[CONJ-949] keep clientCertificateKeyStoreUrl and clientCertificateKeyStoreUrl aliases Created: 2022-03-29  Updated: 2022-05-18  Resolved: 2022-05-13

Status: Closed
Project: MariaDB Connector/J
Component/s: authentication
Affects Version/s: 3.0.4
Fix Version/s: 3.0.5

Type: Bug Priority: Major
Reporter: Pavel Cibulka Assignee: Diego Dupin
Resolution: Fixed Votes: 0
Labels: None
Environment:

Ubuntu 20.04, OpenJdk 16.0.1, Apache Tomcat 9, Mariadb 10.5.15


 Description   

Authentication with username, password and certificate is not working when "REQUIRE X509" is set. It is working fine in 2.7.5. In 3.0.4 is works only with "REQUIRE SSL" not with "REQUIRE X509".

3.0.4 throws exception (changed some texts to heshes):
java.sql.SQLInvalidAuthorizationSpecException: (conn=484) Access denied for user '####'@'####' (using password: YES)

connection settings:
System.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.apache.naming.java.javaURLContextFactory");
System.setProperty(Context.URL_PKG_PREFIXES, "org.apache.naming");
InitialContext ic = new InitialContext();
ic.createSubcontext("java:");
ic.createSubcontext("java:comp");
ic.createSubcontext("java:comp/env");
ic.createSubcontext("java:comp/env/jdbc");

PoolConfiguration pRead = new PoolProperties();
pRead.setDefaultAutoCommit(true);
pRead.setDefaultReadOnly(true);
pRead.setJmxEnabled(true);
pRead.setTestWhileIdle(false);
pRead.setTestOnBorrow(true);
pRead.setTestOnReturn(false);
pRead.setValidationInterval(30000);
pRead.setTimeBetweenEvictionRunsMillis(30000);
pRead.setMaxActive(20);
pRead.setInitialSize(2);
pRead.setMaxIdle(20);
pRead.setMaxWait(1000);
pRead.setRemoveAbandonedTimeout(60);
pRead.setMinEvictableIdleTimeMillis(30000);
pRead.setMinIdle(1);
pRead.setLogAbandoned(true);
pRead.setRemoveAbandoned(true);
pRead.setDefaultAutoCommit(Boolean.TRUE);
pRead.setUseStatementFacade(false);
pRead.setValidationQuery("DO 1");

//Tomcat specific
pRead.setJdbcInterceptors("ConnectionState");

pRead.setDriverClassName("org.mariadb.jdbc.Driver");
pRead.setUrl("jdbc:mariadb:sequential:###");
pRead.setDefaultCatalog("###");
pRead.setUsername("###");
pRead.setPassword("###");

DataSource dsRead = new DataSource();
dsRead.setPoolProperties(pRead);

dsRead.setConnectionProperties("rewriteBatchedStatements=true");
dsRead.setConnectionProperties("allowMultiQueries=true");
dsRead.setConnectionProperties("verifyServerCertificate=false");// mysql
dsRead.setConnectionProperties("trustServerCertificate=true");// maria

dsRead.setConnectionProperties("useSSL=true");
dsRead.setConnectionProperties("requireSSL=true");
dsRead.setConnectionProperties("clientCertificateKeyStoreUrl=file:target/test-classes/client.p12");
dsRead.setConnectionProperties("clientCertificateKeyStorePassword=###");
dsRead.setConnectionProperties("serverSslCert=target/test-classes/server-cert.pem");
dsRead.setConnectionProperties("sslMode=trust");

 Comments   
Comment by Diego Dupin [ 2022-05-13 ]

In mariadb those options names are 'keyStore', 'keyStorePassword' not 'clientCertificateKeyStoreUrl' and 'clientCertificateKeyStorePassword', still aliases existed for mysql connector compatibility.
There is no reason not to keep aliases for compatibility. Those will be added in 3.0.5

Generated at Thu Feb 08 03:19:30 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.