Connecting JDBC applications with SSL

You can configure database connections for the HCL OneDB™ JDBC Driver to use the Secure Sockets Layer (SSL) protocol.

Before you begin

The client must use the same public key certificate file as the server.

Procedure

  1. Create a truststore: Use the keytool utility that comes with your Java™ runtime environment to import a client-side keystore database and add the public key certificate to the keystore. 
    C:\work>keytool -importcert -file filename.extension -keystore .keystore
    Follow the prompts to enter a new keystore password and to trust the certificate.
  2. Define the truststore location: Configure an SSL/TLS connection to the database from your Java application by using the following options:

    Option 1: Use system properties

    Set the location and password of the truststore using Java system properties.
    Note: These settings apply to all the SSL connections made from this application.
    C:\work>java -Djavax.net.ssl.trustStore=/opt/ids/.keystore -Djavax.net.ssl.trustStorePassword=password -jar yourapplication.jar
    or set the location and password inside the java code using the System.setProperty API. 
    System.setProperty("javax.net.ssl.trustStore", "/opt/ids/.keystore"); System.setProperty("javax.net.ssl.trustStorePassword", "password");
    Option 2: Use a DataSource object

    Define "per connection" the truststore location and password using a DataSource object by using the setTrustStore and setTrustStorePassword methods on the IfxDataSource object.

    OneDBDataSource ds = new OneDBDataSource();
ds.setTrustStore("/opt/keystore");
ds.setTrustStorePassword("password");
//Add your additional connection details

    Option 3: Pass in through the connection URL

    If you do not use a DataSource object you can pass in the truststore and password via URL properties using SSL_TRUSTSTORE=/opt/ids/.keystore and SSL_TRUSTSTORE_PASSWORD=password

    Connection c = DriverManager.getConnection("jdbc:onedb://localhost:9089/mydatabase; 
SSL_TRUSTSTORE=/opt/keystore;SSL_TRUSTSTORE_PASSWORD=password
  3. Declare the connection for SSL: This is set per connection and can be done through the DataSource or the URL.

    Option 1: Use a DataSource object

    OneDBDataSource ds = new OneDBDataSource();
ds.setEncrypt(true);
    Option 2: Pass in through the connection URL 
    Connection c = DriverManager.getConnection("jdbc:onedb://localhost:9089/mydatabase;
 encrypt=true;

JDBC sample for SSL connection

This sample Java program highlights the operations that are required to connect to the stores_demo database by using SSL.

import java.sql.Connection;
import java.sql.SQLException;

import com.onedb.jdbcx.OneDBDataSource;

public class SSLConnectionExample {
	public static void main(String[] args) {

		/* System properties for keystore */
		/* you can set this here for your whole system or you can set on */
		/* the data source (show below) or directly on your connection */
		/* properties using SSL_TRUSTSTORE and SSL_TRUSTSTORE_PASSWORD */
		System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore");
		System.setProperty("javax.net.ssl.trustStorePassword", "password");

		/* Instantiate OneDB data source */
		OneDBDataSource ds = new OneDBDataSource();


		ds.setUser("dbuser");
		ds.setPassword("password");
		ds.setDatabase("stores_demo");
		ds.setPort(9888);

		/* Enable SSL/TLS (required when using SSL/TLS) */
		cds.setEncrypt(true);

		/* Optional if you don't set a system property */
		/* You can set the trust store and password in the data source */
		cds.setTrustStore("/opt/keystore");
		cds.setTrustStorePassword("password");

		try (Connection conn = ds.getConnection()) {
			System.out.println(" Successfully connected to database using SSL Connection");
			System.out.println(" Database version  ...: " + conn.getMetaData().getDatabaseProductVersion());
		} catch (SQLException e) {
			System.err.println("Error Message : " + e.getMessage());
			System.err.println("Error Code    : " + e.getErrorCode());
		}
	}
}