是否可以将Oracle Wallet用于与其保管库的节点连接？

Question

是否可以使用备份的 Oracle 12c 启动企业节点 通过Oracle Wallet配置的保管库（即，仅使用 node.conf dataSource.url="jdbc:oracle:thin:@host:port:@ SOME_ORACLE_WALLET_TNS "，不包含 指定任何dataSource.username或dataSource.password参数）？

在这种情况下，请告知应将哪些其他oracle .jar文件 添加到节点驱动程序目录中。

Answer 1

Corda Enterprise支持Oracle钱包。下面是Oracle Wallet的有效配置，并且已经过Oracle 11g和Oracle 12c的测试。

先决条件

1. Oracle钱包配置了节点数据库的自动登录（-auto_login_local）

2. 假定节点的数据库连接URL在tnsnames.ora中配置，别名为"db11g"：

   $ echo 'For JDBC URL ==> "jdbc:oracle:thin:@localhost:1521/xe" ==> below is an example of tnsnames.ora'
   $ cat ~/oracle_experiment/tnsnames.ora 
   db11g =
     (DESCRIPTION =
       (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
       (CONNECT_DATA =
         (SERVER = DEDICATED)
         (SERVICE_NAME = xe)
       )
     )
   

3. 在sqlnet.ora中配置了钱包位置：

   $ cat ~/oracle_experiment/sqlnet.ora
   WALLET_LOCATION =
      (SOURCE =
        (METHOD = FILE)
        (METHOD_DATA =
          (DIRECTORY = /Users/corda/oracle_wallet/)
        )
      )
   
   SQLNET.WALLET_OVERRIDE = TRUE
   SSL_CLIENT_AUTHENTICATION = FALSE
   SSL_VERSION = 0
   

4. Sqlplus应该能够在没有密码挑战的情况下登录：

   sqlplus /@db11g     
       SQL*Plus: Release 12.2.0.1.0 Production on Tue Nov 27 15:17:00 2018 
       Copyright (c) 1982, 2017, Oracle.  All rights reserved. 
       Last Successful login time: Tue Nov 27 2018 14:46:09 +08:00 
       Connected to:   
       Oracle Database 12c Standard Edition Release 12.1.0.2.0 - 64bit Production  
       SQL>
   

必要步骤

1. 从以下位置更改数据库特定的配置：

   $ cat dbconfig_oracle11g.conf
   dataSourceProperties = {
       dataSourceClassName = "oracle.jdbc.pool.OracleDataSource"
       dataSource.url = "jdbc:oracle:thin:@localhost:1521/xe"
       dataSource.user = corda_es_user
       dataSource.password = corda_es_passwd
   }
   

   收件人

   $ cat dbconfig_oracle_wallet.conf 
   dataSourceProperties = {
       dataSourceClassName = "oracle.jdbc.pool.OracleDataSource"
       dataSource.url = "jdbc:oracle:thin:/@db11g"
       dataSource.user=null
       dataSource.password=null   // user and password can't be ignored and can't be left blank.
   }
   

2. 下载以下JAR并将其复制到节点的drivers文件夹中：

   ]$ ls <corda>/drivers/
   ojdbc8.jar
   osdt_cert.jar
   osdt_core.jar
   oraclepki.jar
   

3. 使用oracle.net.wallet_location和oracle.net.tns_admin选项启动节点：

   ]$ java -Doracle.net.wallet_location=/Users/corda/oracle_wallet/ -Doracle.net.tns_admin=/Users/corda/oracle_experiment/ -jar corda.jar
   

Answer 2

有关更多详细信息，请参见SSL with JDBC博客。