1

我们的项目开始在我们所有的数据库连接中使用 SSL,我们已经使用SSL 和 JDBC 瘦驱动程序指南为基于 Java 的批处理系统成功地做到了这一点。我们现在的任务是配置在 Websphere 中运行的 webapp,以使用这些 SSL 连接到数据库。

按照这篇博文中的分步说明进行操作后,-Djavax.net.debug=all我们在运行测试连接(为 jvm 设置)时遇到错误:

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, >length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager      com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain     [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator     IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher      RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception:     javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23,     SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [Raw read]: length = 4 
 [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00 00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23, SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, SEND TLSv1 ALERT:  fatal, description = unexpected_message 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, WRITE: TLSv1 Alert, length = 2 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O [Raw write]: length = 7 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O 0000: 15 03 01 00 02 02 0a                               ....... 

[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeSocket() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called close() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeInternal(true) 
[06/11/13 06:17:44:045 GMT] 00000024 DSConfigurati W   DSRA8201W: DataSource  Configuration: DSRA8040I: Failed to connect to the DataSource.  Encountered java 
.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002. 
java.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255) 
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387) 
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:441) 
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165) 
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35) 
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801) 
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297) 
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:157) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:94) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$2.run(DSConfigurationHelper.java:1687) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5343) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5431) 
        at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$3.run    (DSConfigurationHelper.java:1703) 
        at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1715) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1610) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:3242) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:3918) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49) 
    at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256) 
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085) 
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773) 
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1331) 
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1224) 
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181) 
    at com.ibm.ws.management.connector.ipc.CallRouter.route(CallRouter.java:242) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink.doWork(IPCConnectorInboundLink.java:353) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink$IPCConnectorReadCallback.complete(IPCConnectorInboundLink.java:595) 
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)

这表明潜在的错误是RSA premaster secret error,我已经在 SO 上进行了搜索和搜索;不幸的是,到目前为止,没有任何结果有帮助。

  • 这是在 Websphere 版本 7 上。
  • 我们正在使用 PKCS12 证书。
  • 我们在我们的 Linux Websphere 服务器上使用 IBM java 1.6.0。
  • 我知道证书很好,因为它们可用于在我们的批处理过程中进行连接。
  • 我也知道 webapp 应该能够处理这些连接,因为在 Tomcat 中使用 JNDI 和 SSL 数据源可以正常工作。

我正在做的事情有什么问题吗?有没有人有解决此错误或进一步了解其根本原因的建议?

4

1 回答 1

2

我最近刚尝试连接到 SQL 服务器数据库时遇到了类似的问题和“RSA premaster secret error”。sunjce_provider.jar 文件似乎不在我的类路径中。

> ~/source/java/tester$ echo $JAVA_HOME    # given $JAVA_HOME is set...
/usr/lib/jvm/java-7-openjdk-amd64/

> find $JAVA_HOME -iname "*sunjce*jar"   # find sunjce
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/sunjce_provider.jar

java -Djava.ext.dirs=lib:$JAVA_HOME/jre/lib/ext -jar build/MyAppJar.jar

我希望这有帮助。

于 2014-07-21T11:17:56.177 回答