Проблема с SSL-шифрованием между WebSphere App и базой данных Oracle - PullRequest
Новая
       50

Проблема с SSL-шифрованием между WebSphere App и базой данных Oracle

1 голос
/ 12 июня 2019

у нас развернуто наше java-приложение на сервере приложений WebSphere (8.5.5.12) с IBM SDK 8.0.5.17 с базой данных базы данных в качестве оракула (12.1.0.2.0).Сейчас мы пытаемся зашифровать данные между WebSphere Application и базой данных.Мы выполнили точные шаги, описанные в следующей ссылке https://www.ibm.com/developerworks/community/blogs/d89a3ddf-2acf-4cc8-b11b-14f33b5c653e/entry/Configuring_Secure_Socket_Layer_SSL_communication_between_the_OpenPages_application_server_WebSphere_and_the_Oracle_database?lang=en Когда мы пытаемся проверить соединение с источником данных, получаем следующую ошибку

java.sql.SQLRecoverableException: Ошибка ввода-вывода: java.lang.RuntimeException: непредвиденная ошибка: java.security.InvalidAlgorithmParameterException: параметр trustAnchors должен быть непустым DSRA0010E: Состояние SQL = 08006, код ошибки = 17,002.

такая же конфигурация отлично работает с IBM SDK версии 7 (7.0.4.1), но не с IBM SDK 8, есть ли у кого-то похожая проблема или вы видите какие-либо известные проблемы при настройке SSL с IBM SDK 8. Также скопировал журнал отладки ssl 

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.k.a(k.java:24)
    at com.ibm.jsse2.at.a(at.java:572)
    at com.ibm.jsse2.at.a(at.java:387)
    at com.ibm.jsse2.at.a(at.java:338)
    at com.ibm.jsse2.at.a(at.java:733)
    at com.ibm.jsse2.i.write(i.java:8)
    at oracle.net.ns.Packet.send(Packet.java:419)
    at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
    at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
    ... 105 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at com.ibm.jsse2.util.f.<init>(f.java:50)
    at com.ibm.jsse2.util.e.a(e.java:18)
    at com.ibm.jsse2.aB.a(aB.java:21)
    at com.ibm.jsse2.aB.a(aB.java:185)
    at com.ibm.jsse2.aB.a(aB.java:137)
    at com.ibm.jsse2.aB.checkServerTrusted(aB.java:49)
    at com.ibm.jsse2.E.a(E.java:166)
    at com.ibm.jsse2.E.a(E.java:121)
    at com.ibm.jsse2.D.r(D.java:223)
    at com.ibm.jsse2.D.a(D.java:198)
    at com.ibm.jsse2.at.a(at.java:649)
    at com.ibm.jsse2.at.i(at.java:627)
    at com.ibm.jsse2.at.a(at.java:310)
    at com.ibm.jsse2.i.write(i.java:3)
    ... 111 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:300)
    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:142)
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:99)
    at com.ibm.jsse2.util.f.<init>(f.java:106)
    ... 124 more
: {2}.
[6/12/19 6:24:54:097 EDT] 00000098 FfdcProvider  W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /u01/IBM/WebSphere/AppServer/profiles/manuonsite1/logs/ffdc/manuonsite1was_srv_2293118f_19.06.12_06.24.54.0822519622081070003296.txt com.ibm.ws.management.AdminServiceImpl.invoke 679
[6/12/19 6:24:54:098 EDT] 00000098 MBeanHelper   E   Could not invoke an operation on object: WebSphere:name=DataSourceCfgHelper,process=manuonsite1was_srv,platform=dynamicproxy,node=awscentosNode03,version=8.5.5.12,type=DataSourceCfgHelper,mbeanIdentifier=DataSourceCfgHelper,cell=awscentosNode03Cell,spec=1.0 because of an mbean exception: java.sql.SQLRecoverableException: IO Error: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty DSRA0010E: SQL State = 08006, Error Code = 17,002
[6/12/19 6:24:54:389 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:394 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:394 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:399 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:399 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:401 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 323
[6/12/19 6:24:54:401 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:406 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:406 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:408 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:409 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:410 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:410 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:412 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 8
[6/12/19 6:24:54:412 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:414 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 5276
[6/12/19 6:24:54:416 EDT] 00000098 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:417 EDT] 00000098 SystemOut     O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:444 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:451 EDT] 000000a0 SystemOut     O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:451 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:458 EDT] 000000a0 SystemOut     O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:458 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:459 EDT] 000000a0 SystemOut     O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 281
[6/12/19 6:24:54:460 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:466 EDT] 000000a0 SystemOut     O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 15563
[6/12/19 6:24:54:467 EDT] 000000a0 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:468 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:469 EDT] 000000a0 SystemOut     O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:469 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 398
[6/12/19 6:24:54:475 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:488 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:491 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 9328
[6/12/19 6:24:54:494 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:506 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:511 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:511 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:513 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 4956
[6/12/19 6:24:54:516 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:529 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:531 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 5753
[6/12/19 6:24:54:552 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:578 EDT] 000000a1 ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [isclite] [/ibm/console] [/secure/javascriptToSession.jsp]: Initialization successful.
[6/12/19 6:24:54:579 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:580 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 284
[6/12/19 6:24:54:581 EDT] 000000a1 SystemOut     O CipherBox:  Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:582 EDT] 000000a1 SystemOut     O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:637 EDT] 0000005a SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:54:643 EDT] 0000005b SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:59:643 EDT] 0000005a SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:59:648 EDT] 0000005b SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:04:648 EDT] 0000005a SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:04:653 EDT] 0000005b SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:09:654 EDT] 0000005a SystemOut     O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:09:658 EDT] 0000005b SystemOut     O SSLv3 protocol was requested but was not enabled
...