Oracle Wallet stored as Base64 in GCP Secret Manager fails with 'Wallet Version Not Supported #204
Description
Oracle Wallet stored as Base64 in GCP Secret Manager fails with 'Wallet Version Not Supported
cwallet.sso stored directly in secret manager works fine.
Issue is when same cwallet.sso is converted into base64 with command "base64 -i cwallet.sso" and stored in secret manager + this secret is used in Object Storage/Secret Manager.
Please note : If we try to fetch this base64 encoded wallet like https://github.com/oracle/ojdbc-extensions/tree/main/ojdbc-provider-gcp#secret-manager-tcps-wallet-provider it works fine.
How to reproduce
- Store wallet in base64 format in GCP secret manager
- In another JSON file use that secret under wallet_location like below and store in in another secret
{
"connect_descriptor": "(description=(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.us-phoenix-1.oraclecloud.com))(connect_data=(service_name=xsxsxs_dbtest_medium.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)))",
"user": "scott",
"password": {
"type": "gcpsecretmanager",
"value": "projects/138028249883/secrets/test-secret/versions/1"
},
"wallet_location": {
"type": "gcpsecretmanager",
"value": "projects/myproject/secrets/wallet-secret/versions/1"
},
"jdbc": {
"oracle.jdbc.ReadTimeout": 1000,
"defaultRowPrefetch": 20,
"autoCommit": "false"
}
}
- Existing test with above secret can be used https://github.com/oracle/ojdbc-extensions/blob/main/ojdbc-provider-samples/src/main/java/oracle/jdbc/provider/gcp/configuration/SecretManagerExample.java
Output
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Jul 25, 2025 3:03:51 PM oracle.jdbc.provider.oson.OsonModule
INFO: OsonExtention version: com.oracle.database.jdbc:ojdbc-provider-jackson-oson:1.0
Exception in thread "main" java.sql.SQLException: ORA-17957: Unable to initialize the key store. (CONNECTION_ID=yCXRKIdNSnasTsab8WpayA==)
https://docs.oracle.com/error-help/db/ora-17957/
at oracle.jdbc.driver.T4CConnection.handleLogonNetException(T4CConnection.java:1879)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:1195)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:1178)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:106)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:887)
at oracle.jdbc.datasource.impl.OracleDataSource.getPhysicalConnection(OracleDataSource.java:703)
at oracle.jdbc.datasource.impl.OracleDataSource.getConnection(OracleDataSource.java:377)
at oracle.jdbc.datasource.impl.OracleDataSource.getConnectionInternal(OracleDataSource.java:2192)
at oracle.jdbc.datasource.impl.OracleDataSource.getConnection(OracleDataSource.java:350)
at oracle.jdbc.datasource.impl.OracleDataSource.getConnection(OracleDataSource.java:311)
at oracle.jdbc.provider.gcp.configuration.SecretManagerExample.main(SecretManagerExample.java:103)
Caused by: oracle.net.ns.NetException: ORA-17957: Unable to initialize the key store. (CONNECTION_ID=yCXRKIdNSnasTsab8WpayA==)
https://docs.oracle.com/error-help/db/ora-17957/
at oracle.net.nt.ExtendedSSLContext.handleException(ExtendedSSLContext.java:187)
at oracle.net.nt.ExtendedSSLContext.createSSLContext(ExtendedSSLContext.java:163)
at oracle.net.nt.ExtendedSSLContext.(ExtendedSSLContext.java:107)
at oracle.net.nt.ExtendedSSLContext.newInstance(ExtendedSSLContext.java:89)
at oracle.net.nt.CustomSSLSocketFactory.newSSLContext(CustomSSLSocketFactory.java:201)
at oracle.net.nt.CustomSSLSocketFactory.getSSLContext(CustomSSLSocketFactory.java:189)
at oracle.net.nt.SSLContextCache.createSSLContext(SSLContextCache.java:242)
at oracle.net.nt.SSLContextCache.createCacheEntry(SSLContextCache.java:195)
at oracle.net.nt.SSLContextCache.get(SSLContextCache.java:153)
at oracle.net.nt.TcpsNTAdapter.newSSLEngine(TcpsNTAdapter.java:607)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:227)
at oracle.net.nt.ConnOption.connect(ConnOption.java:346)
at oracle.net.nt.ConnStrategy.executeConnOption(ConnStrategy.java:1266)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:787)
at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:721)
at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:972)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:341)
at oracle.jdbc.driver.T4CConnection.connectNetworkSessionProtocol(T4CConnection.java:3490)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:1074)
... 9 more
Caused by: java.io.IOException: Wallet Version Not Supported
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at oracle.net.nt.CustomSSLSocketFactory.loadKeyStore(CustomSSLSocketFactory.java:483)
at oracle.net.nt.DataURIKeyStore.loadDataURISSOKeyStore(DataURIKeyStore.java:93)
at oracle.net.nt.DataURIKeyStore.(DataURIKeyStore.java:71)
at oracle.net.nt.ExtendedSSLContext.createKeyStore(ExtendedSSLContext.java:278)
at oracle.net.nt.ExtendedSSLContext.initKeyStore(ExtendedSSLContext.java:193)
at oracle.net.nt.ExtendedSSLContext.createSSLContext(ExtendedSSLContext.java:159)
... 26 more