本文介绍了在Oracle数据库中设置和使用Oracle Wallet进行SSL连接的过程。通过创建和添加证书到Wallet,解决了在进行Web服务调用时遇到的证书验证失败问题。文中还展示了一个使用Wallet进行HTTPS请求的PL/SQL示例,并提供了`orapki`命令行工具的用法帮助。
Oracle Wallet是用来加密解密的,前两天做的项目中用到了这个技术,现把一些用到的东西总结一下。
原文如下:
Our application does a web service call
(from db to app server) to generate reports. Since SSL is used in
prod, I think Oracle wallet needs to be setup in the db server for
the web service calls to get through.
Here's a sample code that we can use to
test:
SQL> set define
off
SQL> set serverout
on
SQL> declare
vHttpReq utl_http.req;
begin
vHttpReq := utl_http.begin_request
('https://10.37.240.202/emagine/admin/ws/report.php
'||'?'||'target=report&io=461&io2=462&io3=463&code=34',
'GET');
end; 2 3 4 5
6 /
declare
*
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line
1130
ORA-29024: Certificate validation
failure
ORA-06512: at line 4
I've already downloaded the site's
certificate in My Documents folder in the RDP server.
下面是我的解决方法(我不知道他的证书是怎么来的,以后有机会深究一下):
1.I have already create a
wallet.
orapki wallet create -wallet
$ORACLE_HOME/network/admin/wallet1 -pwd elcaro_2011
2.You can use https certificate like
this:
orapki wallet add -wallet
$ORACLE_HOME/network/admin/wallet1 -trusted_cert -cert
/home/oracle/wallet/CA_cert.cer
3.this procedure is the demo of how to use
this wallet.
create or replace procedure
get_realtime_account_data is
req UTL_HTTP.REQ;
resp UTL_HTTP.RESP;
val varchar2(2000);
real_records
datacenter.common_utils.STRING_LIST;
fields
datacenter.common_utils.STRING_LIST;
d_date date := to_date(to_char(sysdate,
'yyyy-mm-dd hh24:mi') ||
':00',
'yyyy-mm-dd hh24:mi:ss'); begin
UTL_HTTP.SET_WALLET('file:/home/oracle/wallet',
'wallet');
req :=
UTL_HTTP.BEGIN_REQUEST('https://192.168.127.1/GameMaster/GetServerInfo.aspx');
resp :=
UTL_HTTP.GET_RESPONSE(req);
utl_http.read_line(resp, val,
true);
utl_http.end_response(resp);
real_records :=
datacenter.common_utils.EXPLODE(val, '|');
for i in 1 .. real_records.count
loop
fields :=
datacenter.common_utils.EXPLODE(real_records(i), '/');
insert into
stat_realtime_player_count
values
(d_date, fields(1), '',
fields(2));
end loop;
commit;
EXCEPTION
WHEN utl_http.end_of_body THEN
utl_http.end_response(resp);
end get_realtime_account_data;
用下面的命令可以看到关于wallet用法的帮助
[oracle@au390 EMAGPROD]$ orapki wallet
Oracle PKI Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights
reserved.
wallet:
create [-wallet [wallet]] [[-pwd ] [-auto_login|-auto_login_local]]
| [-auto_login_only]
display [-wallet [wallet]]
[-pwd ]
change_pwd [-wallet [wallet]] [-oldpwd ] [-newpwd ]
add [-wallet [wallet]]
[512|1024|2048|4096]] [-dn [dn]]>
[mm/dd/yyyy] -valid_until [mm/dd/yyyy]]
[-serial_file ] | [-serial_num ]>
[-trusted_cert|-user_cert]> [-pwd ] |
[-auto_login_only]
remove [-wallet [wallet]] [-dn [dn]]
[-trusted_cert_all|-trusted_cert|-user_cert|-cert_req]
[-pwd ] | [-auto_login_only]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request
[filename]] [-pwd ]
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn
[user_cert_dn]] [-pwd ]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]]
[-userpwd [userpwd]] [-pwd ]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user
[user]] [-userpwd [userpwd]] [-pwd ]
jks_to_pkcs12 [-wallet [wallet]] [-pwd ] [-keystore [keystore]]
[-jkspwd [jkspwd]]
pkcs12_to_jks [-wallet [wallet]] [-pwd ] [-jksKeyStoreLoc
-jksKeyStorepwd ]
[-jksTrustStoreLoc -jksTrustStorepwd ]
p11_add [-wallet [wallet]] [-p11_lib ] [-p11_tokenlabel ]
[-p11_tokenpw ] [-p11_certlabel ] [-pwd ]
p11_verify [-wallet [wallet]] [-pwd ]
help
扫一扫
6056
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
