| Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655326] |
Sun, 28 August 2016 09:29  |
 |
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
Hi to all,
Can any one help me in using/configure Oracle Wallet functionality in order to call a https web services from oracle utl_http package?
In practise I have created/developed a web services using tomcat and axis2 for testing scope and all works fine when I call it by plsql utl_http package over HTTP protocol.
My problem arise when I call a web services with utl_http package over HTTPS protocol.
In particular I have created a self signed certificate (using java keystore tool) and then configured tomcat to work over HTTPS protocol, modifying the server.xml file.
All works fine. When I insert the url in the browser, for example "https://my_webservices?wsdl", I get the correct response from server.
My problem is when I call a web services from utl_http package over HTTPS protocol.
I think that my problem is due to the configuration of Oracle Wallet.
More precisely, I have configured oracle wallet through the following (standard) steps:
1) I have created a wallet using orapki wallet command:
$ orapki wallet create -wallet /u01/app/oracle/admin -pwd mypass -auto_login
2) then, add certificate (created previously with java keystore tool) to wallet using orapki wallet command:
$ orapki wallet add -wallet /u01/app/oracle/admin -trusted_cert -cert "/home/mycertificate-keystore-tool" -pwd mypass
3) Finally, I have call a web services as following:
DECLARE
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
l_buffer_size NUMBER(10) := 512;
l_line_size NUMBER(10) := 50;
l_lines_count NUMBER(10) := 20;
l_string_request VARCHAR2(512);
l_line VARCHAR2(128);
l_substring_msg VARCHAR2(512);
l_raw_data RAW(512);
l_clob_response CLOB;
l_host_name VARCHAR2(128) := '192.168.1.21';
l_port VARCHAR2(128) := '8443';
l_resp_xml XMLType;
l_result_XML_node VARCHAR2(128);
l_NAMESPACE_SOAP VARCHAR2(128) := 'xmlns="http://www.w3.org/2003/05/soap-envelope"';
l_response_city VARCHAR2(128);
l_response_date VARCHAR2(128);
l_response_temp VARCHAR2(128);
BEGIN
l_string_request := '<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header />
<soapenv:Body>
<ns1:Saluta xmlns:ns1="http://helloWorld">
<ns1:args0>Pippo</ns1:args0>
</ns1:Saluta>
</soapenv:Body>
</soapenv:Envelope>';
UTL_HTTP.set_transfer_timeout(60);
utl_http.set_wallet('file:/u01/app/oracle/admin','mypass');
l_http_request := UTL_HTTP.begin_request(url => 'https://' || l_host_name || ':' || l_port||'/axis2/services/HelloWorldServices', method => 'POST', http_version => 'HTTP/1.1');
UTL_HTTP.set_header(l_http_request, 'User-Agent', 'Mozilla/4.0');
UTL_HTTP.set_header(l_http_request, 'Host', l_host_name || ':' || l_port);
UTL_HTTP.set_header(l_http_request, 'Connection', 'close');
UTL_HTTP.set_header(l_http_request, 'Content-Type', 'text/xml;charset=UTF-8');
UTL_HTTP.set_header(l_http_request, 'SOAPAction', '"Saluta"');
UTL_HTTP.set_header(l_http_request, 'Content-Length', LENGTH(l_string_request));
<<request_loop>>
FOR i IN 0..CEIL(LENGTH(l_string_request) / l_buffer_size) - 1 LOOP
l_substring_msg := SUBSTR(l_string_request, i * l_buffer_size + 1, l_buffer_size);
BEGIN
l_raw_data := utl_raw.cast_to_raw(l_substring_msg);
UTL_HTTP.write_raw(r => l_http_request, data => l_raw_data);
EXCEPTION
WHEN NO_DATA_FOUND THEN
EXIT request_loop;
END;
END LOOP request_loop;
l_http_response := UTL_HTTP.get_response(l_http_request);
DBMS_OUTPUT.put_line('Response> status_code: "' || l_http_response.status_code || '"');
DBMS_OUTPUT.put_line('Response> reason_phrase: "' ||l_http_response.reason_phrase || '"');
DBMS_OUTPUT.put_line('Response> http_version: "' ||l_http_response.http_version || '"');
BEGIN
<<response_loop>>
LOOP
UTL_HTTP.read_raw(l_http_response, l_raw_data, l_buffer_size);
l_clob_response := l_clob_response || UTL_RAW.cast_to_varchar2(l_raw_data);
END LOOP response_loop;
EXCEPTION
WHEN UTL_HTTP.end_of_body THEN
UTL_HTTP.end_response(l_http_response);
END;
DBMS_OUTPUT.put_line('Response> length: "' || LENGTH(l_clob_response) || '"');
DBMS_OUTPUT.put_line(CHR(10) || '=== Print first ' || l_lines_count || ' lines of HTTP response... ===' || CHR(10) || CHR(10));
<<print_response>>
FOR i IN 0..CEIL(LENGTH(l_clob_response) / l_line_size) - 1 LOOP
l_line := SUBSTR(l_clob_response, i * l_line_size + 1, l_line_size);
DBMS_OUTPUT.put_line(l_line);
EXIT WHEN i > l_lines_count - 1;
END LOOP print_response;
IF l_http_request.private_hndl IS NOT NULL THEN
UTL_HTTP.end_request(l_http_request);
END IF;
IF l_http_response.private_hndl IS NOT NULL THEN
UTL_HTTP.end_response(l_http_response);
END IF;
end;
4) I get this error:
Error at line 1
ORA-29273: http request failed
ORA-06512: a "SYS.UTL_HTTP", line 1130
ORA-28860: SSL fatal error
ORA-06512: a line 33
Is there something bad/wrong? If yes, Where? Please, can you help me to solve this problem?
thanks in advance!
[Updated on: Sun, 28 August 2016 09:32] Report message to a moderator |
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655362 is a reply to message #655334] |
Mon, 29 August 2016 12:40  |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
Hi Waston
Of course. I have created an ACL to permit my schema to connect to that address.
Indeed, if you read my first post you see that I writed "[...] all works fine when I call it by plsql utl_http package over HTTP protocol. My problem arise when I call a web services with utl_http package over HTTPS protocol."
I'm be able to call a web services over HTTP protocol. My problem is when I call a web services over HTTPS and I think that the problem is due to the configuration of Oracle Wallet.
[Updated on: Mon, 29 August 2016 13:10] Report message to a moderator |
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655363 is a reply to message #655362] |
Mon, 29 August 2016 13:13 |
John Watson
Messages: 8962
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Your answer sounds as though you are accusing me of doing something wrong. Furthermore, you can't be bothered to spell my name correctly. And worst of all, you do not appear to be aware that saying "Hi, Watson" (a combination of slang and surname) is rude in English. If you want to use surnames, please use an appropriate honorific. You might also consider saying "thank you for trying to help".
So, what certificate dd you install? The leaf certificate will be no good, you need to install the issuer's certificate. And please can you test with something simpler? Perhaps this,set serverout on
set define off
declare
req UTL_HTTP.req;
resp UTL_HTTP.resp;
BEGIN
UTL_HTTP.SET_WALLET ('file:/u01/app/oracle/admin','mypass');
req := UTL_HTTP.begin_request('https://192.168.1.21:8443');
resp := UTL_HTTP.get_response(req);
dbms_output.put_line(resp.status_code);
UTL_HTTP.end_response(resp);
END;
/$ orapki wallet create -wallet /u01/app/oracle/admin -pwd mypass -auto_login
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
PKI-01002: Invalid password:Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters. |
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655372 is a reply to message #655370] |
Mon, 29 August 2016 16:14 |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
Hi John,
so, I have tried to connect to https://www.oracle.com/index.html HTTPS site.
In particular I have created a wallet with the follow command:
orapki wallet create -wallet /u01/app/oracle/admin -pwd wallet.01 -auto_login
orapki wallet add -wallet /u01/app/oracle/admin -trusted_cert -cert "/u01/app/oracle/admin/GeoTrustGlobalCA.crt" -pwd wallet.01
and
orapki wallet add -wallet /u01/app/oracle/admin -trusted_cert -cert "/u01/app/oracle/admin/GeoTrustSSLCA-G3.crt" -pwd wallet.01
but in either cases i get this error:
Unable to read certificate
[Updated on: Mon, 29 August 2016 16:18] Report message to a moderator |
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655380 is a reply to message #655372] |
Tue, 30 August 2016 03:11 |
John Watson
Messages: 8962
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
It works for me:C:\tmp>
C:\tmp>orapki wallet create -wallet c:\tmp\wallet -pwd oracle123 -auto_login
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
C:\tmp>orapki wallet add -wallet c:\tmp\wallet -cert c:\tmp\GeoTrustGlobalCA.crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
C:\tmp>orapki wallet add -wallet c:\tmp\wallet -cert c:\tmp\GeoTrustSSLCA-G3.crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
C:\tmp>sqlplus jw/jw
SQL*Plus: Release 12.1.0.2.0 Production on Tue Aug 30 09:09:51 2016
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Last Successful login time: Tue Aug 30 2016 09:06:53 +01:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options
orclz> set serverout on
orclz> set define off
orclz>
orclz> declare
2 req UTL_HTTP.req;
3 resp UTL_HTTP.resp;
4 BEGIN
5 UTL_HTTP.SET_WALLET ('file:c:\tmp\wallet','oracle123');
6 req := UTL_HTTP.begin_request('https://www.oracle.com');
7 resp := UTL_HTTP.get_response(req);
8 dbms_output.put_line(resp.status_code);
9 UTL_HTTP.end_response(resp);
10 END;
11 /
200
PL/SQL procedure successfully completed.
orclz> |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655398 is a reply to message #655396] |
Tue, 30 August 2016 07:55 |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
excuse me John, bear with me. I'm inexpert.
However, now the orapki command works fine. Wallet is created and the certificate chain is add to it.
My error was that I put the certificate files in the same directory of the Wallet while I have to put them in the parent of Wallet directory.
Well, as soon as possible I try to call the https://www.oracle.com site with the code that you posted me and I keep you updated showing you each result.
I'm to work. this evening when I back to my home try to do other test and I keep you updated.
thanks for the patience
[Updated on: Tue, 30 August 2016 09:50] Report message to a moderator |
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655429 is a reply to message #655428] |
Wed, 31 August 2016 03:10 |
John Watson
Messages: 8962
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Quote:Do I need set the file permission? No. What you need to do is tell the truth. Your code did not produce the error you claim to have. It produced this,orclz>
orclz>
orclz> declare
2 req UTL_HTTP.req;
3 resp UTL_HTTP.resp;
4 BEGIN
5 UTL_HTTP.SET_WALLET (''file:C:\test\wallet','oracle123');
6 req := UTL_HTTP.begin_request('https://www.oracle.com');
7 resp := UTL_HTTP.get_response(req);
8 dbms_output.put_line(resp.status_code);
9 UTL_HTTP.end_response(resp);
10 END;
11 /
ERROR:
ORA-01756: quoted string not properly terminated |
|
|
|
|
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655435 is a reply to message #655433] |
Wed, 31 August 2016 03:41 |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
Excuse me but what do you want that I say?
I don't know!
So, I have done all from scratch and the exact situation is this:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\SVILUPPO>C:\test
'C:\test' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\SVILUPPO>cd C:\test
C:\test>orapki wallet create -wallet c:\test\wallet -pwd oracle123 -auto_login
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>orapki wallet add -wallet c:\test\wallet -cert c:\test\GeoTrustGlobalCA.
crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>orapki wallet add -wallet c:\tmp\wallet -cert c:\test\GeoTrustSSLCA-G3.c
rt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
PKI-02003: Unable to load the wallet at: c:\tmp\wallet
C:\test>orapki wallet add -wallet c:\test\wallet -cert c:\test\GeoTrustSSLCA-G3.
crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>sqlplus CKS_TGW
SQL*Plus: Release 11.2.0.2.0 Production on Wed Aug 31 10:38:00 2016
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
SQL> set serverout on
SQL> set define off
SQL> declare
2 req UTL_HTTP.req;
3 resp UTL_HTTP.resp;
4 BEGIN
5 UTL_HTTP.SET_WALLET ('file:c:\test\wallet','oracle123');
6 req := UTL_HTTP.begin_request('https://www.oracle.com');
7 dbms_output.put_line(resp.status_code);
8 UTL_HTTP.end_response(resp);
9 END;
10 /
declare
*
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-28759: failure to open file
ORA-06512: at line 6
SQL>
I hope to get better.
thanks in anyway!
[Updated on: Wed, 31 August 2016 03:45] Report message to a moderator |
|
|
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655442 is a reply to message #655441] |
Wed, 31 August 2016 05:14 |
gazzag
Messages: 1119
Registered: November 2010
Location: Bedwas, UK
|
Senior Member |
|
|
I hope I didn't speak too soon. What is this?
C:\test>orapki wallet add -wallet c:\test\wallet -cert c:\test\GeoTrustGlobalCA.
crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>orapki wallet add -wallet c:\tmp\wallet -cert c:\test\GeoTrustSSLCA-G3.c
rt -trusted_cert -pwd oracle123
First you use "c:\test\wallet", then you use "c:\tmp\wallet".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655453 is a reply to message #655450] |
Wed, 31 August 2016 05:42 |
gazzag
Messages: 1119
Registered: November 2010
Location: Bedwas, UK
|
Senior Member |
|
|
So what about this discrepancy?
C:\test>orapki wallet add -wallet c:\test\wallet -cert c:\test\GeoTrustGlobalCA.
crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>orapki wallet add -wallet c:\tmp\wallet -cert c:\test\GeoTrustSSLCA-G3.c
rt -trusted_cert -pwd oracle123 |
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655457 is a reply to message #655453] |
Wed, 31 August 2016 05:53 |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
gazzag wrote on Wed, 31 August 2016 05:42So what about this discrepancy?
C:\test>orapki wallet add -wallet c:\test\wallet -cert c:\test\GeoTrustGlobalCA.
crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
C:\test>orapki wallet add -wallet c:\tmp\wallet -cert c:\test\GeoTrustSSLCA-G3.c
rt -trusted_cert -pwd oracle123
are bad copy and paste! I have done copy and paste from John code and I have forget to change the "tmp" to "test" directory
[Updated on: Wed, 31 August 2016 05:54] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Problem with Oracle Wallet functionality in a call HTTPS web serivces [message #655541 is a reply to message #655468] |
Thu, 01 September 2016 09:02 |
|
dancko
Messages: 108
Registered: June 2013
Location: italy
|
Senior Member |
|
|
Hi, I hope that this time is all correct... I have done all from scratch
Follow the complete session from start to finish:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\SVILUPPO>cd /d E:
E:\>orapki wallet create -wallet E:\test\wallet -pwd oracle123 -auto_login
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
E:\>orapki wallet add -wallet E:\test\wallet -cert E:\test\GeoTrustGlobalCA.crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
E:\>orapki wallet add -wallet e:\test\wallet -cert e:\test\GeoTrustSSLCA-G3.crt -trusted_cert -pwd oracle123
Oracle PKI Tool : Version 11.2.0.2.0 - Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
E:\>sqlplus CKS_TGW
SQL*Plus: Release 11.2.0.2.0 Production on Thu Sep 1 15:56:40 2016
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
SQL> set serverout on
SQL> set define off
SQL> declare
2 req UTL_HTTP.req;
3 resp UTL_HTTP.resp;
4 BEGIN
5 UTL_HTTP.SET_WALLET ('file:E:\test\wallet','oracle123');
6 req := UTL_HTTP.begin_request('https://www.oracle.com');
7 dbms_output.put_line(resp.status_code);
8 UTL_HTTP.end_response(resp);
9 END;
10 /
declare
*
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-28759: failure to open file
ORA-06512: at line 6
SQL>
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
