由于ssl是一套软加密方式,和主机配置无关,以下操作均在客户端执行,这里的客户端是一个抽象名称,客户端即可以是linux环境,也可以是windows环境。本章节以windows环境为例说明,linux环境下配置方式与此相同。
首先,把gbase Client凭证转换成DER格式。(本操作可以在linux环境下生成再copy至windows环境下)
openssl x509 -outform DER -in client-cert.pem -out client.cert |
当前目录下会生成client.cert文件
根据client.cert文件生成客户端keystore文件
C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -file c:\SSL\client. cert -keystore keystore 输入密钥库口令: 再次输入新口令: 所有者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11 发布者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11 序列号: 1 有效期开始日期: Fri Nov 25 05:52:22 CST 2016, 截止日期: Sun Nov 25 05:52:22 CST 2018 证书指纹: MD5: 37:24:8E:14:C7:77:E4:67:CA:BB:17:36:A6:04:CF:9E SHA1: CB:24:7E:D0:2D:6B:99:30:9B:A6:D5:4B:0E:9A:9D:A8:46:DC:FB:A3 SHA256: CC:82:98:4D:E9:49:A2:F1:7C:8B:6A:A7:13:4E:A7:8E:B2:67:8E:E7:05: BD:59:18:34:72:F3:8E:D9:83:4A:2D 签名算法名称: SHA1withRSA 版本: 1 是否信任此证书? [否]: 是 证书已添加到密钥库中 |
根据ca-cert.pem文件生成truststore
C:\Program Files (x86)\Java\jre1.8.0_60\bin>keytool -import -file c:\SSL\ca-cert .pem -keystore truststore 输入密钥库口令: 再次输入新口令: 所有者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11 发布者: EMAILADDRESS=1, CN=1, OU=1, O=1, L=1, ST=1, C=11 序列号: b03b0e19ba5e219f 有效期开始日期: Fri Nov 25 05:46:43 CST 2016, 截止日期: Mon Nov 23 05:46:43 CST 2026 证书指纹: MD5: 3A:A6:E4:CA:24:6F:DB:29:2C:7B:1A:82:C3:9B:2F:8B SHA1: 3F:84:D5:2F:3E:EC:A2:D9:B4:0A:63:85:B9:4B:82:F8:5F:1A:16:59 SHA256: 62:AE:D2:7B:CE:64:90:CE:47:DE:40:7B:67:1F:E8:41:11:DA:74:F6:AA: DB:6A:D2:A5:D3:70:D4:F9:FA:3C:8C 签名算法名称: SHA1withRSA 版本: 3 扩展: 1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: FF 62 CD C7 DC D9 93 48 E7 D7 88 A1 17 EF 80 C7 .b…..H…….. 0010: F2 E9 29 90 ..). ] ] 2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] 3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: FF 62 CD C7 DC D9 93 48 E7 D7 88 A1 17 EF 80 C7 .b…..H…….. 0010: F2 E9 29 90 ..). ] ] 是否信任此证书? [否]: 是 证书已添加到密钥库中 |
将两个文件放置在一个自定义目录,以便应用程序中引用,如:
c:/SSL/keystore c:/SSL/truststore |
Java程序样例:(工程需引用集群JDBC接口)
package gbase.sc;
import java.sql.*;
public class GBaseConTest {
public static void main(String[] args) {
String trustStorePath = "c:/SSL/truststore";
String keyStorePath = "c:/SSL/keystore";
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "123456");
Connection con = null;
Statement stm = null;
ResultSet rs = null;
ResultSetMetaData rsmd = null;
try {
// 加载jdbc驱动类
Class.forName("com.gbase.jdbc.Driver");
// 获取数据库连接,注意IP、用户名和密码及数据库需要跟自己服务器一致
con = (Connection) DriverManager.getConnection(
"jdbc:gbase://192.168.5.121:5258/zhao?user=gbase&password=gbase20110531&useSSL=true&requireSSL=true");
System.out.println("连接建立成功!");
stm = con.createStatement();
rs = stm.executeQuery("select * from bryan");
if (rs == null) {
return;
}
rsmd = rs.getMetaData();
int rsColoumnCount = rsmd.getColumnCount();
while (rs.next()) {
System.out.println("executeSQLByStatement===========================");
for (int i = 0; i < rsColoumnCount; i++) {
System.out.print(rsmd.getColumnName(i + 1).concat(" = "));
System.out.println(rs.getObject(i + 1));
}
System.out.println("executeSQLByStatement===========================");
}
} catch (ClassNotFoundException ex) {
// 输出驱动相关异常
System.out.println(ex.toString());
} catch (SQLException ex1) {
// 输出其他sql异常
System.out.println(ex1.toString());
} finally {
try {
if (con != null) {
// 关闭连接
rs.close();
stm.close();
con.close();
System.out.println("连接已关闭");
}
} catch (SQLException ex2) {
System.out.println(ex2.toString());
}
}
}
}
输出结果:
连接建立成功! executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== executeSQLByStatement=========================== a = 1 b = asdf executeSQLByStatement=========================== executeSQLByStatement=========================== a = 2 b = wer executeSQLByStatement=========================== executeSQLByStatement=========================== a = 3 b = time executeSQLByStatement=========================== 连接已关闭 |