Does JDBC Use Certs or CA's ?

I am coding a java class to connect to a remote database via jdbc. The code is pretty straightforward:

String email = "theemail@mail.com";
			OracleDataSource ods = null;  
			
			ods = new OracleDataSource();
			ods.setURL("jdbc:oracle:thin:@11.11.11.11:1521:test1");

ods.setUser("USERSM");
			ods.setPassword("PASSWORD");
			
			// caching parms
			ods.setConnectionCachingEnabled(true); 
			ods.setConnectionCacheName("SM_CACHE");
			Properties cacheProps = new Properties();
			cacheProps.setProperty("MinLimit", "5");  // the cache size is 5 at least 
			cacheProps.setProperty("MaxLimit", "25"); 
			cacheProps.setProperty("InitialLimit", "5"); //5 at startup
			cacheProps.setProperty("ConnectionWaitTimeout", "5");  //Specifies cache behavior when a connection is requested and there are already MaxLimit connections active. If ConnectionWaitTimeout is greater than zero (0), each connection request waits for the specified number of seconds, or until a connection is returned to the cache. If no connection is returned to the cache before the timeout elapses, the connection request returns null.
			cacheProps.setProperty("InactivityTimeout", "1800");    // Sets the maximum time (in seconds) a physical connection can remain idle in a connection cache. An idle connection is one that is not active and does not have a logical handle associated with it. When InactivityTimeout expires, the underlying physical connection is closed. However, the size of the cache is not allowed to shrink below minLimit, if has been set.
			cacheProps.setProperty("ValidateConnection", "true");
	
			ods.setConnectionCacheProperties(cacheProps);
			System.out.println("Data source initialized");  
			
			java.sql.Connection conn = null;
			
			PreparedStatement pStmt = null;
	    		ResultSet rs = null;
	    		StringBuffer sql = new StringBuffer();
	    		sql.append("SELECT DISPLAY_NAME, user_name from users where user_name=?");
	    		try{
	    			System.out.println("about to call ods.getConnection()");
	    			conn = ods.getConnection();
	    			System.out.println("after call to ods.getConnection()");
	    			System.out.println("After getConnection");
	    			pStmt = conn.prepareStatement(sql.toString());
	    			pStmt.setString(1, email);
	    			rs = pStmt.executeQuery();
	    			if(rs.next())
	    			{
	    				System.out.println("The display_name is "+rs.getString("DISPLAY_NAME"));
	    			}
			}
			catch(Throwable e)
			{
				System.out.println("Exception caught " + e.toString());
				System.out.println("Exception caught " + e.getCause());
				System.out.println(e.getCause().getStackTrace()[0].toString());
				System.out.println(e.getCause().getStackTrace()[1].toString());
				System.out.println(e.getCause().getStackTrace()[2].toString());
				System.out.println(e.getCause().getStackTrace()[3].toString());
				System.out.println(e.getCause().getStackTrace()[4].toString());
				System.out.println(e.getCause().getStackTrace()[5].toString());
				System.out.println(e.getCause().getStackTrace()[6].toString());
				System.out.println(e.getCause().getStackTrace()[7].toString());
				System.out.println(e.getCause().getStackTrace()[8].toString());
				System.out.println(e.getCause().getStackTrace()[9].toString());
				System.out.println(e.getCause().getStackTrace()[10].toString());
				System.out.println(e.getCause().getStackTrace()[11].toString());
				System.out.println(e.getCause().getStackTrace()[12].toString());
				System.out.println(e.getCause().getStackTrace()[13].toString());
				System.out.println(e.getCause().getStackTrace()[14].toString());
				System.out.println(e.getCause().getStackTrace()[15].toString());
				System.out.println(e.getCause().getStackTrace()[16].toString());
				System.out.println(e.getCause().getStackTrace()[17].toString());
				System.out.println(e.getCause().getStackTrace()[18].toString());
				System.out.println(e.getCause().getStackTrace()[19].toString());
				System.out.println(e.getCause().getStackTrace()[20].toString());

}
			finally
			{
				if(conn!=null)
				conn.close();
			}

If I change the jdbc URL to a different database, I am able to connect to it and query it. If I try to connect to the real database I am getting the following error:

Data source initialized
	about to call ods.getConnection()
	
	Exception caught java.lang.ExceptionInInitializerError
	Exception caught java.lang.SecurityException: Cannot set up certs for trusted CAs
	javax.crypto.SunJCE_b.<clinit>(DashoA12275)
	javax.crypto.Cipher.getInstance(DashoA12275)
	oracle.security.o5logon.O5LoginClientHelper.decryptAES(Unknown Source)
	oracle.security.o5logon.O5LoginClientHelper.generateOAuthResponse(Unknown Source)
	oracle.jdbc.driver.T4CTTIoauthenticate.marshalOauth(T4CTTIoauthenticate.java:457)
	oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:367)
	oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:508)
	oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203)
	oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)
	oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510)
	oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:275)
	oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:206)
	oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:139)
	oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:88)
	oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:1567)
	oracle.jdbc.pool.OracleImplicitConnectionCache.makeOneConnection(OracleImplicitConnectionCache.java:499)
	oracle.jdbc.pool.OracleImplicitConnectionCache.defaultUserPrePopulateCache(OracleImplicitConnectionCache.java:218)
	oracle.jdbc.pool.OracleImplicitConnectionCache.<init>(OracleImplicitConnectionCache.java:194)
	oracle.jdbc.pool.OracleConnectionCacheManager.createCache(OracleConnectionCacheManager.java:269)
	oracle.jdbc.pool.OracleDataSource.cacheInitialize(OracleDataSource.java:391)
	oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:372)

This is really killing me. Does anyone know how / if / why jdbc uses CA's or certs?

James Ellis wrote:This is really killing me. Does anyone know how / if / why jdbc uses CA's or certs?

It's a remote database. You don't want just anybody to connect and get all the data. Certs seem like a valid way to protect against someone knowing the password.

I don't know the answer to your actual question. Maybe check with whomever gave you the cert?

Actually nobody gave me a cert...in fact I didn't think that certs were even in the equation in JDBC until I saw that stack trace. All I did was type in a standard jdbc URL for a thin driver (nothing funky in it) and connecting to this one particular DB always gives me this stack trace that includes a message about certificates. That's why I was asking, how/when/why are certificates used in JDBC or is this just stack trace about certs just a red herring?

Its not JDBC that is doing this it is Oracle. Speak to your DBA.

Paul,

Do you have any specific advice I can pass on to the DBA such as "please turn off XYZ service which is preventing remote JDBC connections"? Otherwise, I think the DBA group is going to tell my code is the problem.

Thanks,
Jim

Read the documentation for your Oracle JDBC driver - it should tell you how to configure the connection to use a certificate. You will also need to get the key from your DBA.