Trouble accessing MongoDB through Java

[arssycro]

Trying to use this image to POC using Autonomous JSON DB and running into some issues trying to get the Mongodb libraries working.

Using a connection string like "mongodb://[user]:[password]@localhost:27017/[user]?authMechanism=PLAIN&authSource=$external&ssl=true&retryWrites=false&loadBalanced=true" which is exactly what's in the log when the image opens. Using this string, I'm able to connect through something like MongoDB Compass immediately, but I'm having trouble in Java/Kotlin.

If I do not add to the cacerts, I get "unable to find valid certification path to requested target" when trying to get a count of records. If I do add to the caccerts, I get "Bad signature length: got 512 but was expecting 256".

Any suggestions or ideas on what I might be missing?

[arssycro]

Did a bit more digging myself and looks like there is maybe a second self-signed cert created for Mongo. If I instead add the cert at /u01/ords/self-signed.crt, everything works.

Would it be possible to get this exposted through a jks truststore?

[aosingh]

Hi @arssycro

Yeah, we generate a self signed cert for ORDS. A quick workaround is to update the client's truststore

Linux

podman cp adb-free:/u01/ords/self-signed.crt adb_container_ords.cert
sudo cp adb_container_ords.cert /etc/pki/ca-trust/source/anchors
sudo update-ca-trust

JDK truststore

For JDK truststore update, you can use keytool

Linux example:

sudo keytool -import -alias adb_container_ords -keystore $JAVA_HOME/lib/security/cacerts -file adb_container_ords.cert

MacOS example:

sudo keytool -import -alias adb_container_ords -keystore /Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home/lib/security/cacerts -file adb_container_ords.cert

did you already do this ?

Meanwhile, we will plan to add self.signed.cert to the wallet's truststore.jks

[arssycro]

We can do that, but it runs into some problems using it for automation. Getting it into the truststore.jks provides a simpler mechanism for us to use System properties to ensure our tests can access the DB.

[amoghparab1805]

Hi @arssycro ,

Run the following podman command before copying the wallet. This will add to truststore.jks

podman exec -it adb-free keytool -import -trustcacerts -file /u01/ords/self-signed.crt -keystore /u01/app/oracle/wallets/tls_wallet/truststore.jks

This command will prompt for wallet password used during container startup.

We will fix this issue in the upcoming release.

[aosingh]

@arssycro

This is fixed in the latest released image version

docker pull ghcr.io/oracle/adb-free:23.10.2.4

[alexesca]

Can this be closed?