diff --git a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java index 46cb375718..a70b7a93f7 100644 --- a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java +++ b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java @@ -19,7 +19,6 @@ import oracle.weblogic.deploy.util.ScriptRunnerException; import oracle.weblogic.deploy.util.StringUtils; -import org.python.core.PyClass; import org.python.core.PyDictionary; import org.python.core.PyString; @@ -72,7 +71,7 @@ public class RCURunner { private boolean atpDB = false; private boolean sslDB = false; - private String atpSSlArgs = null; + private String sslArgs = null; private String atpAdminUser = null; private String rcuAdminUser = DB_USER; private String atpDefaultTablespace = null; @@ -136,36 +135,23 @@ public static RCURunner createRunner(String domainType, String oracleHome, Strin * @param javaHome the JAVA_HOME location * @param rcuSchemas the list of RCU schemas to create (this list should not include STB) * @param rcuVariables a comma separated list of key=value variables - * @param connectionProperties dictionary of ATP specific arguments + * @param sslConnectionProperties dictionary of ATP specific arguments * @throws CreateException if a parameter validation error occurs */ public static RCURunner createAtpRunner(String domainType, String oracleHome, String javaHome, String rcuDb, List rcuSchemas, String rcuPrefix, String rcuVariables, String databaseType, PyDictionary runnerMap, - PyDictionary connectionProperties) throws CreateException { + PyDictionary sslConnectionProperties) throws CreateException { RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables); - StringBuilder sslArgs = new StringBuilder(); - - for (Object connectionProperty: connectionProperties.keys()) { - if (sslArgs.length() != 0) { - sslArgs.append(','); - } - sslArgs.append(connectionProperty.toString()); - sslArgs.append('='); - PyDictionary valueObject = (PyDictionary)connectionProperties - .get(new PyString(connectionProperty.toString())); - sslArgs.append(valueObject.get(new PyString("Value"))); - } - - - addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.keyStorePassword"); - addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.trustStorePassword"); + StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); + addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.keyStorePassword"); + addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.trustStorePassword"); runner.atpDB = true; // "ATP".equals(databaseType); // or scan if there are any 'ssl' in properties ? - runner.atpSSlArgs = sslArgs.toString(); + runner.sslArgs = sslArgs.toString(); runner.atpAdminUser = get(runnerMap, "atp.admin.user"); runner.atpDefaultTablespace = get(runnerMap, "atp.default.tablespace"); @@ -174,6 +160,21 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St return runner; } + private static StringBuilder getSSLArgsStringBuilder(PyDictionary connectionProperties) { + StringBuilder sslArgs = new StringBuilder(); + + for (Object connectionProperty: connectionProperties.keys()) { + if (sslArgs.length() != 0) { + sslArgs.append(','); + } + String key = connectionProperty.toString(); + sslArgs.append(key); + sslArgs.append('='); + sslArgs.append(get(connectionProperties, key)); + } + return sslArgs; + } + private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDictionary connectionProperties, StringBuilder sslArgs, String key) { if (!connectionProperties.has_key(new PyString(key)) && @@ -199,44 +200,16 @@ private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDiction */ public static RCURunner createSslRunner(String domainType, String oracleHome, String javaHome, String rcuDb, String rcuPrefix, List rcuSchemas, String rcuVariables, - PyDictionary rcuProperties) throws CreateException { + PyDictionary rcuProperties, + PyDictionary sslConnectionProperties) throws CreateException { - String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin"); RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables); - String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword"); - String trustStore = get(rcuProperties, "javax.net.ssl.keyStore"); - String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); - String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword"); - String keyStore = get(rcuProperties, "javax.net.ssl.keyStore"); - String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); - String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match"); - if (matchType == null || matchType.equals("None")) { - matchType = Boolean.FALSE.toString(); - } - - StringBuilder sslArgs = new StringBuilder(); - sslArgs.append("oracle.net.tns_admin="); - sslArgs.append(tnsAdmin); - - sslArgs.append(",javax.net.ssl.trustStore="); - sslArgs.append(tnsAdmin + "/" + trustStore); - sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType); - // If wallet type is SSO, no password present - if (trustStorePassword != null && !trustStorePassword.equals("None")) { - sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword); - } - sslArgs.append(",javax.net.ssl.keyStore="); - sslArgs.append(tnsAdmin + "/" + keyStore); - sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType); - if (keyStorePassword != null && !keyStorePassword.equals("None")) { - sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword); - } - sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType); + StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); runner.sslDB = true; - runner.atpSSlArgs = sslArgs.toString(); + runner.sslArgs = sslArgs.toString(); return runner; } @@ -377,11 +350,11 @@ private String[] getCommandLineArgs(String operationSwitch) { arguments.add(SERVER_DN_SWITCH); arguments.add("CN=ignored"); arguments.add(SSLARGS); - arguments.add(atpSSlArgs); + arguments.add(sslArgs); } else if (sslDB) { arguments.add(USE_SSL_SWITCH); arguments.add(SSLARGS); - arguments.add(atpSSlArgs); + arguments.add(sslArgs); arguments.add(DB_ROLE_SWITCH); arguments.add(DB_ROLE); arguments.add(DB_USER_SWITCH); diff --git a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py index 2d513e7071..a83c91c7bf 100644 --- a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py @@ -1,8 +1,8 @@ """ -Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. All rights reserved. +Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates. All rights reserved. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ -import re +import re, os from xml.dom.minidom import parse from wlsdeploy.exception import exception_helper @@ -11,7 +11,8 @@ _logger = PlatformLogger('wlsdeploy.create') -def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password): +def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type): ''' Add SSL config properties to the specified XML document. :param xml_doc: The XML document @@ -22,22 +23,49 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa collection = dom_tree.documentElement props = collection.getElementsByTagName("propertySet") + keystore, keystore_type, truststore, truststore_type = fix_store_type_and_default_value(keystore, keystore_type, + truststore, truststore_type) + for prop in props: if prop.getAttribute('name') == 'props.db.1': set_property(dom_tree, prop, 'oracle.net.ssl_server_dn_match', 'true') set_property(dom_tree, prop, 'oracle.net.ssl_version', '1.2') set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path) - set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', 'JKS') - set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/truststore.jks') - set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', 'JKS') - set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/keystore.jks') - set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password) - set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) + set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type) + set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type) + if not os.path.isabs(keystore): + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + keystore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore) + if not os.path.isabs(truststore): + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + truststore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore) + + if keystore_password is not None: + set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password) + if truststore_password is not None: + set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) # Persist the changes in the xml file file_handle = open(xml_doc, "w") dom_tree.writexml(file_handle) file_handle.close() + +def fix_store_type_and_default_value(keystore, keystore_type, truststore, truststore_type): + # historical reason atp does not need these inputs by default and it uses JKS + # set the default and return it + if truststore is None: + truststore = "truststore.jks" + if keystore is None: + keystore = "keystore.jks" + if truststore_type is None: + truststore_type = "JKS" + if keystore_type is None: + keystore_type = "JKS" + return keystore, keystore_type, truststore, truststore_type + + def set_property(dom_tree, prop, name, value): ''' Sets the property child element under prop parent node. @@ -58,11 +86,17 @@ def fix_jps_config(rcu_db_info, model_context): tns_admin = rcu_db_info.get_tns_admin() keystore_password = rcu_db_info.get_keystore_password() truststore_password = rcu_db_info.get_truststore_password() + keystore_type = rcu_db_info.get_keystore_type() + truststore_type = rcu_db_info.get_truststore_type() + keystore = rcu_db_info.get_keystore() + truststore = rcu_db_info.get_truststore() jps_config = model_context.get_domain_home() + '/config/fmwconfig/jps-config.xml' jps_config_jse = model_context.get_domain_home() + '/config/fmwconfig/jps-config-jse.xml' - set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password) - set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password) + set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type) + set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type) def get_atp_connect_string(tnsnames_ora_path, tns_sid_name): diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index a51ac461a6..2812b79734 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2017, 2022, Oracle and/or its affiliates. +Copyright (c) 2017, 2023, Oracle and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ import os, re @@ -276,33 +276,30 @@ def __run_rcu(self): # ATP database, build runner map from RCUDbInfo in the model. # check it first - self.__validate_and_get_atp_rcudbinfo(rcu_db_info, True) + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_atp_rcudbinfo(rcu_db_info, True) rcu_runner_map = dict() - atp_conn_properties = {} - - # update password fields with decrypted passwords - if rcu_db_info.get_keystore_password() is not None: - atp_conn_properties[DRIVER_PARAMS_KEYSTOREPWD_PROPERTY] \ - = {'Value': rcu_db_info.get_keystore_password()} - - if rcu_db_info.get_truststore_password() is not None: - atp_conn_properties[DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY] \ - = {'Value': rcu_db_info.get_truststore_password()} - - atp_conn_properties[DRIVER_PARAMS_NET_TNS_ADMIN] = { 'Value': rcu_db_info.get_tns_admin()} - atp_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = { 'Value': 1.2 } - atp_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = { 'Value': 'false' } - atp_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = { 'Value': 'false' } - atp_conn_properties[DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY] = { 'Value': 'JKS' } - atp_conn_properties[DRIVER_PARAMS_KEYSTORETYPE_PROPERTY] = { 'Value': 'JKS' } - atp_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY] = { 'Value': rcu_db_info.get_tns_admin() - + os.sep + "truststore.jks" } - atp_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY] = { 'Value': rcu_db_info.get_tns_admin() - + os.sep + "keystore.jks"} - - if not atp_conn_properties.has_key(DRIVER_PARAMS_NET_FAN_ENABLED): - atp_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = { 'Value' : 'false'} + ssl_conn_properties = dict() + + # historical reason, these values may not be there, and assume default name for now, user can override with + # sso file name + + truststore = rcu_db_info.get_truststore() + keystore = rcu_db_info.get_keystore() + truststore_type = rcu_db_info.get_truststore_type() + keystore_type = rcu_db_info.get_keystore_type() + keystore, keystore_type, truststore, truststore_type = atp_helper.fix_store_type_and_default_value(keystore, + keystore_type, truststore, truststore_type) + + + self._set_rcu_ssl_args_properties(ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type) + + # hard coding for now, may need to expose it if ATP access changed later + ssl_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = 'false' + ssl_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = '1.2' + ssl_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = 'false' # reset these to pick up any defaults from rcu_db_info @@ -310,20 +307,33 @@ def __run_rcu(self): rcu_runner_map[ATP_TEMPORARY_TABLESPACE] = rcu_db_info.get_atp_temporary_tablespace() rcu_runner_map[ATP_DEFAULT_TABLESPACE] = rcu_db_info.get_atp_default_tablespace() - fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_db_info.get_tns_entry()) + fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database) runner = RCURunner.createAtpRunner(domain_type, oracle_home, java_home, fmw_database, rcu_schemas, rcu_prefix, rcu_db_info.get_rcu_variables(), rcu_db_info.get_database_type(), rcu_runner_map, - atp_conn_properties + ssl_conn_properties ) elif rcu_db_info.is_use_ssl(): - rcu_db = rcu_db_info.get_preferred_db() - rcu_runner_map =dict() - rcu_runner_map[SSL_ADMIN_USER] = rcu_db_info.get_tns_admin() - runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, rcu_db, rcu_prefix, rcu_schemas, - rcu_db_info.get_rcu_variables(), rcu_runner_map) + + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_ssl_rcudbinfo(rcu_db_info) + + rcu_runner_map = dict() + rcu_db_user = rcu_db_info.get_preferred_db_user() + ssl_conn_properties = dict() + + self._set_rcu_ssl_args_properties(ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type) + + ssl_conn_properties["oracle.net.ssl_server_dn_match"] = 'false' + + fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database) + runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, fmw_database, rcu_prefix, rcu_schemas, + rcu_db_info.get_rcu_variables(), rcu_runner_map, ssl_conn_properties) + + runner.setRCUAdminUser(rcu_db_user) else: # Non-ATP database, use DB config from the command line or RCUDbInfo in the model. rcu_db = rcu_db_info.get_preferred_db() @@ -340,6 +350,20 @@ def __run_rcu(self): runner.runRcu(rcu_sys_pass, rcu_schema_pass) self.logger.exiting(class_name=self.__class_name, method_name=_method_name) + def _set_rcu_ssl_args_properties(self, ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type): + if rcu_db_info.get_keystore_password() is not None: + ssl_conn_properties[DRIVER_PARAMS_KEYSTOREPWD_PROPERTY] = rcu_db_info.get_keystore_password() + if rcu_db_info.get_truststore_password() is not None: + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY] = rcu_db_info.get_truststore_password() + ssl_conn_properties[DRIVER_PARAMS_NET_TNS_ADMIN] = rcu_db_info.get_tns_admin() + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY] = truststore_type + ssl_conn_properties[DRIVER_PARAMS_KEYSTORETYPE_PROPERTY] = keystore_type + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY] = self.__get_store_path(rcu_db_info.get_tns_admin(), + truststore) + ssl_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY] = self.__get_store_path(rcu_db_info.get_tns_admin(), + keystore) + def __fail_mt_1221_domain_creation(self): """ Abort create if domain contains MT artifacts that cannot be created in the version of WLST offline being used @@ -989,33 +1013,40 @@ def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): _method_name = '__validate_and_get_atp_rcudbinfo' tns_admin = rcu_db_info.get_tns_admin() + rcu_database = rcu_db_info.get_preferred_db() - if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora"): - ex = exception_helper.create_create_exception('WLSDPLY-12562') - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + if rcu_database is None: + if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora"): + ex = exception_helper.create_create_exception('WLSDPLY-12562') + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex - if rcu_db_info.get_tns_entry() is None: - ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', - "['tns.alias','javax.net.ssl.keyStorePassword'," - "'javax.net.ssl.trustStorePassword']") - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + if rcu_db_info.get_tns_entry() is None: + ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', + "['tns.alias','javax.net.ssl.keyStorePassword'," + "'javax.net.ssl.trustStorePassword']") + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex - rcu_database, error = atp_helper.get_atp_connect_string(tns_admin + os.sep + 'tnsnames.ora', - rcu_db_info.get_tns_entry()) + rcu_database, error = atp_helper.get_atp_connect_string(tns_admin + os.sep + 'tnsnames.ora', + rcu_db_info.get_tns_entry()) # keystore_pwd = rcu_db_info.get_keystore_password() truststore_pwd = rcu_db_info.get_truststore_password() - if keystore_pwd is None: + truststore_type = rcu_db_info.get_truststore_type() + keystore_type = rcu_db_info.get_keystore_type() + truststore = rcu_db_info.get_truststore() + keystore = rcu_db_info.get_keystore() + + if keystore_pwd is None and keystore_type != 'SSO': ex = exception_helper.create_create_exception('WLSDPLY-12413','javax.net.ssl.keyStorePassword', "['tns.alias','javax.net.ssl.keyStorePassword'," "'javax.net.ssl.trustStorePassword']") self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) raise ex - if truststore_pwd is None: + if truststore_pwd is None and truststore_type != 'SSO': ex = exception_helper.create_create_exception('WLSDPLY-12413','javax.net.ssl.trustStorePassword', "['tns.alias','javax.net.ssl.keyStorePassword'," "'javax.net.ssl.trustStorePassword']") @@ -1029,32 +1060,36 @@ def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): "'rcu_admin_password']") raise ex - return tns_admin, rcu_database, keystore_pwd, truststore_pwd + return tns_admin, rcu_database, truststore_pwd, truststore_type, truststore, keystore_pwd, keystore_type, keystore def __validate_and_get_ssl_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): """ Check and return ssl connection info and make sure ssl rcudb info is complete :raises: CreateException: if an error occurs """ - _method_name = '__retrieve_ssl_rcudbinfo' + _method_name = '__validate_and_get_ssl_rcudbinfo' tns_admin = rcu_db_info.get_tns_admin() truststore = rcu_db_info.get_truststore() - if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora") \ - or not os.path.exists(tns_admin + os.sep + truststore): - ex = exception_helper.create_create_exception('WLSDPLY-12562') - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex - if rcu_db_info.get_tns_entry() is None: - ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', - "['tns.alias','javax.net.ssl.keyStorePassword'," - "'javax.net.ssl.trustStorePassword']") - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + rcu_database = rcu_db_info.get_preferred_db() + # If user specify connect string, no need to fetch from tnsnames.ora + + if rcu_database is None: + if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora") \ + or not os.path.exists(tns_admin + os.sep + truststore): + ex = exception_helper.create_create_exception('WLSDPLY-12562') + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex - rcu_database, error = ssl_helper.get_ssl_connect_string(tns_admin + os.sep + 'tnsnames.ora', - rcu_db_info.get_tns_entry()) + if rcu_db_info.get_tns_entry() is None: + ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', + "['tns.alias','javax.net.ssl.keyStorePassword'," + "'javax.net.ssl.trustStorePassword']") + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex + rcu_database, error = ssl_helper.get_ssl_connect_string(tns_admin + os.sep + 'tnsnames.ora', + rcu_db_info.get_tns_entry()) truststore = rcu_db_info.get_truststore() truststore_type = rcu_db_info.get_truststore_type() truststore_pwd = rcu_db_info.get_truststore_password() @@ -1131,7 +1166,8 @@ def __set_rcu_datasource_parameters_without_shadow_table(self, rcu_db_info): is_ssl_ds = rcu_db_info.is_use_ssl() if is_atp_ds: - tns_admin, rcu_database, keystore_pwd, truststore_pwd = self.__validate_and_get_atp_rcudbinfo(rcu_db_info) + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_atp_rcudbinfo(rcu_db_info) elif is_ssl_ds: tns_admin, rcu_database, truststore_pwd, truststore_type, \ truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_ssl_rcudbinfo(rcu_db_info) @@ -1161,7 +1197,8 @@ def __set_rcu_datasource_parameters_without_shadow_table(self, rcu_db_info): self.__reset_datasource_template_userid(ds_name, rcu_prefix) if is_atp_ds: - self.__set_atp_standard_conn_properties(keystore_pwd, ds_name, tns_admin, truststore_pwd) + self.__set_atp_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type, + keystore_pwd, keystore_type, keystore) elif is_ssl_ds: self.__set_ssl_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type, keystore_pwd, keystore_type, keystore) @@ -1200,14 +1237,25 @@ def __set_datasource_url(self, datasource_name, url_string): self.aliases.get_wlst_attribute_name_and_value(location, URL, url) self.wlst_helper.set_if_needed(wlst_name, wlst_value) + def __get_store_path(self, tns_admin, store): + result = store + if not os.path.isabs(store): + if tns_admin: + result = tns_admin + os.sep + store + return result + def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd, truststore_type, keystore_pwd, keystore_type, keystore): location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases) - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep - + truststore) + # Should always have trust store + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, + self.__get_store_path(tns_admin, truststore)) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type) + + # if not sso type then user must provide pwd if truststore_pwd is not None and truststore_pwd != 'None': self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, encrypted=True) @@ -1215,26 +1263,32 @@ def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, trustst if keystore_pwd is not None and keystore_pwd != 'None': self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) + # if it is 2 ways SSL if keystore is not None and keystore != 'None': - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, keystore, encrypted=True) + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, + self.__get_store_path(tns_admin, keystore)) if keystore_type is not None and keystore_type != 'None': - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type, encrypted=True) + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type) - - def __set_atp_standard_conn_properties(self, keystore_pwd, datasource_name, tns_admin, truststore_pwd): + def __set_atp_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd, + truststore_type, keystore_pwd, keystore_type, keystore): location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases) + keystore, keystore_type, truststore, truststore_type = atp_helper.fix_store_type_and_default_value(keystore, + keystore_type, truststore, truststore_type) - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, tns_admin + os.sep - + 'keystore.jks') - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, - 'JKS') - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep - + 'truststore.jks') - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, - 'JKS') - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, encrypted=True) + + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, self.__get_store_path(tns_admin, + keystore)) + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type) + if keystore_pwd: + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, self.__get_store_path(tns_admin, + truststore)) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type) + if truststore_pwd: + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, + encrypted=True) self.__set_connection_property(location, DRIVER_PARAMS_NET_SSL_VERSION, '1.2') self.__set_connection_property(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true') self.__set_connection_property(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin) diff --git a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py index 4279de6e14..86b2dc17f6 100644 --- a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. +Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ from wlsdeploy.aliases import alias_utils @@ -14,6 +14,7 @@ from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORE_PROPERTY from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY +from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_KEYSTORE_PROPERTY from wlsdeploy.aliases.model_constants import RCU_ADMIN_PASSWORD from wlsdeploy.aliases.model_constants import RCU_DB_CONN from wlsdeploy.aliases.model_constants import RCU_DB_INFO @@ -96,7 +97,7 @@ def get_rcu_schema_password(self): return self.aliases.decrypt_password(password) def get_keystore(self): - return self._get_dictionary_element_value(DRIVER_PARAMS_kEYSTORE_PROPERTY) + return self._get_dictionary_element_value(DRIVER_PARAMS_KEYSTORE_PROPERTY) def get_keystore_type(self): return self._get_dictionary_element_value(DRIVER_PARAMS_KEYSTORETYPE_PROPERTY) diff --git a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py index b044b4d96f..12863d9295 100644 --- a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py @@ -1,10 +1,10 @@ """ -Copyright (c) 2022, Oracle Corporation and/or its affiliates. +Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ -import re +import re, os from java.lang import String from xml.dom.minidom import parse from wlsdeploy.exception import exception_helper @@ -28,12 +28,19 @@ def set_ssl_properties(xml_doc, atp_creds_path, truststore, truststore_type, tru for prop in props: if prop.getAttribute('name') == 'props.db.1': set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type) - set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/' + truststore) + if not os.path.isabs(truststore): + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/' + truststore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore) + set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path) if truststore_password is not None: set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) if keystore is not None: - set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/' + keystore) + if not os.path.isabs(keystore): + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/' + keystore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore) if keystore_type is not None: set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type) if keystore_password is not None: