数据库客户端,则应在数据库URL中添加sslcert=...和sslkey=...参数。
答案 3 :(得分:0)
我遇到了 jfrog 与 azure postgres 的人工连接问题,这对我有用
sudo cat <<EOF >/opt/jfrog/artifactory/var/etc/system.yaml
configVersion: 1
shared:
node:
database:
type: postgresql
driver: org.postgresql.Driver
url: "jdbc:postgresql://test-psqlserver.postgres.database.azure.com:5432/postgres?ssl=true&sslmode=require"
username: psqladminun@test-psqlserver
password: password:-)
EOF