Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit d130740

Browse files
Wdt 609 ssl db connection (#1109)
* handle SSL db in rcu * jps changes for type of trust * add code into jps * SSL DB connection for opss * fix for local variable * fix for local variable * fix for local variable * fix for local variable * fix sonar bug * between * duplicate code reduction * documentation change * documentation change * fix build problem
1 parent 9e69002 commit d130740

File tree

8 files changed

+332
-40
lines changed

8 files changed

+332
-40
lines changed

‎core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java‎

Lines changed: 67 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,8 @@ public class RCURunner {
6969
private final String rcuVariables;
7070

7171
private boolean atpDB = false;
72+
private boolean sslDB = false;
73+
7274
private String atpSSlArgs = null;
7375
private String atpAdminUser = null;
7476
private String rcuAdminUser = DB_USER;
@@ -165,7 +167,7 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St
165167
sslArgs.append(",javax.net.ssl.keyStorePassword=");
166168
sslArgs.append(keyStorePassword);
167169
sslArgs.append(",oracle.jdbc.fanEnabled=false");
168-
sslArgs.append(",oracle.net.ssl_server_dn_match=true");
170+
sslArgs.append(",oracle.net.ssl_server_dn_match=false");
169171

170172
runner.atpDB = true;
171173
runner.atpSSlArgs = sslArgs.toString();
@@ -174,6 +176,61 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St
174176
runner.atpTemporaryTablespace = get(rcuProperties, "atp.temp.tablespace");
175177
return runner;
176178
}
179+
/**
180+
* Build an RCU runner for an SSL database.
181+
*
182+
* @param domainType the domain type
183+
* @param oracleHome the ORACLE_HOME location
184+
* @param javaHome the JAVA_HOME location
185+
* @param rcuDb The URL of the database
186+
* @param rcuPrefix The prefix used for the tablespaces
187+
* @param rcuSchemas the list of RCU schemas to create (this list should not include STB)
188+
* @param rcuVariables a comma separated list of key=value variables
189+
* @param rcuProperties dictionary of SSL specific arguments
190+
* @throws CreateException if a parameter validation error occurs
191+
*/
192+
public static RCURunner createSslRunner(String domainType, String oracleHome, String javaHome, String rcuDb,
193+
String rcuPrefix, List<String> rcuSchemas, String rcuVariables,
194+
PyDictionary rcuProperties) throws CreateException {
195+
196+
String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin");
197+
198+
RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables);
199+
String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword");
200+
String trustStore = get(rcuProperties, "javax.net.ssl.keyStore");
201+
String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
202+
String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword");
203+
String keyStore = get(rcuProperties, "javax.net.ssl.keyStore");
204+
String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
205+
String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match");
206+
if (matchType == null || matchType.equals("None")) {
207+
matchType = Boolean.FALSE.toString();
208+
}
209+
210+
211+
StringBuilder sslArgs = new StringBuilder();
212+
sslArgs.append("oracle.net.tns_admin=");
213+
sslArgs.append(tnsAdmin);
214+
215+
sslArgs.append(",javax.net.ssl.trustStore=");
216+
sslArgs.append(tnsAdmin + "/" + trustStore);
217+
sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType);
218+
// If wallet type is SSO, no password present
219+
if (trustStorePassword != null && !trustStorePassword.equals("None")) {
220+
sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword);
221+
}
222+
sslArgs.append(",javax.net.ssl.keyStore=");
223+
sslArgs.append(tnsAdmin + "/" + keyStore);
224+
sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType);
225+
if (keyStorePassword != null && !keyStorePassword.equals("None")) {
226+
sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword);
227+
}
228+
sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType);
229+
230+
runner.sslDB = true;
231+
runner.atpSSlArgs = sslArgs.toString();
232+
return runner;
233+
}
177234

178235
public void setRCUAdminUser(String rcuDBUser) {
179236
rcuAdminUser = rcuDBUser;
@@ -251,7 +308,7 @@ public void runRcu(String rcuSysPass, String rcuSchemaPass) throws CreateExcepti
251308
///////////////////////////////////////////////////////////////////////////
252309

253310
private void addATPEnv(Map<String, String> env) {
254-
if (atpDB) {
311+
if (atpDB || sslDB) {
255312
env.put("RCU_SSL_MODE", "true");
256313
env.put("SKIP_CONNECTSTRING_VALIDATION", "true");
257314
env.put("RCU_SKIP_PRE_REQS", "ALL");
@@ -312,6 +369,14 @@ private String[] getCommandLineArgs(String operationSwitch) {
312369
arguments.add("CN=ignored");
313370
arguments.add(SSLARGS);
314371
arguments.add(atpSSlArgs);
372+
} else if (sslDB) {
373+
arguments.add(USE_SSL_SWITCH);
374+
arguments.add(SSLARGS);
375+
arguments.add(atpSSlArgs);
376+
arguments.add(DB_ROLE_SWITCH);
377+
arguments.add(DB_ROLE);
378+
arguments.add(DB_USER_SWITCH);
379+
arguments.add(getRCUAdminUser());
315380
} else {
316381
arguments.add(DB_USER_SWITCH);
317382
arguments.add(getRCUAdminUser());

‎core/src/main/python/create.py‎

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@
4343
from wlsdeploy.util.cla_utils import TOOL_TYPE_CREATE
4444
from wlsdeploy.util.weblogic_helper import WebLogicHelper
4545
from wlsdeploy.tool.create import atp_helper
46+
from wlsdeploy.tool.create import ssl_helper
4647

4748
wlst_helper.wlst_functions = globals()
4849

@@ -231,13 +232,15 @@ def validate_rcu_args_and_model(model_context, model, archive_helper, aliases):
231232
_method_name = 'validate_rcu_args_and_model'
232233

233234
has_atpdbinfo = 0
235+
has_ssldbinfo = 0
234236
domain_info = model[model_constants.DOMAIN_INFO]
235237
if domain_info is not None:
236238
if model_constants.RCU_DB_INFO in domain_info:
237239
rcu_db_info = RcuDbInfo(model_context, aliases, domain_info[model_constants.RCU_DB_INFO])
238240
has_tns_admin = rcu_db_info.has_tns_admin()
239241
has_regular_db = rcu_db_info.is_regular_db()
240242
has_atpdbinfo = rcu_db_info.has_atpdbinfo()
243+
has_ssldbinfo = rcu_db_info.has_ssldbinfo()
241244

242245
if archive_helper and not has_regular_db:
243246
System.setProperty('oracle.jdbc.fanEnabled', 'false')
@@ -264,7 +267,7 @@ def validate_rcu_args_and_model(model_context, model, archive_helper, aliases):
264267
cla_helper.clean_up_temp_files()
265268
tool_exit.end(model_context, CommandLineArgUtil.PROG_ERROR_EXIT_CODE)
266269

267-
return has_atpdbinfo
270+
return has_atpdbinfo, has_ssldbinfo
268271

269272

270273
def _get_domain_path(model_context, model):
@@ -324,7 +327,7 @@ def main(args):
324327
domain_path = _get_domain_path(model_context, model_dictionary)
325328
archive_helper = ArchiveHelper(archive_file_name, domain_path, __logger, ExceptionType.CREATE)
326329

327-
has_atp = validate_rcu_args_and_model(model_context, model_dictionary, archive_helper, aliases)
330+
has_atp, has_ssl = validate_rcu_args_and_model(model_context, model_dictionary, archive_helper, aliases)
328331

329332
# check if there is an atpwallet and extract in the domain dir
330333
# it is to support non JRF domain but user wants to use ATP database
@@ -338,7 +341,10 @@ def main(args):
338341
rcu_properties_map = model_dictionary[model_constants.DOMAIN_INFO][model_constants.RCU_DB_INFO]
339342
rcu_db_info = RcuDbInfo(model_context, aliases, rcu_properties_map)
340343
atp_helper.fix_jps_config(rcu_db_info, model_context)
341-
344+
elif has_ssl:
345+
rcu_properties_map = model_dictionary[model_constants.DOMAIN_INFO][model_constants.RCU_DB_INFO]
346+
rcu_db_info = RcuDbInfo(model_context, aliases, rcu_properties_map)
347+
ssl_helper.fix_jps_config(rcu_db_info, model_context)
342348
except WLSDeployArchiveIOException, ex:
343349
__logger.severe('WLSDPLY-12409', _program_name, ex.getLocalizedMessage(), error=ex,
344350
class_name=_class_name, method_name=_method_name)

‎core/src/main/python/wlsdeploy/aliases/model_constants.py‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,8 @@
276276
SOURCE_DESTINATION = 'SourceDestination'
277277
SQL_AUTHENTICATOR = 'SQLAuthenticator'
278278
SSL = 'SSL'
279+
SSL_ADMIN_USER = 'ssl.admin.user'
280+
SSL_TNS_ENTRY = 'tns.alias'
279281
STARTUP_CLASS = 'StartupClass'
280282
STORE = 'Store'
281283
SUB_DEPLOYMENT = 'SubDeployment'
@@ -300,6 +302,7 @@
300302
USER = 'User'
301303
USER_ATTRIBUTES = 'UserAttribute'
302304
USE_SAMPLE_DATABASE = 'UseSampleDatabase'
305+
USE_SSL = "useSSL"
303306
VIRTUAL_HOST = 'VirtualHost'
304307
VIRTUAL_TARGET = 'VirtualTarget'
305308
VIRTUAL_USER_AUTHENTICATOR = 'VirtualUserAuthenticator'

‎core/src/main/python/wlsdeploy/tool/create/domain_creator.py‎

Lines changed: 82 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@
6565
from wlsdeploy.aliases.model_constants import SET_OPTION_DOMAIN_NAME
6666
from wlsdeploy.aliases.model_constants import SET_OPTION_JAVA_HOME
6767
from wlsdeploy.aliases.model_constants import SET_OPTION_SERVER_START_MODE
68+
from wlsdeploy.aliases.model_constants import SSL_ADMIN_USER
6869
from wlsdeploy.aliases.model_constants import UNIX_MACHINE
6970
from wlsdeploy.aliases.model_constants import URL
7071
from wlsdeploy.aliases.model_constants import USER
@@ -78,6 +79,7 @@
7879
from wlsdeploy.exception import exception_helper
7980
from wlsdeploy.exception.expection_types import ExceptionType
8081
from wlsdeploy.tool.create import atp_helper
82+
from wlsdeploy.tool.create import ssl_helper
8183
from wlsdeploy.tool.create import rcudbinfo_helper
8284
from wlsdeploy.tool.create.creator import Creator
8385
from wlsdeploy.tool.create.security_provider_creator import SecurityProviderCreator
@@ -306,6 +308,13 @@ def __run_rcu(self):
306308
runner = RCURunner.createAtpRunner(domain_type, oracle_home, java_home, rcu_prefix, rcu_schemas,
307309
rcu_db_info.get_rcu_variables(), rcu_runner_map)
308310

311+
elif rcu_db_info.is_use_ssl():
312+
rcu_db = rcu_db_info.get_preferred_db()
313+
rcu_properties_map = self.model.get_model_domain_info()[RCU_DB_INFO]
314+
rcu_runner_map =dict(rcu_properties_map)
315+
rcu_runner_map[SSL_ADMIN_USER] = rcu_db_info.get_ssl_tns_admin()
316+
runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, rcu_db, rcu_prefix, rcu_schemas,
317+
rcu_db_info.get_rcu_variables(), rcu_runner_map)
309318
else:
310319
# Non-ATP database, use DB config from the command line or RCUDbInfo in the model.
311320
rcu_db = rcu_db_info.get_preferred_db()
@@ -958,7 +967,7 @@ def __set_atp_connection_property(self, root_location, property_name, property_v
958967

959968
root_location.remove_name_token(property_name)
960969

961-
def __retrieve_atp_rcudbinfo(self, rcu_db_info, checkAdminPwd=False):
970+
def __retrieve_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False):
962971
"""
963972
Check and return atp connection info and make sure atp rcudb info is complete
964973
:raises: CreateException: if an error occurs
@@ -998,7 +1007,7 @@ def __retrieve_atp_rcudbinfo(self, rcu_db_info, checkAdminPwd=False):
9981007
"'javax.net.ssl.trustStorePassword']")
9991008
raise ex
10001009

1001-
if checkAdminPwd:
1010+
if check_admin_pwd:
10021011
admin_pwd = rcu_db_info.get_admin_password()
10031012
if admin_pwd is None:
10041013
ex = exception_helper.create_create_exception('WLSDPLY-12413','rcu_admin_password',
@@ -1008,6 +1017,44 @@ def __retrieve_atp_rcudbinfo(self, rcu_db_info, checkAdminPwd=False):
10081017

10091018
return tns_admin, rcu_database, keystore_pwd, truststore_pwd
10101019

1020+
def __retrieve_ssl_rcudbinfo(self, rcu_db_info, check_admin_pwd=False):
1021+
"""
1022+
Check and return ssl connection info and make sure ssl rcudb info is complete
1023+
:raises: CreateException: if an error occurs
1024+
"""
1025+
_method_name = '__retrieve_ssl_rcudbinfo'
1026+
1027+
tns_admin = rcu_db_info.get_ssl_tns_admin()
1028+
truststore = rcu_db_info.get_truststore()
1029+
if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora") \
1030+
or not os.path.exists(tns_admin + os.sep + truststore):
1031+
ex = exception_helper.create_create_exception('WLSDPLY-12562')
1032+
self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
1033+
raise ex
1034+
1035+
if rcu_db_info.get_ssl_entry() is None:
1036+
ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias',
1037+
"['tns.alias','javax.net.ssl.keyStorePassword',"
1038+
"'javax.net.ssl.trustStorePassword']")
1039+
self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
1040+
raise ex
1041+
1042+
rcu_database, error = ssl_helper.get_ssl_connect_string(tns_admin + os.sep + 'tnsnames.ora',
1043+
rcu_db_info.get_ssl_entry())
1044+
truststore = rcu_db_info.get_truststore()
1045+
truststore_type = rcu_db_info.get_truststore_type()
1046+
truststore_pwd = rcu_db_info.get_truststore_password()
1047+
1048+
if check_admin_pwd:
1049+
admin_pwd = rcu_db_info.get_admin_password()
1050+
if admin_pwd is None:
1051+
ex = exception_helper.create_create_exception('WLSDPLY-12413','rcu_admin_password',
1052+
"['rcu_prefix','rcu_schema_password',"
1053+
"'rcu_admin_password']")
1054+
raise ex
1055+
1056+
return tns_admin, rcu_database, truststore_pwd, truststore_type, truststore
1057+
10111058
def __configure_fmw_infra_database(self):
10121059
"""
10131060
Configure the FMW Infrastructure DataSources.
@@ -1042,14 +1089,19 @@ def __configure_fmw_infra_database(self):
10421089
# load atp connection properties from properties file
10431090
# HANDLE ATP case
10441091

1045-
if rcu_db_info.has_atpdbinfo():
1046-
has_atp = 1
1092+
if rcu_db_info.has_atpdbinfo()orrcu_db_info.is_use_ssl():
1093+
has_atp = rcu_db_info.has_atpdbinfo()
10471094
# parse the tnsnames.ora file and retrieve the connection string
10481095
# tns_admin is the wallet path either the path to $DOMAIN_HOME/atpwallet or
10491096
# specified in RCUDbinfo.oracle.net.tns_admin
10501097

1051-
tns_admin, rcu_database, keystore_pwd, truststore_pwd = self.__retrieve_atp_rcudbinfo(rcu_db_info)
1052-
1098+
keystore_pwd = None
1099+
truststore_type = None
1100+
truststore = None
1101+
if has_atp:
1102+
tns_admin, rcu_database, keystore_pwd, truststore_pwd = self.__retrieve_atp_rcudbinfo(rcu_db_info)
1103+
else:
1104+
tns_admin, rcu_database, truststore_pwd, truststore_type, truststore = self.__retrieve_ssl_rcudbinfo(rcu_db_info)
10531105
# Need to set for the connection property for each datasource
10541106

10551107
fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database)
@@ -1094,23 +1146,30 @@ def __configure_fmw_infra_database(self):
10941146

10951147
location.remove_name_token(DRIVER_PARAMS_USER_PROPERTY)
10961148

1097-
self.__set_atp_connection_property(location, DRIVER_PARAMS_kEYSTORE_PROPERTY, tns_admin + os.sep
1098-
+ 'keystore.jks')
1099-
self.__set_atp_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY,
1100-
'JKS')
1101-
self.__set_atp_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd)
1102-
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep
1103-
+ 'truststore.jks')
1104-
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY,
1105-
'JKS')
1106-
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd)
1107-
1108-
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_SSL_VERSION, '1.2')
1109-
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true')
1110-
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin)
1111-
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_FAN_ENABLED, 'false')
1112-
1113-
if not has_atp:
1149+
if has_atp:
1150+
self.__set_atp_connection_property(location, DRIVER_PARAMS_kEYSTORE_PROPERTY, tns_admin + os.sep
1151+
+ 'keystore.jks')
1152+
self.__set_atp_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY,
1153+
'JKS')
1154+
self.__set_atp_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd)
1155+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep
1156+
+ 'truststore.jks')
1157+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY,
1158+
'JKS')
1159+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd)
1160+
1161+
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_SSL_VERSION, '1.2')
1162+
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true')
1163+
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin)
1164+
self.__set_atp_connection_property(location, DRIVER_PARAMS_NET_FAN_ENABLED, 'false')
1165+
else:
1166+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep
1167+
+ truststore)
1168+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY,
1169+
truststore_type)
1170+
if truststore_pwd is not None and truststore_pwd != 'None':
1171+
self.__set_atp_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd)
1172+
else:
11141173
rcu_database = rcu_db_info.get_preferred_db()
11151174
if rcu_database is None:
11161175
ex = exception_helper.create_create_exception('WLSDPLY-12564')

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /