java - 通过 Websphere over SSL 连接到 Oracle 的 RSA premaster secret 错误

Question

我们的项目开始在所有数据库连接中使用 SSL，我们已经使用 this guide to SSL and JDBC thin driver 为基于 Java 的批处理系统成功完成了这项工作。 .我们现在的任务是配置我们在 Websphere 中运行的 webapp，以使用这些 SSL 连接到数据库。

跟着一步一步来instructions layed out in this blog post运行测试连接时出现错误(为 jvm 设置了 -Djavax.net.debug=all):

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, >length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager      com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain     [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator     IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher      RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception:     javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23,     SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [Raw read]: length = 4 
 [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00 00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23, SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, SEND TLSv1 ALERT:  fatal, description = unexpected_message 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, WRITE: TLSv1 Alert, length = 2 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O [Raw write]: length = 7 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O 0000: 15 03 01 00 02 02 0a                               ....... 

[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeSocket() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called close() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeInternal(true) 
[06/11/13 06:17:44:045 GMT] 00000024 DSConfigurati W   DSRA8201W: DataSource  Configuration: DSRA8040I: Failed to connect to the DataSource.  Encountered java 
.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002. 
java.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255) 
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387) 
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:441) 
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165) 
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35) 
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801) 
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297) 
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:157) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:94) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$2.run(DSConfigurationHelper.java:1687) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5343) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5431) 
        at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$3.run    (DSConfigurationHelper.java:1703) 
        at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1715) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1610) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:3242) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:3918) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49) 
    at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256) 
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085) 
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773) 
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1331) 
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1224) 
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181) 
    at com.ibm.ws.management.connector.ipc.CallRouter.route(CallRouter.java:242) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink.doWork(IPCConnectorInboundLink.java:353) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink$IPCConnectorReadCallback.complete(IPCConnectorInboundLink.java:595) 
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604) 

这表明潜在的错误是RSA premaster secret error，我在 SO 上用谷歌搜索和搜索；不幸的是，到目前为止没有任何结果有帮助。

• 这是在 Websphere 版本 7 上。
• 我们使用的是 PKCS12 证书。
• 我们在 Linux Websphere 服务器上使用 IBM java 1.6.0。
• 我知道证书很好，因为它们可用于在我们的批处理过程中进行连接。
• 我也知道 webapp 应该能够处理这些连接，因为在 Tomcat 中使用 JNDI 和 SSL 数据源工作正常。

我正在做的事情有什么问题吗？有没有人对解决此错误或进一步了解其根本原因有建议？

Answer 1

我最近遇到了类似的问题和“RSA premaster secret error”，只是试图连接到 SQL Server 数据库。 sunjce_provider.jar 文件似乎不在我的类路径中。

> ~/source/java/tester$ echo $JAVA_HOME    # given $JAVA_HOME is set...
/usr/lib/jvm/java-7-openjdk-amd64/

> find $JAVA_HOME -iname "*sunjce*jar"   # find sunjce
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/sunjce_provider.jar

java -Djava.ext.dirs=lib:$JAVA_HOME/jre/lib/ext -jar build/MyAppJar.jar

希望对您有所帮助。