Thread: JDBC connection test with SSL on PG 9.2.1 server

JDBC connection test with SSL on PG 9.2.1 server

From

Hari Babu

Date:

29 January 2013, 08:25:16

While testing PostgreSQL JDBC java client to connect to the PG 9.2.1
database server using SSL.
we got the following behavior.

The test steps as below：

url = "jdbc:postgresql://" + "10.145.98.227" + ':'
            + "8707" + '/'
            + "POSTGRES";
    Properties props = new Properties();
    props.setProperty("user", "CLIENT");
    props.setProperty("password", "1234@QWER");
    props.setProperty("ssl", "true");

      System.setProperty("javax.net.ssl.trustStore", "193store");
      System.setProperty("javax.net.ssl.keyStore", "193client.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");

    /*Begin the first ssl connection*/
    conn1 = DriverManager.getConnection(url, props);
    System.out.println("Connection1 successful!");


      System.setProperty("javax.net.ssl.trustStore", "193store");
      System.setProperty("javax.net.ssl.keyStore", "193client.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");

    /*Begin the second ssl connection*/
    conn2 = DriverManager.getConnection(url, props);
    System.out.println("Connection2 successful!");

Before first connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");" qwerty is
the right password
and before second SSL connection we set
"System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");"
wrongpassword is the wrong password.

we expect  the first SSL connection will be successful and second failed
because of wrong password, but actually we get two successful SSL
connections.
We found that  if the first SSL connections password set right, all the
following SSL connections are fine ,even set wrong keystroke password.

1. Is this a defect about JDBC?
2. Is it SSL behavior to authenticate only once?
3. Is it system property behavior can be set only once.
4. Is it because of any other problems?

please give your suggestions?

Regards,
Hari babu.

Re: JDBC connection test with SSL on PG 9.2.1 server

From

Adrian Klaver

Date:

29 January 2013, 18:22:37

On 01/28/2013 09:24 PM, Hari Babu wrote:
> While testing PostgreSQL JDBC java client to connect to the PG 9.2.1
> database server using SSL.
> we got the following behavior.
>
> The test steps as below：
>
> url = "jdbc:postgresql://" + "10.145.98.227" + ':'
>              + "8707" + '/'
>              + "POSTGRES";
>      Properties props = new Properties();
>      props.setProperty("user", "CLIENT");
>      props.setProperty("password", "1234@QWER");
>      props.setProperty("ssl", "true");
>
>        System.setProperty("javax.net.ssl.trustStore", "193store");
>        System.setProperty("javax.net.ssl.keyStore", "193client.jks");
>      System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");
>
>      /*Begin the first ssl connection*/
>      conn1 = DriverManager.getConnection(url, props);
>      System.out.println("Connection1 successful!");
>
>
>        System.setProperty("javax.net.ssl.trustStore", "193store");
>        System.setProperty("javax.net.ssl.keyStore", "193client.jks");
>      System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");
>
>      /*Begin the second ssl connection*/
>      conn2 = DriverManager.getConnection(url, props);
>      System.out.println("Connection2 successful!");
>
> Before first connection we set
> "System.setProperty("javax.net.ssl.keyStorePassword", "qwerty");" qwerty is
> the right password
> and before second SSL connection we set
> "System.setProperty("javax.net.ssl.keyStorePassword", "wrongpassword");"
> wrongpassword is the wrong password.
>
> we expect  the first SSL connection will be successful and second failed
> because of wrong password, but actually we get two successful SSL
> connections.
> We found that  if the first SSL connections password set right, all the
> following SSL connections are fine ,even set wrong keystroke password.
>
> 1. Is this a defect about JDBC?
> 2. Is it SSL behavior to authenticate only once?
> 3. Is it system property behavior can be set only once.
> 4. Is it because of any other problems?
>
> please give your suggestions?

Take a look at this section of the manual:

http://www.postgresql.org/docs/9.2/interactive/client-authentication.html

I would start with the section on pg_hba:

http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html


My guess is if you look in the pg_hba.conf file for your server you do
not have password authentication set up for the connections you are making.


>
> Regards,
> Hari babu.
>
>
>


--
Adrian Klaver
adrian.klaver@gmail.com