Skip to content

various atp and ssl JRF database refactoring #1366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 26, 2023
Merged

various atp and ssl JRF database refactoring #1366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c002375
Fix ssl db run rcu error and refactor
jshum2479 Jan 26, 2023
0f7fc8c
refactoring
jshum2479 Jan 26, 2023
2ed6ab7
copyrights updates
jshum2479 Jan 26, 2023
d424917
cleanup
jshum2479 Jan 26, 2023
0cbfcf0
add comment
jshum2479 Jan 26, 2023
8468180
Fix per PR comments
jshum2479 Jan 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 28 additions & 55 deletions core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import oracle.weblogic.deploy.util.ScriptRunnerException;
import oracle.weblogic.deploy.util.StringUtils;

import org.python.core.PyClass;
import org.python.core.PyDictionary;
import org.python.core.PyString;

Expand Down Expand Up @@ -72,7 +71,7 @@ public class RCURunner {
private boolean atpDB = false;
private boolean sslDB = false;

private String atpSSlArgs = null;
private String sslArgs = null;
private String atpAdminUser = null;
private String rcuAdminUser = DB_USER;
private String atpDefaultTablespace = null;
Expand Down Expand Up @@ -136,36 +135,23 @@ public static RCURunner createRunner(String domainType, String oracleHome, Strin
* @param javaHome the JAVA_HOME location
* @param rcuSchemas the list of RCU schemas to create (this list should not include STB)
* @param rcuVariables a comma separated list of key=value variables
* @param connectionProperties dictionary of ATP specific arguments
* @param sslConnectionProperties dictionary of ATP specific arguments
* @throws CreateException if a parameter validation error occurs
*/
public static RCURunner createAtpRunner(String domainType, String oracleHome, String javaHome, String rcuDb,
List<String> rcuSchemas, String rcuPrefix, String rcuVariables,
String databaseType, PyDictionary runnerMap,
PyDictionary connectionProperties) throws CreateException {
PyDictionary sslConnectionProperties) throws CreateException {

RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables);

StringBuilder sslArgs = new StringBuilder();

for (Object connectionProperty: connectionProperties.keys()) {
if (sslArgs.length() != 0) {
sslArgs.append(',');
}
sslArgs.append(connectionProperty.toString());
sslArgs.append('=');
PyDictionary valueObject = (PyDictionary)connectionProperties
.get(new PyString(connectionProperty.toString()));
sslArgs.append(valueObject.get(new PyString("Value")));
}


addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.keyStorePassword");
addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.trustStorePassword");
StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties);

addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.keyStorePassword");
addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.trustStorePassword");

runner.atpDB = true; // "ATP".equals(databaseType); // or scan if there are any 'ssl' in properties ?
runner.atpSSlArgs = sslArgs.toString();
runner.sslArgs = sslArgs.toString();

runner.atpAdminUser = get(runnerMap, "atp.admin.user");
runner.atpDefaultTablespace = get(runnerMap, "atp.default.tablespace");
Expand All @@ -174,6 +160,21 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St
return runner;
}

private static StringBuilder getSSLArgsStringBuilder(PyDictionary connectionProperties) {
StringBuilder sslArgs = new StringBuilder();

for (Object connectionProperty: connectionProperties.keys()) {
if (sslArgs.length() != 0) {
sslArgs.append(',');
}
String key = connectionProperty.toString();
sslArgs.append(key);
sslArgs.append('=');
sslArgs.append(get(connectionProperties, key));
}
return sslArgs;
}

private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDictionary connectionProperties,
StringBuilder sslArgs, String key) {
if (!connectionProperties.has_key(new PyString(key)) &&
Expand All @@ -199,44 +200,16 @@ private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDiction
*/
public static RCURunner createSslRunner(String domainType, String oracleHome, String javaHome, String rcuDb,
String rcuPrefix, List<String> rcuSchemas, String rcuVariables,
PyDictionary rcuProperties) throws CreateException {
PyDictionary rcuProperties,
PyDictionary sslConnectionProperties) throws CreateException {

String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin");

RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables);
String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword");
String trustStore = get(rcuProperties, "javax.net.ssl.keyStore");
String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword");
String keyStore = get(rcuProperties, "javax.net.ssl.keyStore");
String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match");
if (matchType == null || matchType.equals("None")) {
matchType = Boolean.FALSE.toString();
}


StringBuilder sslArgs = new StringBuilder();
sslArgs.append("oracle.net.tns_admin=");
sslArgs.append(tnsAdmin);

sslArgs.append(",javax.net.ssl.trustStore=");
sslArgs.append(tnsAdmin + "/" + trustStore);
sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType);
// If wallet type is SSO, no password present
if (trustStorePassword != null && !trustStorePassword.equals("None")) {
sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword);
}
sslArgs.append(",javax.net.ssl.keyStore=");
sslArgs.append(tnsAdmin + "/" + keyStore);
sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType);
if (keyStorePassword != null && !keyStorePassword.equals("None")) {
sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword);
}
sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType);
StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties);

runner.sslDB = true;
runner.atpSSlArgs = sslArgs.toString();
runner.sslArgs = sslArgs.toString();
return runner;
}

Expand Down Expand Up @@ -377,11 +350,11 @@ private String[] getCommandLineArgs(String operationSwitch) {
arguments.add(SERVER_DN_SWITCH);
arguments.add("CN=ignored");
arguments.add(SSLARGS);
arguments.add(atpSSlArgs);
arguments.add(sslArgs);
} else if (sslDB) {
arguments.add(USE_SSL_SWITCH);
arguments.add(SSLARGS);
arguments.add(atpSSlArgs);
arguments.add(sslArgs);
arguments.add(DB_ROLE_SWITCH);
arguments.add(DB_ROLE);
arguments.add(DB_USER_SWITCH);
Expand Down
56 changes: 45 additions & 11 deletions core/src/main/python/wlsdeploy/tool/create/atp_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
"""
Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. All rights reserved.
Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates. All rights reserved.
Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
"""
import re
import re, os
from xml.dom.minidom import parse
from wlsdeploy.exception import exception_helper

Expand All @@ -11,7 +11,8 @@

_logger = PlatformLogger('wlsdeploy.create')

def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password):
def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password, keystore, keystore_type,
truststore, truststore_type):
'''
Add SSL config properties to the specified XML document.
:param xml_doc: The XML document
Expand All @@ -22,22 +23,49 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa
collection = dom_tree.documentElement
props = collection.getElementsByTagName("propertySet")

keystore, keystore_type, truststore, truststore_type = fix_store_type_and_default_value(keystore, keystore_type,
truststore, truststore_type)

for prop in props:
if prop.getAttribute('name') == 'props.db.1':
set_property(dom_tree, prop, 'oracle.net.ssl_server_dn_match', 'true')
set_property(dom_tree, prop, 'oracle.net.ssl_version', '1.2')
set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path)
set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', 'JKS')
set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/truststore.jks')
set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', 'JKS')
set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/keystore.jks')
set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password)
set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password)
set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type)
set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type)
if not os.path.isabs(keystore):
set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + keystore)
else:
set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore)
if not os.path.isabs(truststore):
set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + truststore)
else:
set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore)

if keystore_password is not None:
set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password)
if truststore_password is not None:
set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password)
# Persist the changes in the xml file
file_handle = open(xml_doc, "w")
dom_tree.writexml(file_handle)
file_handle.close()


def fix_store_type_and_default_value(keystore, keystore_type, truststore, truststore_type):
# historical reason atp does not need these inputs by default and it uses JKS
# set the default and return it
if truststore is None:
truststore = "truststore.jks"
if keystore is None:
keystore = "keystore.jks"
if truststore_type is None:
truststore_type = "JKS"
if keystore_type is None:
keystore_type = "JKS"
return keystore, keystore_type, truststore, truststore_type


def set_property(dom_tree, prop, name, value):
'''
Sets the property child element under prop parent node.
Expand All @@ -58,11 +86,17 @@ def fix_jps_config(rcu_db_info, model_context):
tns_admin = rcu_db_info.get_tns_admin()
keystore_password = rcu_db_info.get_keystore_password()
truststore_password = rcu_db_info.get_truststore_password()
keystore_type = rcu_db_info.get_keystore_type()
truststore_type = rcu_db_info.get_truststore_type()
keystore = rcu_db_info.get_keystore()
truststore = rcu_db_info.get_truststore()

jps_config = model_context.get_domain_home() + '/config/fmwconfig/jps-config.xml'
jps_config_jse = model_context.get_domain_home() + '/config/fmwconfig/jps-config-jse.xml'
set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password)
set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password)
set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password, keystore, keystore_type,
truststore, truststore_type)
set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password, keystore, keystore_type,
truststore, truststore_type)


def get_atp_connect_string(tnsnames_ora_path, tns_sid_name):
Expand Down
Loading