Oracle Wallet

Oracle Wallet是用来加密解密的，前两天做的项目中用到了这个技术，现把一些用到的东西总结一下。

原文如下：

Our application does a web service call (from db to app server) to generate reports. Since SSL is used in prod, I think Oracle wallet needs to be setup in the db server for the web service calls to get through.

Here's a sample code that we can use to test:

SQL> set define off

SQL> set serverout on

SQL> declare

vHttpReq utl_http.req;

begin

vHttpReq := utl_http.begin_request ('https://10.37.240.202/emagine/admin/ws/report.php '||'?'||'target=report&io=461&io2=462&io3=463&code=34', 'GET');

end; 2 3 4 5

6 /

declare

*

ERROR at line 1:

ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1130

ORA-29024: Certificate validation failure

ORA-06512: at line 4

I've already downloaded the site's certificate in My Documents folder in the RDP server.

下面是我的解决方法（我不知道他的证书是怎么来的，以后有机会深究一下）：

1.I have already create a wallet.

orapki wallet create -wallet $ORACLE_HOME/network/admin/wallet1 -pwd elcaro_2011

2.You can use https certificate like this:

orapki wallet add -wallet $ORACLE_HOME/network/admin/wallet1 -trusted_cert -cert /home/oracle/wallet/CA_cert.cer

3.this procedure is the demo of how to use this wallet.

create or replace procedure get_realtime_account_data is

req UTL_HTTP.REQ;

resp UTL_HTTP.RESP;

val varchar2(2000);

real_records datacenter.common_utils.STRING_LIST;

fields datacenter.common_utils.STRING_LIST;

d_date date := to_date(to_char(sysdate, 'yyyy-mm-dd hh24:mi') ||

':00',

'yyyy-mm-dd hh24:mi:ss'); begin

UTL_HTTP.SET_WALLET('file:/home/oracle/wallet', 'wallet');

req := UTL_HTTP.BEGIN_REQUEST('https://192.168.127.1/GameMaster/GetServerInfo.aspx');

resp := UTL_HTTP.GET_RESPONSE(req);

utl_http.read_line(resp, val, true);

utl_http.end_response(resp);

real_records := datacenter.common_utils.EXPLODE(val, '|');

for i in 1 .. real_records.count loop

fields := datacenter.common_utils.EXPLODE(real_records(i), '/');

insert into stat_realtime_player_count

values

(d_date, fields(1), '', fields(2));

end loop;

commit;

EXCEPTION

WHEN utl_http.end_of_body THEN

utl_http.end_response(resp);

end get_realtime_account_data;

用下面的命令可以看到关于wallet用法的帮助

[oracle@au390 EMAGPROD]$ orapki wallet
Oracle PKI Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.

wallet:
create [-wallet [wallet]] [[-pwd ] [-auto_login|-auto_login_local]] | [-auto_login_only]
display [-wallet [wallet]] [-pwd ]
change_pwd [-wallet [wallet]] [-oldpwd ] [-newpwd ]
add [-wallet [wallet]]
[-serial_file ] | [-serial_num ]>
[-pwd ] | [-auto_login_only]
remove [-wallet [wallet]] [-dn [dn]] [-trusted_cert_all|-trusted_cert|-user_cert|-cert_req]
[-pwd ] | [-auto_login_only]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request [filename]] [-pwd ]
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn [user_cert_dn]] [-pwd ]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user [user]] [-userpwd [userpwd]] [-pwd ]
jks_to_pkcs12 [-wallet [wallet]] [-pwd ] [-keystore [keystore]] [-jkspwd [jkspwd]]

pkcs12_to_jks [-wallet [wallet]] [-pwd ] [-jksKeyStoreLoc -jksKeyStorepwd ]
[-jksTrustStoreLoc -jksTrustStorepwd ]
p11_add [-wallet [wallet]] [-p11_lib ] [-p11_tokenlabel ]
[-p11_tokenpw ] [-p11_certlabel ] [-pwd ]
p11_verify [-wallet [wallet]] [-pwd ]
help

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/41451/viewspace-1056737/，如需转载，请注明出处，否则将追究法律责任。