Good day.

There is a java method wrapped into an Oracle stored procedure. The method creates a connection to the https URL (SSL), with the exception "Could not generate DH keypair". Those. Java "embedded" works in Orcale 11g (jre 1.6).

In the usual java (not built into the oracle db) this is "treated" either by replacing the "Unlimited Strength policy" or by adding the JCE provider (usually recommended by Bouncy Castle).

And how to do it in the built-in database Oracel java?
I tried to put the policy files in ORACLE_HOME/jdr/jre/lib/security - it does not help ...
I checked the set of providers in ORACLE_HOME/jdr/jre/lib/security/java.security and the providers obtained from java.security.Security.getProviders() - they differ. This suggests that java is built into the database of Oracle lives on some of its own "laws."

  • A closer look at Introduction to Java in the Oracle Database has added insight. The JVM in Oracledatabase really exists separately from the Java installed on the OS, including Java from ORACLE_HOME. Compiled classes, source codes and resources are stored as objects of the bases in the Oracle base itself. Therefore, to add the Bouncycastle library to the Java_Inline_In_BD oracle, use the loadjava utility (included in the Oracle Client set, installed in the "Administrator" installation mode). - Ch.Pavel 5:58
  • I tried to download the latest version of bcprov-jdk15on-155.jar . As far as I understand, this is equivalent to adding .jar to jre / lib / ext in generally Java. After downloading, you can safely refer to the library: import org.bouncycastle.jce.provider; . This makes it possible to add a JCE provider "on the fly" at runtime: java.security.Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(),1); . Do this before the connection is opened - that. e. BEFORE calling HttpsUrlConnection.connect() or .getInputStream() . - Ch.Pavel
  • By the way, if we are talking about a simple port connection (via Socket ), then the material from the Using BouncyCastle for a simple HTTPS query is very useful. - Ch.Pavel
  • As far as I understand, you can even connect via socks-proxy so much --- by adding System.addProperty ("socksProxyHost", "<host>") and System.addProperty ("socksProxyPort", "<port>"). See Java Networking and Proxies . But I could not use this method with an https proxy. If someone knows how or figured out --- share, please! - Ch.Pavel
  • At the moment I connect via HttpsUrlConnection and add the provider at runtime ( java.security.Security.insertProviderAt ). At the same time, sending the data to InpotStream obtained, and when trying to subtract a response from the outputStream an error occurs in the java.lang.ArrayIndexOutOfBoundsException archive. Why is it still a mystery ... - Ch.Pavel

1 answer 1

In general, my colleague and I have solved this problem “bypassing”: we wrote a simple proxy using jdk 1.8, which works tomcat-e. The proxy accepts requests via http, establishes an SSL connection with the target host and sends requests / responses. The material was taken from here: http://www.javaportal.ru/java/articles/java_http_web/article04.html