eclipse-vertx
Oracle client - SSL connection support
Add support for SSL connection to Oracle DB with sslMode, certPaths and certValues options like it was done in PostgreSQL, MySQL and other clients.
@NekiyXX for the record, I was able to connect to Oracle Cloud using the "wallet" downloaded from their site https://gist.github.com/tsegismont/3f6f00ca3052ef11f941c93728a01f80
Can you provide more details about your environment? In particular, how would you connect to it using plain JDBC?
The usual encryption parameters from Vert.x Reactive Clients may not be useful here, given the Oracle client is a different kind (a wrapper around JDBC driver reactive extensions).
@tsegismont Thanks for your example. I see that ssl connection works. But it seems I understood main issue for my case: Your parser in OracleConnectOptions.fromUri does not support TNS URL Format in jdbc URL. And I do not know other way to setup protocol = tcps for oracle jdbc driver. In your current realization I should use additional file tnsnames.ora with information about protocol.
But I want opportunity to do it only in code like this:
final String connectionString = String.format(
"jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=%s)(PORT=%d))(CONNECT_DATA=(SID=%s)))",
DB_SERVER_NAME, SSL_PORT, DB_SID);
properties.put("user", DB_USER);
properties.put("password", DB_PASSWORD);
properties.put("javax.net.ssl.trustStore", KEY_STORE_FILE_PATH);
properties.put("javax.net.ssl.trustStoreType", "JKS");
properties.put("javax.net.ssl.trustStorePassword", KEY_STORE_PASS);
final Connection connection = DriverManager.getConnection(connectionString, properties);
Or maybe some setter for PROTOCOL if it possible.
The EZConnect format allows to set the protocol to tcps. You could do this:
String connectionUri = String.format(
"oracle:thin:@tcps://%s:%s/%s",
DB_SERVER_NAME, SSL_PORT, DB_SID);
// Connect options
OracleConnectOptions connectOptions = OracleConnectOptions.fromUri(connectionUri)
.setUser(DB_USER)
.setPassword(DB_PASSWORD)
.addProperty("javax.net.ssl.trustStore", KEY_STORE_FILE_PATH)
.addProperty("javax.net.ssl.trustStoreType", "JKS")
.addProperty("javax.net.ssl.trustStorePassword", KEY_STORE_PASS);
// Pool Options
PoolOptions poolOptions = new PoolOptions().setMaxSize(5);
// Create the pool from the connection URI
OraclePool pool = OraclePool.pool(vertx, connectOptions, poolOptions);
@tsegismont I didn't know about supporting protocol in EZConnect. Thanks you very much. It is works. Also as I see in code it is enough to initialize OracleConnectOptions by jsonObject with {"ssl":true,host:"hostName", port:2484, (database or serviceName):"databaseName"} and after that add needed properties. So you could close ticket. Sorry for taking your time. But I think it should be added in documentation for vertx Oracle Reactive Client.
We have this https://vertx.io/docs/vertx-oracle-client/java/#_connection_uri
What's your suggestion for improvement?
In our application we can configure three databases MySQL, PostgreSQL and Oracle For MySQL client there is section: https://vertx.io/docs/vertx-mysql-client/java/#_using_ssltls For PostgreSQL section: https://vertx.io/docs/vertx-pg-client/java/#_using_ssltls
After implementing these two I start to search how it should be in Oracle client. Since the method of working with SSL in Oracle is different, I could not quickly find how to do it and asked a question here: https://groups.google.com/g/vertx/c/Rxgh-BDpyAo After this answer I created ticket. So I thing for Oracle also should be section "Using SSL/TLS" in documentation like MySQL and PostgreSQL clients. Thank you very much for help.