我需要帮助处理我正在设置的新环境
Tomcat(钱包+ jdbc瘦驱动程序) - > TCPS - > Oracle 12
我一直关注这篇文章(Oracle JDBC thin driver SSL)但没有运气
当我尝试启动Tomcat时,会显示以下错误
Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
我想我错过了一些东西,但我不知道在哪里......
Oracle方
的listener.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 72795752816f)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 72795752816f)(PORT = 2484))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
SQLNET.ORA
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5)
SQLNET.WALLET_OVERRIDE = TRUE
Tomcat Side
的tnsnames.ora
TEST =
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCPS)
(HOST = 72795752816f)
(PORT = 2484)
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = xe.oracle.docker)
)
)
context.xml中
<Resource name="jdbc/edorasone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
connectionProperties="javax.net.ssl.keyStore=/tomcat/wallet/cwallet.sso;\
javax.net.ssl.keyStoreType=PCKS12;\
oracle.net.ssl_version=1.0;\
oracle.net.ssl_cipher_suites=(SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5);\
oracle.net.authentication_services=( TCPS )"
/>
任何帮助都将非常感谢
感谢adva
纳乔。
BTW:如果在Tomcat中使用sqlplus客户端和sqlnet.ora(= Oracle)&amp; tnsnames.ora(= Tomcat)我可以毫无问题地连接。
答案 0 :(得分:0)
(a)您是否有使用Oracle钱包所需的额外罐子? (oraclepki.jar,osdt_core.jar,osdt_cert.jar)?
(2)更正javax.net.ssl.keyStoreType = PKCS12。你有一个错字。
(3)DB URL应为“jdbc:oracle:thin:@TEST”,因为您使用的是别名,所以需要设置系统属性-Doracle.net.tns_admin =(a)您是否需要使用额外的jar Oracle钱包? (oraclepki.jar,osdt_core.jar,osdt_cert.jar)?
查看there了解更多详情。
答案 1 :(得分:0)
非常感谢你的帮助。 a)是的,它们已到位 b)它适用于PCKS12 c)tns_admin进入了setenv.sh脚本
最后我现在开始工作了。
SSL_CIPHER_SUITES必须在双方都匹配,所以我所做的是强制使用相同的密码
SQLNET.ORA
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA)
setenv.sh
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
(注意前缀不一样:Oracle方面的SSL_和Tomcat / Java方面的TLS_)
对于那些有类似配置问题的人,我让Tomcat配置端在这里
###############################
# DB CONNECTION CONFIGURATION #
###############################
# Oracle DB (JNDI)
CATALINA_OPTS+=" -Dspring.profiles.active=database-jndi "
CATALINA_OPTS+=" -Doracle.net.tns_admin=/tomcat/wallet "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStore=/tomcat/wallet/keystore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStoreType=JKS "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStorePassword=Passw0rd "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStore=/tomcat/wallet/truststore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStorePassword=Passw0rd "
CATALINA_OPTS+=" -Doracle.net.authentication_services=TCPS "
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
context.xml中
<Resource name="jdbc/efdesone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
username="<username>" password="<password>" maxActive="20" maxIdle="10" maxWait="-1"
/>
亲切的问候
纳乔。