对AWS RDS DB的Oracle.ManagedDataAccess-TCPS:无效的SSL Wallet(Magic) [英] Oracle.ManagedDataAccess to AWS RDS DB - TCPS: Invalid SSL Wallet (Magic)
问题描述
我正在尝试使用SSL证书通过Oracle.ManagedDataAccess Nuget程序包连接到Amazon RDS实例.
I am trying to connect to a Amazon RDS instance via the Oracle.ManagedDataAccess Nuget package using a SSL certificate.
我可以使用orapki生成的钱包通过SQL * Plus成功连接.遵循 AWS说明
I can connect successfully via SQL*Plus using a wallet generated using orapki. Wallet generated by following the AWS instructions
我想通过C#中的Oracle.ManagedDataAccess做同样的事情,而我正在尝试使用相同的钱包.
I want do the same via Oracle.ManagedDataAccessin C# and I am trying to use the same wallet.
我的C#看起来像这样:
My C# looks like this:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Oracle.ManagedDataAccess.Client;
namespace OracleDataAccess
{
class Program
{
static void Main(string[] args)
{
var connectionString = @"USER ID=***;PASSWORD=***;DATA SOURCE=(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = ***) (PORT = 2484)))(CONNECT_DATA = (SID = ***)) (SECURITY = (SSL_SERVER_CERT_DN = C=US,ST=Washington,L=Seattle,O=Amazon.com,OU=RDS,CN=***)))";
var connection = new OracleConnection(connectionString);
connection.Open();
}
}
}
我的app.config具有我的钱包位置:
My app.config has the location to my wallet:
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name = "WALLET_LOCATION" value="(SOURCE=(METHOD =FILE)(METHOD_DATA=(DIRECTORY=C:\ssl_wallet))) "/>
</settings>
</version>
</oracle.manageddataaccess.client>
我在Open()上收到一个OracleException:
I get an OracleException on Open():
Oracle.ManagedDataAccess.Client.OracleException:'网络传输: 解析钱包位置时SSL失败'
Oracle.ManagedDataAccess.Client.OracleException: 'Network Transport: SSL failure in parsing wallet location'
内部有例外:
TCPS:无效的SSL电子钱包(魔术)
TCPS: Invalid SSL Wallet (Magic)
它肯定会找到并可以访问钱包文件,因为如果将位置更改为无效内容,则会得到另一个内部异常,例如:
It definitely finds and can access the wallet file because if you change the location to something invalid you get a different inner exception e.g.:
DirectoryNotFoundException:找不到路径的一部分 'C:\ ssl_wallet2 \ cwallet.sso'.
DirectoryNotFoundException: Could not find a part of the path 'C:\ssl_wallet2\cwallet.sso'.
我找不到任何明显的证据可以说明为什么该钱包应该无效,因为SQL * Plus已成功使用该钱包连接到同一服务器.
I can't find anything obvious to suggest why that wallet should be invalid as it has been used by SQL*Plus to connect to the same server successfully.
Invalid SSL Wallet (Magic)没有产生我可以找到的任何相关内容.这种方法有什么我想念的吗?
Invalid SSL Wallet (Magic) doesn't yield anything relevant that I can find. Is there anything that I am missing in this approach?
您的堆栈跟踪可能包含:
Your stacktrace may contain:
,位于System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte [] rawData,对象密码,X509KeyStorageFlags keyStorageFlags) 在System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte [] rawData,String password,X509KeyStorageFlags keyStorageFlags) 在OracleInternal.Network.TcpsTransportAdapter.Negotiate(ConnectionOption conOption) 在OracleInternal.Network.OracleCommunication.DoConnect(字符串tnsDescriptor) 在OracleInternal.Network.OracleCommunication.Connect(字符串tnsDescriptor,布尔doNAHandshake,字符串IName,ConnectionOption CO) 在OracleInternal.ServiceObjects.OracleConnectionImpl.Connect(ConnectionString cs,布尔值bOpenEndUserSession,OracleConnection connRefForCriteria,字符串instanceName)System.ArgumentException,mscorlib,Version = 4.0.0.0,Culture = neutral,PublicKeyToken = b77a5c561934e089Array不能为空或为空. 参数名称:System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte [] rawData,Object password,X509KeyStorageFlags keyStorageFlags)上的rawData 在System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte [] rawData,String password,X509KeyStorageFlags keyStorageFlags) 在OracleInternal.Network.TcpsTransportAdapter.Negotiate(ConnectionOption conOption
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) at OracleInternal.Network.TcpsTransportAdapter.Negotiate(ConnectionOption conOption) at OracleInternal.Network.OracleCommunication.DoConnect(String tnsDescriptor) at OracleInternal.Network.OracleCommunication.Connect(String tnsDescriptor, Boolean doNAHandshake, String IName, ConnectionOption CO) at OracleInternal.ServiceObjects.OracleConnectionImpl.Connect(ConnectionString cs, Boolean bOpenEndUserSession, OracleConnection connRefForCriteria, String instanceName)System.ArgumentException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089Array may not be empty or null. Parameter name: rawData at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags) at OracleInternal.Network.TcpsTransportAdapter.Negotiate(ConnectionOption conOption
推荐答案
结果表明,由orapki生成的钱包文件不适用于此处.
Turns out that the wallet file generated by orapki isn't appropriate here.
解决方案是改为使用Windows证书存储来持有RDS证书颁发机构.
The solution is to use the Windows Certificate Store instead to hold the RDS Certificate Authority instead.
在这种情况下,您可以从以下位置下载RDS的 PKCS7文件AWS ,并将其导入Windows中的受信任的根证书颁发机构.
In this case you download the PKCS7 file for RDS from AWS and import that into your Trusted Root Certification Authorities in Windows.
然后您将app.config更改为将您的钱包位置设置为Microsoft证书存储,如下所示:
Then you change your app.config to set your wallet location to be the Microsoft Certificate Store like this:
<oracle.manageddataaccess.client>
<version number="*">
<settings>
<setting name = "WALLET_LOCATION" value="(SOURCE=(METHOD =MCS)) "/>
</settings>
</version>
</oracle.manageddataaccess.client>
然后一切都会按预期进行.
And then everything works as expected.
这篇关于对AWS RDS DB的Oracle.ManagedDataAccess-TCPS:无效的SSL Wallet(Magic)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
