Re: Trouble setting up ssl cert authentication from java/hibernate - Mailing list pgsql-jdbc
| From | Marc-André Laverdière |
|---|---|
| Subject | Re: Trouble setting up ssl cert authentication from java/hibernate |
| Date | |
| Msg-id | 50519.174.89.183.26.1320272607.squirrel@atcmail.atc.tcs.com Whole thread Raw |
| In response to | Re: Trouble setting up ssl cert authentication from java/hibernate (Magosányi Árpád <mag@magwas.rulez.org>) |
| List | pgsql-jdbc |
Hello, I am one of the guys who worked on the cert auth. I wasn't integrated in the canonical driver because of lack of testing. Thanks for giving your experience report. Also, +1 for merging with canonical driver :) > Hi! > > Well, I was able to connect using a CertAuthfactory method copied from > http://postgresql.1045698.n5.nabble.com/attachment/4405851/0/CertAuthFactory.java > Should I consider it a workaround or the canonical solution? > It WORKSFORME, but I have seen mentioned that the driver supports > certificate authentication out of the box by just configuring the > underlying ssl. > Solution is in commit 21a2edb4e43be142a70493bd4041eb64678faa32. > > On 2011-11-02 14:45, Magosányi Ãrpád wrote: >> Hi! >> >> I have a server which authenticates with ssl certificates. I have no >> trouble using it with psql. >> >> However I cannot figure out how to do the same with java. I have added >> my private key and cert along with the CA cert to my keystore. >> I set the javax.net.ssl.trustStore and >> javax.net.ssl.trustStorePassword properties. But it seems that the >> underlying ssl does not use my certificate/key. >> Both the server and client reports "FATAL: connection requires a >> valid client certificate" >> What am I doing wrong? >> >> The juice of my hibernate config is: >> <property >> name="hibernate.connection.url">jdbc:postgresql://localhost:5433/archi?sslmode=required&ssl=true&</property> >> <property name="hibernate.connection.username">mag</property> >> <property >> name="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</property> >> >> The juice of my test case: >> String password = new PasswordDialog(new Shell()).ask(); >> System.out.println("keystore >> path="+System.getProperty("javax.net.ssl.trustStore")); >> File keystorepath = new >> File(System.getProperty("user.home"),".keystore"); >> >> System.setProperty("javax.net.ssl.trustStore",keystorepath.getAbsolutePath()); >> System.setProperty("javax.net.ssl.trustStorePassword", >> password); >> System.out.println("keystore >> path="+System.getProperty("javax.net.ssl.trustStore")); >> System.out.println("keystore >> pwd="+System.getProperty("javax.net.ssl.trustStorePassword")); >> >> Session session = getSessionFactory().getCurrentSession(); >> System.out.println("session="+session); >> session.beginTransaction(); // dies here >> >> You can find the full code at commit >> 8c35c887d973fed1ba6eccdcc7726a11ebfe0612 of >> git@github.com:magwas/org.rulez.magwas.styledhtml.git >> org.rulez.magwas.enterprise/src/org/rulez/magwas/enterprise/repository/RepoFactoryTest.java >> >> >> And the stack trace: >> >> org.hibernate.exception.GenericJDBCException: Cannot open connection >> at >> org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:140) >> at >> org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:128) >> at >> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66) >> at >> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52) >> at >> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449) >> at >> org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167) >> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:142) >> at >> org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:85) >> at >> org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1463) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:616) >> at >> org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:344) >> at $Proxy5.beginTransaction(Unknown Source) >> at >> org.rulez.magwas.enterprise.repository.RepoFactoryTest.test(RepoFactoryTest.java:28) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:616) >> at >> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) >> at >> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) >> at >> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) >> at >> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) >> at >> org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) >> at >> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) >> >> at >> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) >> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) >> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) >> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) >> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) >> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) >> at org.junit.runners.ParentRunner.run(ParentRunner.java:236) >> at >> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) >> at >> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) >> Caused by: org.postgresql.util.PSQLException: FATAL: connection >> requires a valid client certificate >> at >> org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:291) >> at >> org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:108) >> at >> org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66) >> at >> org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125) >> at >> org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30) >> at >> org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24) >> at org.postgresql.Driver.makeConnection(Driver.java:393) >> at org.postgresql.Driver.connect(Driver.java:267) >> at java.sql.DriverManager.getConnection(DriverManager.java:620) >> at java.sql.DriverManager.getConnection(DriverManager.java:169) >> at >> org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:133) >> at >> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:446) >> ... 34 more >> >> >> >> > > > > -- > Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-jdbc > -- Marc-André Laverdière Software Security Researcher Innovation Labs, Tata Consultancy Services Montréal, Québec, Canada
pgsql-jdbc by date: