Reputation: 11
tcps oracle tomcat thin driver not working
I need help with a new environment that I am setting up
Tomcat (wallet + jdbc thin driver) --> TCPS --> Oracle 12
I have been following this post (Oracle JDBC thin driver SSL) with no luck
When I try to start-up Tomcat, the following error is shown
Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
I think I'm missing something but I don't know where..
Oracle side
listener.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 72795752816f)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 72795752816f)(PORT = 2484))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5)
SQLNET.WALLET_OVERRIDE = TRUE
Tomcat Side
tnsnames.ora
TEST =
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCPS)
(HOST = 72795752816f)
(PORT = 2484)
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = xe.oracle.docker)
)
)
context.xml
<Resource name="jdbc/edorasone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
connectionProperties="javax.net.ssl.keyStore=/tomcat/wallet/cwallet.sso;\
javax.net.ssl.keyStoreType=PCKS12;\
oracle.net.ssl_version=1.0;\
oracle.net.ssl_cipher_suites=(SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5);\
oracle.net.authentication_services=( TCPS )"
/>
BTW: If a use a sqlplus client in Tomcat with the sqlnet.ora(=Oracle) & tnsnames.ora (=Tomcat) I can connect with no problems.
Upvotes: 0
Views: 1684
Answers (2)
Reputation: 11
Many thanks for your help. a) yes, they were in place b) It works with PCKS12 c) tns_admin was into the setenv.sh script
Finally I got my set-up working now.
SSL_CIPHER_SUITES must match in both sides, so what I did was to force the same cipher
sqlnet.ora
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA)
setenv.sh
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
(Note to the prefix is not the same: SSL_ in Oracle side, and TLS_ in Tomcat/Java side)
For those ones with problems with similar configurations,, I let the Tomcat config side here
###############################
# DB CONNECTION CONFIGURATION #
###############################
# Oracle DB (JNDI)
CATALINA_OPTS+=" -Dspring.profiles.active=database-jndi "
CATALINA_OPTS+=" -Doracle.net.tns_admin=/tomcat/wallet "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStore=/tomcat/wallet/keystore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStoreType=JKS "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStorePassword=Passw0rd "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStore=/tomcat/wallet/truststore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStorePassword=Passw0rd "
CATALINA_OPTS+=" -Doracle.net.authentication_services=TCPS "
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
context.xml
<Resource name="jdbc/efdesone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
username="<username>" password="<password>" maxActive="20" maxIdle="10" maxWait="-1"
/>
Kind regards
Nacho.
Upvotes: 0
Reputation: 1338
(a) Do you have additional jars required for using Oracle wallets ? (oraclepki.jar, osdt_core.jar, osdt_cert.jar) ?
(2) Correct the javax.net.ssl.keyStoreType=PKCS12. You have a typo there.
(3) DB URL should be "jdbc:oracle:thin:@TEST" and since you are using an alias, you need to set a system property -Doracle.net.tns_admin=(a) Do you have additional jars required for using Oracle wallets ? (oraclepki.jar, osdt_core.jar, osdt_cert.jar) ?
Check out the SSL with JDBC whitepaper for more details.
Upvotes: 1
Related Questions
- Oracle 12c database connection using thin driver throws IO error
- Issue in connecting Java thin driver in oracle 11G r2
- Tomcat cannot create TCPS Oracle JDBC connection
- Unable to connect to oracle database using jdbc thin drivers
- Unable to connect Oracle 11g via thin
- Oracle JDBC thin client 64 bit
- jdbc connection using thin driver
- How to configure oracle thin connectionpool in glassfish server?
- Socket Exception : recv failed with oracle thin driver
- JDBC Thin Driver: Invalid Packet Lenght [sic]