Oracle Wallet是用来加密解密的,前两天做的项目中用到了这个技术,现把一些用到的东西总结一下。
原文如下:
Our application does a web service call (from db to app server) to generate reports. Since SSL is used in prod, I think Oracle wallet needs to be setup in the db server for the web service calls to get through.
Here's a sample code that we can use to test:
SQL> set define off
SQL> set serverout on
SQL> declare
vHttpReq utl_http.req;
begin
vHttpReq := utl_http.begin_request ('https://10.37.240.202/emagine/admin/ws/report.php '||'?'||'target=report&io=461&io2=462&io3=463&code=34', 'GET');
end; 2 3 4 5
6 /
declare
*
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 4
I've already downloaded the site's certificate in My Documents folder in the RDP server.
下面是我的解决方法(我不知道他的证书是怎么来的,以后有机会深究一下):
1.I have already create a wallet.
orapki wallet create -wallet $ORACLE_HOME/network/admin/wallet1 -pwd elcaro_2011
2.You can use https certificate like this:
orapki wallet add -wallet $ORACLE_HOME/network/admin/wallet1 -trusted_cert -cert /home/oracle/wallet/CA_cert.cer
3.this procedure is the demo of how to use this wallet.
create or replace procedure get_realtime_account_data is
req UTL_HTTP.REQ;
resp UTL_HTTP.RESP;
val varchar2(2000);
real_records datacenter.common_utils.STRING_LIST;
fields datacenter.common_utils.STRING_LIST;
d_date date := to_date(to_char(sysdate, 'yyyy-mm-dd hh24:mi') ||
':00',
'yyyy-mm-dd hh24:mi:ss'); begin
UTL_HTTP.SET_WALLET('file:/home/oracle/wallet', 'wallet');
req := UTL_HTTP.BEGIN_REQUEST('https://192.168.127.1/GameMaster/GetServerInfo.aspx');
resp := UTL_HTTP.GET_RESPONSE(req);
utl_http.read_line(resp, val, true);
utl_http.end_response(resp);
real_records := datacenter.common_utils.EXPLODE(val, '|');
for i in 1 .. real_records.count loop
fields := datacenter.common_utils.EXPLODE(real_records(i), '/');
insert into stat_realtime_player_count
values
(d_date, fields(1), '', fields(2));
end loop;
commit;
EXCEPTION
WHEN utl_http.end_of_body THEN
utl_http.end_response(resp);
end get_realtime_account_data;
用下面的命令可以看到关于wallet用法的帮助
[oracle@au390 EMAGPROD]$ orapki wallet
Oracle PKI Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
wallet:
create [-wallet [wallet]] [[-pwd ] [-auto_login|-auto_login_local]] | [-auto_login_only]
display [-wallet [wallet]] [-pwd ]
change_pwd [-wallet [wallet]] [-oldpwd ] [-newpwd ]
add [-wallet [wallet]]
[-serial_file ] | [-serial_num ]>
[-pwd ] | [-auto_login_only]
remove [-wallet [wallet]] [-dn [dn]] [-trusted_cert_all|-trusted_cert|-user_cert|-cert_req]
[-pwd ] | [-auto_login_only]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request [filename]] [-pwd ]
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn [user_cert_dn]] [-pwd ]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
jks_to_pkcs12 [-wallet [wallet]] [-pwd ] [-keystore [keystore]] [-jkspwd [jkspwd]]
pkcs12_to_jks [-wallet [wallet]] [-pwd ] [-jksKeyStoreLoc -jksKeyStorepwd ]
[-jksTrustStoreLoc -jksTrustStorepwd ]
p11_add [-wallet [wallet]] [-p11_lib ] [-p11_tokenlabel ]
[-p11_tokenpw ] [-p11_certlabel ] [-pwd ]
p11_verify [-wallet [wallet]] [-pwd ]
help
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/41451/viewspace-1056737/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/41451/viewspace-1056737/