Monday, December 15, 2014

Sample code for encryption-only SSL using JDBC/thin driver with Oracle database

Working Code & Compilation

import java.sql.*;
import java.util.Properties;
import oracle.jdbc.pool.OracleDataSource;
import oracle.security.pki.OraclePKIProvider;
import java.security.Security;

public class SSLTestV2 {
    public static void main(String[] args) throws SQLException {
        Connection conn = getConnection();
        conn.close();
    }

    public static Connection getConnection() throws SQLException {
        OracleDataSource ods = new OracleDataSource();
        ods.setURL("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=solaris)(PORT=1531))(CONNECT_DATA=(SERVICE_NAME=orcl1)))");
        Properties props = new Properties();
        props.setProperty("user", "donghua");
        props.setProperty("password", "Passw0rd");
        Security.insertProviderAt(new OraclePKIProvider(), 3);

        props.setProperty("oracle.net.wallet_location","(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/wallet)))");
        ods.setConnectionProperties(props);


        Connection conn = ods.getConnection();
        DatabaseMetaData dbmd = conn.getMetaData();
        System.out.println(dbmd.getDatabaseProductVersion());
        System.out.println("JDBC driver: " + dbmd.getDriverVersion());
        System.out.println("JDBC URL: " + dbmd.getURL());
        conn.setAutoCommit(false);
        return conn;
    }
}

oracle@solaris112:~$ /usr/java/bin/javac -cp /u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar:/u01/app/oracle/product/12.1.0/dbhome_1/jlib/oraclepki.jar SSLTestV2.java
oracle@solaris112:~$ /usr/java/bin/java -cp .:/u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar:/u01/app/oracle/product/12.1.0/dbhome_1/jlib/oraclepki.jar SSLTestV2
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
JDBC driver: 12.1.0.2.0
JDBC URL: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=solaris)(PORT=1531))(CONNECT_DATA=(SERVICE_NAME=orcl1)))

oracle@solaris112:~$

Not working code with possible errors:


root@solaris112:~# /usr/java/bin/java -version
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) Client VM (build 24.60-b09, mixed mode)

oracle@solaris112:~$ $ORACLE_HOME/jdk/bin/java -version
java version "1.6.0_75"
Java(TM) SE Runtime Environment (build 1.6.0_75-b13)
Java HotSpot(TM) Client VM (build 20.75-b01, mixed mode)
oracle@solaris112:~$

import java.sql.*;
import java.util.Properties;
import oracle.jdbc.pool.OracleDataSource;

public class SSLTestV1 {
    public static void main(String[] args) throws SQLException {
        Connection conn = getConnection();
        conn.close();
    }

    public static Connection getConnection() throws SQLException {
        OracleDataSource ods = new OracleDataSource();
        ods.setURL("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=solaris)(PORT=1531))(CONNECT_DATA=(SERVICE_NAME=orcl1)))");
        Properties props = new Properties();
        props.setProperty("user", "donghua");
        props.setProperty("password", "Passw0rd");
        props.setProperty("oracle.net.ssl_cipher_suites","(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA)");
        ods.setConnectionProperties(props);

        Connection conn = ods.getConnection();
        DatabaseMetaData dbmd = conn.getMetaData();
        System.out.println(dbmd.getDatabaseProductVersion());
        System.out.println("JDBC driver: " + dbmd.getDriverVersion());
        System.out.println("JDBC URL: " + dbmd.getURL());
        conn.setAutoCommit(false);
        return conn;
    }
}

oracle@solaris112:~$ $ORACLE_HOME/jdk/bin/javac -cp /u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar SSLTest.java
warning: oracle/jdbc/pool/OracleDataSource.class(oracle/jdbc/pool:OracleDataSource.class): major version 51 is newer than 50, the highest major version supported by this compiler.
It is recommended that the compiler be upgraded.
1 warning

oracle@solaris112:~$ $ORACLE_HOME/jdk/bin/java -cp .:/u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar SSLTest
Exception in thread "main" java.lang.UnsupportedClassVersionError: oracle/jdbc/pool/OracleDataSource : Unsupported major.minor version 51.0
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClassCond(ClassLoader.java:637)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:621)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
        at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
        at SSLTest.getConnection(SSLTest.java:12)
        at SSLTest.main(SSLTest.java:7)

oracle@solaris112:~$ java -cp .:/u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar SSLTest
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: Received fatal alert: handshake_failure
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
        at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666)
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566)
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:317)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:241)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:184)
        at SSLTest.getConnection(SSLTest.java:20)
        at SSLTest.main(SSLTest.java:7)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
        at oracle.net.ns.Packet.send(Packet.java:419)
        at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
        at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
        at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
        at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
        ... 8 more

oracle@solaris112:~$ java -cp .:/u01/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc7.jar SSLTest
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: Remote host closed connection during handshake
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
        at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666)
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566)
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:317)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:241)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:184)
        at SSLTest.getConnection(SSLTest.java:20)
        at SSLTest.main(SSLTest.java:7)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
        at oracle.net.ns.Packet.send(Packet.java:419)
        at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
        at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
        at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
        at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
        ... 8 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:482)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
        ... 17 more