Java and JavaScript in the Database

Dear Oracle:


I am trying to establish an HTTPS connection from a Java stored
procedure that is wrapped in a PL/SQL procedure and loaded into a
Package. We are running on Oracle 8.1.7.

My Java code compiles and runs fine when run stand-alone outside
Oracle; I can establish the connection to a secure server and talk to
the server. However when I load this Java class (using the loadjava
utility) this class can no longer run and I get a the following
exception:
"ORA-29532: Java call terminated by uncaught Java exception:
javax.net.ssl.SSLException: SSL handshake failed:
X509CertChainIncompleteErr"

I have tried loading the JSSE from Sun and I still get the same error.

Searching in the Discussing Forums I found the following link (which
describes a procedure that logs into the UPS secure server site and
grabs some XML) http://osi.oracle.com/~mbpierma/SSL_Java_DB.html .
This code works ok if we try to connect to UPS server. However this
code doesn't work if we try to log in to a different server (such as
???). If I modify this code slightly and try to log to any other
sever server I get the same error as the one above. Investigation
lead us to understand that the certificate at the UPS web site is a
self-signed certificate -- not one generated by a major 'recognized'
authority such as Verisign or Thawte.

Further research pointed me to the following URL
http://www.znow.com/sales/oracle/network.816/a76932/appf_ora.htm#619367
This URL has the documentation for JAVA SSL for 8.1.6 which I figure
I could read and try to make it work in 8.1.7.

I looked at your Secure Hello World example, however the code is
missing the most critical parts of the whole example, it does not
specify where the certificate or any of the security settings come
from (see the attached JavaCertExample.txt file).


So, my questions are the following:

1) What should I do to avoid the error mentioned above?

2) Do you have a sample piece of code that describes how to make a
HTTPS connection using a Java stored procedure?

3) Can I make the HTTPS connection using a URL class and not using
sockets directly?

4) Do I need to load the JSEE provided by Sun?

5) Will the solution be different for Oracle 9i?

---------------------------------------------------------------------------------------------------------------
// SecureHelloClient.java
import java.net.*;
import java.io.*;
import java.util.*;

import javax.net.ssl.*;

import javax.security.cert.X509Certificate;
import oracle.security.ssl.OracleSSLCredential;
import oracle.security.ssl.OracleSSLSocketFactory;
import oracle.security.ssl.OracleSSLProtocolVersion;
import oracle.security.ssl.OracleSSLSession;

public class SecureHelloClient
{
public static void main(String argv[])
{
String hostName = "localhost";
if(argv.length != 0)
String hostName = argv[0];

// Set the SSLSocketFactoryImpl class as follows:
java.util.Properties prop = System.getProperties();
prop.put("SSLSocketFactoryImplClass",
"oracle.security.ssl.OracleSSLSocketFactoryImpl");

try
{
// Get the default socket factory
OracleSSLSocketFactory sSocFactory
= (OracleSSLSocketFactory)SSLSocketFactory.getDefault();

sSocFactory.setSSLProtocolVersion(OracleSSLProtocolVersion.SSL_Version_3_0);

OracleSSLCredential sslCredObj = new OracleSSLCredential();


// Where did these values come from? caCert, userCert, trustedCert,

// Set the certificate chain and private key if the
// server requires client authentication
sslCredObj.addCertChain(caCert)
sslCredObj.addCertchain(userCert)
sslCredObj.setPrivateKey(userPvtKey, userPassword)

// Populate credential object
sslCredObj.addTrustedCert(trustedCert);
sSocFactory.setSSLCredentials(sslCredObj);

// Create the socket using factory
SSLSocket jsslSoc =
(SSLSocket)sSocFactory.createSocket(hostName, 8443);

String [] ciphers = jsslSoc.getSupportedCipherSuites() ;

// Select the ciphers you want and put them.
// Here we will put all availabel ciphers
jsslSoc.setEnabledCipherSuites(ciphers);

// We are creating socket in client mode
jsslSoc.setUseClientMode(true);

// Do SSL handshake
jsslSoc.startHandshake();

// Print negotiated cipher
System.out.println("Negotiated Cipher Suite: "
+jsslSoc.getSession().getCipherSuite());

System.out.println("");
X509Certificate[] peerCerts
= ((javax.net.ssl.SSLSocket)jsslSoc).getSession().getPeerCertificateChain();

if (peerCerts != null)
{
System.out.println("Printing server information:");
for(int i =0; i ? peerCerts.length; i++)
{
System.out.println("Peer Certificate ["+i+"] Information:");
System.out.println("- Subject: " + peerCerts.getSubjectDN().getName());
System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName());
System.out.println("- Version: " + peerCerts[i].getVersion());
System.out.println("- Start Time: " + peerCerts[i].getNotBefore().toString());
System.out.println("- End Time: " + peerCerts[i].getNotAfter().toString());
System.out.println("- Signature Algorithm: " + peerCerts[i].getSigAlgName());

System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber());
}
}
else
System.out.println("Failed to get peer certificates");

// Now do data exchange with client
OutputStream out = jsslSoc.getOutputStream();
InputStream in = jsslSoc.getInputStream();

String inputLine, outputLine;
byte [] msg = new byte[1024];

outputLine = "HELLO";
out.write(outputLine.getBytes());
int readLen = in.read(msg, 0, msg.length);
if(readLen > 0)
{
inputLine = new String(msg, 0, readLen);
System.out.println("");
System.out.println("Server Message:");
System.out.println(inputLine );
}
else
System.out.println("Can't read data from client");

// Close all sockets and streams
out.close();
in.close();
jsslSoc.close();
}
catch(SSLException e)
{
System.out.println("SSL exception caught:");
e.printStackTrace();
}
catch(IOException e)
{
System.out.println("IO exception caught:");
e.printStackTrace();
}
catch(Exception e)
{
System.out.println("Exception caught:");
e.printStackTrace();
}
}
}