南大通用GBase 8a集群SSL配置-JDBC

由于ssl是一套软加密方式,和主机配置无关,以下操作均在客户端执行,这里的客户端是一个抽象名称,客户端即可以是linux环境,也可以是windows环境。本章节以windows环境为例说明,linux环境下配置方式与此相同。

首先,把gbase Client凭证转换成DER格式。(本操作可以在linux环境下生成再copy至windows环境下)

openssl x509 -outform DER -in client-cert.pem -out client.cert

当前目录下会生成client.cert文件

根据client.cert文件生成客户端keystore文件

C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -file c:\SSL\client.
cert -keystore keystore
输入密钥库口令:
再次输入新口令:
所有者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11
发布者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11
序列号: 1
有效期开始日期: Fri Nov 25 05:52:22 CST 2016, 截止日期: Sun Nov 25 05:52:22 CST
2018
证书指纹:
MD5: 37:24:8E:14:C7:77:E4:67:CA:BB:17:36:A6:04:CF:9E
SHA1: CB:24:7E:D0:2D:6B:99:30:9B:A6:D5:4B:0E:9A:9D:A8:46:DC:FB:A3
SHA256: CC:82:98:4D:E9:49:A2:F1:7C:8B:6A:A7:13:4E:A7:8E:B2:67:8E:E7:05:
BD:59:18:34:72:F3:8E:D9:83:4A:2D
签名算法名称: SHA1withRSA
版本: 1
是否信任此证书? [否]: 是
证书已添加到密钥库中

根据ca-cert.pem文件生成truststore

C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -file c:\SSL\ca-cert
.pem -keystore truststore
输入密钥库口令:
再次输入新口令:
所有者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11
发布者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11
序列号: b03b0e19ba5e219f
有效期开始日期: Fri Nov 25 05:46:43 CST 2016, 截止日期: Mon Nov 23 05:46:43 CST
2026
证书指纹:
MD5: 3A:A6:E4:CA:24:6F:DB:29:2C:7B:1A:82:C3:9B:2F:8B
SHA1: 3F:84:D5:2F:3E:EC:A2:D9:B4:0A:63:85:B9:4B:82:F8:5F:1A:16:59
SHA256: 62:AE:D2:7B:CE:64:90:CE:47:DE:40:7B:67:1F:E8:41:11:DA:74:F6:AA:
DB:6A:D2:A5:D3:70:D4:F9:FA:3C:8C
签名算法名称: SHA1withRSA
版本: 3
扩展:
1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FF 62 CD C7 DC D9 93 48 E7 D7 88 A1 17 EF 80 C7 .b…..H……..
0010: F2 E9 29 90 ..).
]
]
2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FF 62 CD C7 DC D9 93 48 E7 D7 88 A1 17 EF 80 C7 .b…..H……..
0010: F2 E9 29 90 ..).
]
]
是否信任此证书? [否]: 是
证书已添加到密钥库中

将两个文件放置在一个自定义目录,以便应用程序中引用,如:

c:/SSL/keystore c:/SSL/truststore

Java程序样例:(工程需引用集群JDBC接口)

package gbase.sc;

import java.sql.*;

public class GBaseConTest {
	public static void main(String[] args) {

		String trustStorePath = "c:/SSL/truststore";
		String keyStorePath = "c:/SSL/keystore";
		System.setProperty("javax.net.ssl.keyStore", keyStorePath);

		System.setProperty("javax.net.ssl.keyStorePassword", "123456");

		System.setProperty("javax.net.ssl.trustStore", trustStorePath);

		System.setProperty("javax.net.ssl.trustStorePassword", "123456");

		Connection con = null;
		Statement stm = null;
		ResultSet rs = null;
		ResultSetMetaData rsmd = null;

		try {
			// 加载jdbc驱动类
			Class.forName("com.gbase.jdbc.Driver");
			// 获取数据库连接,注意IP、用户名和密码及数据库需要跟自己服务器一致
			con = (Connection) DriverManager.getConnection(
					"jdbc:gbase://192.168.5.121:5258/zhao?user=gbase&password=gbase20110531&useSSL=true&requireSSL=true");
			System.out.println("连接建立成功!");

			stm = con.createStatement();

			rs = stm.executeQuery("select * from bryan");
			if (rs == null) {
				return;
			}

			rsmd = rs.getMetaData();
			int rsColoumnCount = rsmd.getColumnCount();

			while (rs.next()) {
				System.out.println("executeSQLByStatement===========================");
				for (int i = 0; i < rsColoumnCount; i++) {
					System.out.print(rsmd.getColumnName(i + 1).concat(" = "));
					System.out.println(rs.getObject(i + 1));
				}
				System.out.println("executeSQLByStatement===========================");

			}

		} catch (ClassNotFoundException ex) {
			// 输出驱动相关异常
			System.out.println(ex.toString());
		} catch (SQLException ex1) {
			// 输出其他sql异常
			System.out.println(ex1.toString());
		} finally {
			try {
				if (con != null) {
					// 关闭连接

					rs.close();
					stm.close();
					con.close();
					System.out.println("连接已关闭");
				}
			} catch (SQLException ex2) {
				System.out.println(ex2.toString());
			}

		}

	}
}

输出结果:

连接建立成功! executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== 连接已关闭