Geek Answers Handbook

How to use Keystore Windows (MCS) with JDBC?

I am trying to create a Java application that uses PKI for authentication. I need to get the certificate from the Microsoft Certificate Store (MCS) and transfer it to the Oracle database (11.2).

I connect using the jdbc:oracle:thin driver. After spending quite a lot of time on google, I went up empty. I found different properties to change (depending on the article):

  • set property javax.net.ssl.keyStoreType = "Windows-MY"
  • set javax.net.ssl.keyStore = "Windows-MY"
  • javax.net.ssl.keyStore should be set to "None" (if you use a custom KeyManager, which, I believe, will not work, since from the moment it is entered into my custom KeyManager, certificates from the key store specified in connection properties).

Of course, all these people claim to be successful, but nothing worked for me. I tried every example, I could find everything without luck. I was able to successfully authenticate when I used Oracle wallets, so I know that my certificates are fine. If someone has done this before and is ready to post some code that would be great.

I know that most people use the Windows keystore with a website and therefore create their own SSLContext, but I cannot imagine that I am the only one who wanted to do this using JDBC (which, as far as I know, does not allow me to provide him with SSLContext).

This is code that I think should work, but does not.

 DriverManager.registerDriver)new OracleDriver()); String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=host)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=someName))(SECURITY= (SSL_SERVER_CERT_DN=\"CN=TESTSERVER\")))"; java.util.Properties props = new java.util.Properties(); props.setProperty("javax.net.ssl.keyStoreType", "Windows-MY"); props.setProperty("javax.net.ssl.keyStore", "NONE"); props.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT"); props.setProperty("javax.net.ssl.trustStore", "NONE"); props.setProperty("oracle.net.ssl_server_dn_match", "true"); props.setProperty("oracle.net.authentication_services", "(TCPS)"); Connection conn = DriverManager.getConnection(url, props);

This code fails with the exception:

 java.sql.SQLRecoverableException: IOException: The Network Adapter could not establish the connection
+4
java ssl oracle11g jdbc jsse
source share
1 answer

This article should contain more detailed information. Although it does not use system properties, Windows-MY clearly a storage type, and it is not file based. Therefore, javax.net.ssl.keyStoreType must be Windows-MY , and javax.net.ssl.keyStore must be set to NONE (may be uppercase), see the JSSE Reference Manual (setting) :

javax.net.ssl.keyStore system property

Please note that a value of NONE may be specified. This option is suitable if the keystore is not file-based (for example, it is in a hardware token).

You may also need to configure the trust store in the same way if your server certificate is not trusted with the default Java trust store.

0
source share

More articles:


All Articles