Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble accessing MongoDB through Java #10

Open
arssycro opened this issue Jan 23, 2024 · 6 comments
Open

Trouble accessing MongoDB through Java #10

arssycro opened this issue Jan 23, 2024 · 6 comments

Comments

@arssycro
Copy link

Trying to use this image to POC using Autonomous JSON DB and running into some issues trying to get the Mongodb libraries working.

Using a connection string like "mongodb://[user]:[password]@localhost:27017/[user]?authMechanism=PLAIN&authSource=$external&ssl=true&retryWrites=false&loadBalanced=true" which is exactly what's in the log when the image opens. Using this string, I'm able to connect through something like MongoDB Compass immediately, but I'm having trouble in Java/Kotlin.

If I do not add to the cacerts, I get "unable to find valid certification path to requested target" when trying to get a count of records. If I do add to the caccerts, I get "Bad signature length: got 512 but was expecting 256".

Any suggestions or ideas on what I might be missing?
@arssycro
Copy link
Author

Did a bit more digging myself and looks like there is maybe a second self-signed cert created for Mongo. If I instead add the cert at /u01/ords/self-signed.crt, everything works.

Would it be possible to get this exposted through a jks truststore?

@aosingh aosingh self-assigned this Jan 24, 2024
@aosingh
Copy link
Member

aosingh commented Jan 24, 2024
edited
Loading

Hi @arssycro

Yeah, we generate a self signed cert for ORDS. A quick workaround is to update the client's truststore

Linux

podman cp adb-free:/u01/ords/self-signed.crt adb_container_ords.cert
sudo cp adb_container_ords.cert /etc/pki/ca-trust/source/anchors
sudo update-ca-trust

JDK truststore

For JDK truststore update, you can use keytool

Linux example:

sudo keytool -import -alias adb_container_ords -keystore $JAVA_HOME/lib/security/cacerts -file adb_container_ords.cert

MacOS example:

sudo keytool -import -alias adb_container_ords -keystore /Library/Java/JavaVirtualMachines/jdk-17.jdk/Contents/Home/lib/security/cacerts -file adb_container_ords.cert

did you already do this ?

Meanwhile, we will plan to add self.signed.cert to the wallet's truststore.jks

@arssycro
Copy link
Author

We can do that, but it runs into some problems using it for automation. Getting it into the truststore.jks provides a simpler mechanism for us to use System properties to ensure our tests can access the DB.

@aosingh aosingh assigned amoghparab1805 and unassigned aosingh Jan 24, 2024
@amoghparab1805
Copy link
Member

Hi @arssycro ,

Run the following podman command before copying the wallet. This will add to truststore.jks

podman exec -it adb-free keytool -import -trustcacerts -file /u01/ords/self-signed.crt -keystore /u01/app/oracle/wallets/tls_wallet/truststore.jks

This command will prompt for wallet password used during container startup.

We will fix this issue in the upcoming release.

@aosingh
Copy link
Member

aosingh commented Feb 13, 2024

@arssycro

This is fixed in the latest released image version

docker pull ghcr.io/oracle/adb-free:23.10.2.4

@alexesca
Copy link

Can this be closed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexesca @aosingh @amoghparab1805 @arssycro