Question

我们的项目在所有数据库连接中都使用SSL，我们已成功使用this guide to SSL and JDBC thin driver为基于Java的批处理系统完成此操作。我们现在的任务是配置我们在Websphere中运行的webapp，以使用这些SSL连接到数据库。

在按照步骤instructions layed out in this blog post进行操作后，我们在运行测试连接时遇到错误（为jvm设置了-Djavax.net.debug=all）：

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, >length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager      com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain     [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator     IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher      RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception:     javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23,     SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [Raw read]: length = 4 
 [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00 00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23, SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, SEND TLSv1 ALERT:  fatal, description = unexpected_message 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, WRITE: TLSv1 Alert, length = 2 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O [Raw write]: length = 7 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O 0000: 15 03 01 00 02 02 0a                               ....... 

[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeSocket() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called close() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeInternal(true) 
[06/11/13 06:17:44:045 GMT] 00000024 DSConfigurati W   DSRA8201W: DataSource  Configuration: DSRA8040I: Failed to connect to the DataSource.  Encountered java 
.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002. 
java.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255) 
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387) 
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:441) 
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165) 
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35) 
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801) 
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297) 
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:157) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:94) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$2.run(DSConfigurationHelper.java:1687) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5343) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5431) 
        at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$3.run    (DSConfigurationHelper.java:1703) 
        at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1715) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1610) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:3242) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:3918) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49) 
    at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256) 
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085) 
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773) 
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1331) 
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1224) 
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181) 
    at com.ibm.ws.management.connector.ipc.CallRouter.route(CallRouter.java:242) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink.doWork(IPCConnectorInboundLink.java:353) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink$IPCConnectorReadCallback.complete(IPCConnectorInboundLink.java:595) 
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)

这表明潜在的错误是 RSA premaster secret error ，我在Google搜索并搜索了该错误;不幸的是，迄今为止没有结果有所帮助。

这是在Websphere版本7上。
我们正在使用PKCS12证书。
我们在Linux Websphere服务器上使用IBM java 1.6.0。
我知道证书很好，因为它们可以用来连接我们的批处理过程。
我也知道webapp应该能够处理这些连接，因为使用JNDI和Tomcat中的SSL数据源工作正常。

我在做什么似乎有什么问题？有没有人有解决这个错误或进一步了解它的根本原因的建议？

Answer 1

我有一个类似的问题和“RSA premaster secret error”最近只是试图连接到SQL服务器db。似乎sunjce_provider.jar文件不在我的类路径中。

> ~/source/java/MC604_tester$ echo $JAVA_HOME    # given $JAVA_HOME is set...
/usr/lib/jvm/java-7-openjdk-amd64/

> find $JAVA_HOME -iname "*sunjce*jar"   # find sunjce
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/sunjce_provider.jar

java -Djava.ext.dirs=lib:$JAVA_HOME/jre/lib/ext -jar build/MyAppJar.jar

我希望这会有所帮助。

通过SSL通过Websphere连接到Oracle的RSA premaster secret错误

1 个答案: