javaspring-bootjava-17

SSL(TCPS) connectivity on OracleDB using springBoot


Im trying to connect to oracle rds from a spring boot application. I want to connect to db over tcps. When trying im getting the below error:

Failed to create/setup connection: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've placed the keystore.jks file in the resources folder of the application. JDK version-17, ojdbc8 version-21.9.0.0.

Options I've tried in my application.yml:

  1. First method
spring:
  datasource:
    url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
    username: <user_name>
    password: <password>
    driver-class-name: oracle.jdbc.OracleDriver
    connection-properties: |
      javax.net.ssl.keyStoreType=JKS;
      javax.net.ssl.keyStore=classpath:keystore.jks;;
      javax.net.ssl.keyStorePassword=<keystore-password>;
      javax.net.ssl.trustStoreType=JKS;
      javax.net.ssl.trustStore=classpath:keystore.jks;
      javax.net.ssl.trustStorePassword=<keystore-password>
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.OracleDialect
  1. Second method
spring:
  datasource:
    url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
    username: <user_name>
    password: <password>
    driver-class-name: oracle.jdbc.OracleDriver
    hikari:
      data-source-properties: |
      oracle.net.ssl_server_dn_match=true;
      oracle.net.ssl_version=1.2;
      javax.net.ssl.trustStoreType=JKS;
      javax.net.ssl.trustStore=classpath:keystore.jks;
      javax.net.ssl.trustStorePassword=<keystore-password>
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.OracleDialect
  1. Thrid method
spring:
  datasource:
    url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
    username: <user_name>
    password: <password>
    driver-class-name: oracle.jdbc.OracleDriver
  ssl:
    bundle:
      jks:
        server:
          key:
            alias: "server"
          keystore:
            location: "classpath:keystore.jks"
            password: <keystore-password>
            type: JKS
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.OracleDialect
  1. Ive also tried to import the bundle.pem to jdk lib/security/cacerts. Uisng the commands - sudo keytool -importcert alias rds-root -file /bundle.pem -keystore "jdk-17/lib/security/cacerts" -storepass <password>

Can anyone help me with the correct approch on how to configure the TCPS connection on oracleDB from springBoot applcication jdk 17


Solution

  • It seems there are some limitation for ojdbc8 when used with jdk 17. It was not able to connect to oracle RDS on 2484 port. Had to upgrade from ojdbc8 to ojdbc11.

    Refer: JDBC Developer's Guide

    Note: ojdbc8.jar support with JDK 11, JDK 17, and JDK 19 is limited only to the JDBC 4.2 APIs because ojdbc8.jar does not support JDBC 4.3 APIs.

    With ojdbc11, using the below properties should allow to connect to oracledb on TCPS, i.e on port 2484.

    spring:
      datasource:
        url: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS(PROTOCOL=TCPS)(HOST=<host_name>)(PORT=2484))(CONNECT_DATA=(SID=<db_name>)))
        username: <user_name>
        password: <password>
        driver-class-name: oracle.jdbc.OracleDriver
        hikari:
          data-source-properties:
            javax.net.ssl.trustStoreType=JKS
            javax.net.ssl.trustStore=/path/to/keystore.jks
            javax.net.ssl.trustStorePassword=<keystore-password>
      jpa:
        properties:
          hibernate:
            dialect: org.hibernate.dialect.OracleDialect