From c002375179d5f75e71ddbb83d39f81be633bbb60 Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Wed, 25 Jan 2023 21:20:07 -0600 Subject: [PATCH 1/6] Fix ssl db run rcu error and refactor --- .../weblogic/deploy/create/RCURunner.java | 116 +++++++------- .../wlsdeploy/tool/create/domain_creator.py | 148 ++++++++++++------ .../wlsdeploy/tool/create/rcudbinfo_helper.py | 3 +- 3 files changed, 163 insertions(+), 104 deletions(-) diff --git a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java index 46cb375718..933bbebcba 100644 --- a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java +++ b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java @@ -19,7 +19,6 @@ import oracle.weblogic.deploy.util.ScriptRunnerException; import oracle.weblogic.deploy.util.StringUtils; -import org.python.core.PyClass; import org.python.core.PyDictionary; import org.python.core.PyString; @@ -72,7 +71,7 @@ public class RCURunner { private boolean atpDB = false; private boolean sslDB = false; - private String atpSSlArgs = null; + private String sSlArgs = null; private String atpAdminUser = null; private String rcuAdminUser = DB_USER; private String atpDefaultTablespace = null; @@ -136,36 +135,23 @@ public static RCURunner createRunner(String domainType, String oracleHome, Strin * @param javaHome the JAVA_HOME location * @param rcuSchemas the list of RCU schemas to create (this list should not include STB) * @param rcuVariables a comma separated list of key=value variables - * @param connectionProperties dictionary of ATP specific arguments + * @param sslConnectionProperties dictionary of ATP specific arguments * @throws CreateException if a parameter validation error occurs */ public static RCURunner createAtpRunner(String domainType, String oracleHome, String javaHome, String rcuDb, List rcuSchemas, String rcuPrefix, String rcuVariables, String databaseType, PyDictionary runnerMap, - PyDictionary connectionProperties) throws CreateException { + PyDictionary sslConnectionProperties) throws CreateException { RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables); - StringBuilder sslArgs = new StringBuilder(); - - for (Object connectionProperty: connectionProperties.keys()) { - if (sslArgs.length() != 0) { - sslArgs.append(','); - } - sslArgs.append(connectionProperty.toString()); - sslArgs.append('='); - PyDictionary valueObject = (PyDictionary)connectionProperties - .get(new PyString(connectionProperty.toString())); - sslArgs.append(valueObject.get(new PyString("Value"))); - } - - - addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.keyStorePassword"); - addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.trustStorePassword"); + StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); + addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.keyStorePassword"); + addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.trustStorePassword"); runner.atpDB = true; // "ATP".equals(databaseType); // or scan if there are any 'ssl' in properties ? - runner.atpSSlArgs = sslArgs.toString(); + runner.sSlArgs = sslArgs.toString(); runner.atpAdminUser = get(runnerMap, "atp.admin.user"); runner.atpDefaultTablespace = get(runnerMap, "atp.default.tablespace"); @@ -174,6 +160,23 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St return runner; } + private static StringBuilder getSSLArgsStringBuilder(PyDictionary connectionProperties) { + StringBuilder sslArgs = new StringBuilder(); + + for (Object connectionProperty: connectionProperties.keys()) { + if (sslArgs.length() != 0) { + sslArgs.append(','); + } + String key = connectionProperty.toString(); + sslArgs.append(key); + sslArgs.append('='); +// PyDictionary valueObject = (PyDictionary) connectionProperties.get(new PyString(key)); +// sslArgs.append(valueObject.get(new PyString("Value"))); + sslArgs.append(get(connectionProperties, key)); + } + return sslArgs; + } + private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDictionary connectionProperties, StringBuilder sslArgs, String key) { if (!connectionProperties.has_key(new PyString(key)) && @@ -199,44 +202,49 @@ private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDiction */ public static RCURunner createSslRunner(String domainType, String oracleHome, String javaHome, String rcuDb, String rcuPrefix, List rcuSchemas, String rcuVariables, - PyDictionary rcuProperties) throws CreateException { + PyDictionary rcuProperties, + PyDictionary sslConnectionProperties) throws CreateException { + // Wallet directory String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin"); RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables); - String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword"); - String trustStore = get(rcuProperties, "javax.net.ssl.keyStore"); - String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); - String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword"); - String keyStore = get(rcuProperties, "javax.net.ssl.keyStore"); - String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); - String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match"); - if (matchType == null || matchType.equals("None")) { - matchType = Boolean.FALSE.toString(); - } - - StringBuilder sslArgs = new StringBuilder(); - sslArgs.append("oracle.net.tns_admin="); - sslArgs.append(tnsAdmin); - - sslArgs.append(",javax.net.ssl.trustStore="); - sslArgs.append(tnsAdmin + "/" + trustStore); - sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType); - // If wallet type is SSO, no password present - if (trustStorePassword != null && !trustStorePassword.equals("None")) { - sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword); - } - sslArgs.append(",javax.net.ssl.keyStore="); - sslArgs.append(tnsAdmin + "/" + keyStore); - sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType); - if (keyStorePassword != null && !keyStorePassword.equals("None")) { - sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword); - } - sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType); + StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); + + +// String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword"); +// String trustStore = get(rcuProperties, "javax.net.ssl.keyStore"); +// String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); +// String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword"); +// String keyStore = get(rcuProperties, "javax.net.ssl.keyStore"); +// String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); +// String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match"); +// if (matchType == null || matchType.equals("None")) { +// matchType = Boolean.FALSE.toString(); +// } +// +// StringBuilder sslArgs = new StringBuilder(); +// sslArgs.append("oracle.net.tns_admin="); +// sslArgs.append(tnsAdmin); +// +// sslArgs.append(",javax.net.ssl.trustStore="); +// sslArgs.append(tnsAdmin + "/" + trustStore); +// sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType); +// // If wallet type is SSO, no password present +// if (trustStorePassword != null && !trustStorePassword.equals("None")) { +// sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword); +// } +// sslArgs.append(",javax.net.ssl.keyStore="); +// sslArgs.append(tnsAdmin + "/" + keyStore); +// sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType); +// if (keyStorePassword != null && !keyStorePassword.equals("None")) { +// sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword); +// } +// sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType); runner.sslDB = true; - runner.atpSSlArgs = sslArgs.toString(); + runner.sSlArgs = sslArgs.toString(); return runner; } @@ -377,11 +385,11 @@ private String[] getCommandLineArgs(String operationSwitch) { arguments.add(SERVER_DN_SWITCH); arguments.add("CN=ignored"); arguments.add(SSLARGS); - arguments.add(atpSSlArgs); + arguments.add(sSlArgs); } else if (sslDB) { arguments.add(USE_SSL_SWITCH); arguments.add(SSLARGS); - arguments.add(atpSSlArgs); + arguments.add(sSlArgs); arguments.add(DB_ROLE_SWITCH); arguments.add(DB_ROLE); arguments.add(DB_USER_SWITCH); diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index a51ac461a6..9520af34b9 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -279,30 +279,34 @@ def __run_rcu(self): self.__validate_and_get_atp_rcudbinfo(rcu_db_info, True) rcu_runner_map = dict() - atp_conn_properties = {} - - # update password fields with decrypted passwords - if rcu_db_info.get_keystore_password() is not None: - atp_conn_properties[DRIVER_PARAMS_KEYSTOREPWD_PROPERTY] \ - = {'Value': rcu_db_info.get_keystore_password()} - - if rcu_db_info.get_truststore_password() is not None: - atp_conn_properties[DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY] \ - = {'Value': rcu_db_info.get_truststore_password()} - - atp_conn_properties[DRIVER_PARAMS_NET_TNS_ADMIN] = { 'Value': rcu_db_info.get_tns_admin()} - atp_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = { 'Value': 1.2 } - atp_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = { 'Value': 'false' } - atp_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = { 'Value': 'false' } - atp_conn_properties[DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY] = { 'Value': 'JKS' } - atp_conn_properties[DRIVER_PARAMS_KEYSTORETYPE_PROPERTY] = { 'Value': 'JKS' } - atp_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY] = { 'Value': rcu_db_info.get_tns_admin() - + os.sep + "truststore.jks" } - atp_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY] = { 'Value': rcu_db_info.get_tns_admin() - + os.sep + "keystore.jks"} - - if not atp_conn_properties.has_key(DRIVER_PARAMS_NET_FAN_ENABLED): - atp_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = { 'Value' : 'false'} + ssl_conn_properties = dict() + + # historical reason, these values may not be there, and assume default name for now, user can override with + # sso file name + + truststore = rcu_db_info.get_truststore() + keystore = rcu_db_info.get_keystore() + truststore_type = rcu_db_info.get_truststore_type() + keystore_type = rcu_db_info.get_keystore_type() + + if truststore is None: + truststore = "truststore.jks" + if keystore is None: + keystore = "keystore.jks" + if truststore_type is None: + truststore_type = "JKS" + if keystore_type is None: + keystore_type = "JKS" + + self._set_rcu_ssl_args_properties(ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type) + + # hard coding for now, may need to expose it if ATP access changed later + + if not ssl_conn_properties.has_key(DRIVER_PARAMS_NET_FAN_ENABLED): + ssl_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = 'false' + ssl_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = '1.2' + ssl_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = 'false' # reset these to pick up any defaults from rcu_db_info @@ -315,15 +319,28 @@ def __run_rcu(self): rcu_schemas, rcu_prefix, rcu_db_info.get_rcu_variables(), rcu_db_info.get_database_type(), rcu_runner_map, - atp_conn_properties + ssl_conn_properties ) elif rcu_db_info.is_use_ssl(): - rcu_db = rcu_db_info.get_preferred_db() - rcu_runner_map =dict() - rcu_runner_map[SSL_ADMIN_USER] = rcu_db_info.get_tns_admin() - runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, rcu_db, rcu_prefix, rcu_schemas, - rcu_db_info.get_rcu_variables(), rcu_runner_map) + + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_ssl_rcudbinfo(rcu_db_info) + + rcu_runner_map = dict() + rcu_db_user = rcu_db_info.get_preferred_db_user() + ssl_conn_properties = dict() + + self._set_rcu_ssl_args_properties(ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type) + + ssl_conn_properties["oracle.net.ssl_server_dn_match"] = 'false' + + fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database) + runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, fmw_database, rcu_prefix, rcu_schemas, + rcu_db_info.get_rcu_variables(), rcu_runner_map, ssl_conn_properties) + + runner.setRCUAdminUser(rcu_db_user) else: # Non-ATP database, use DB config from the command line or RCUDbInfo in the model. rcu_db = rcu_db_info.get_preferred_db() @@ -340,6 +357,20 @@ def __run_rcu(self): runner.runRcu(rcu_sys_pass, rcu_schema_pass) self.logger.exiting(class_name=self.__class_name, method_name=_method_name) + def _set_rcu_ssl_args_properties(self, ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, + truststore_type): + if rcu_db_info.get_keystore_password() is not None: + ssl_conn_properties[DRIVER_PARAMS_KEYSTOREPWD_PROPERTY] = rcu_db_info.get_keystore_password() + if rcu_db_info.get_truststore_password() is not None: + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY] = rcu_db_info.get_truststore_password() + ssl_conn_properties[DRIVER_PARAMS_NET_TNS_ADMIN] = rcu_db_info.get_tns_admin() + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY] = truststore_type + ssl_conn_properties[DRIVER_PARAMS_KEYSTORETYPE_PROPERTY] = keystore_type + ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY] = self.__get_store_path(rcu_db_info.get_tns_admin(), + truststore) + ssl_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY] = self.__get_store_path(rcu_db_info.get_tns_admin(), + keystore) + def __fail_mt_1221_domain_creation(self): """ Abort create if domain contains MT artifacts that cannot be created in the version of WLST offline being used @@ -1008,6 +1039,9 @@ def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): keystore_pwd = rcu_db_info.get_keystore_password() truststore_pwd = rcu_db_info.get_truststore_password() + truststore_type = rcu_db_info.get_truststore_type() + keystore_type = rcu_db_info.get_keystore_type() + if keystore_pwd is None: ex = exception_helper.create_create_exception('WLSDPLY-12413','javax.net.ssl.keyStorePassword', "['tns.alias','javax.net.ssl.keyStorePassword'," @@ -1036,25 +1070,29 @@ def __validate_and_get_ssl_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): Check and return ssl connection info and make sure ssl rcudb info is complete :raises: CreateException: if an error occurs """ - _method_name = '__retrieve_ssl_rcudbinfo' + _method_name = '__validate_and_get_ssl_rcudbinfo' tns_admin = rcu_db_info.get_tns_admin() truststore = rcu_db_info.get_truststore() - if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora") \ - or not os.path.exists(tns_admin + os.sep + truststore): - ex = exception_helper.create_create_exception('WLSDPLY-12562') - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex - if rcu_db_info.get_tns_entry() is None: - ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', - "['tns.alias','javax.net.ssl.keyStorePassword'," - "'javax.net.ssl.trustStorePassword']") - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + rcu_database = rcu_db_info.get_preferred_db() + # If user specify connect string, no need to fetch from tnsnames.ora - rcu_database, error = ssl_helper.get_ssl_connect_string(tns_admin + os.sep + 'tnsnames.ora', - rcu_db_info.get_tns_entry()) + if rcu_database is None: + if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora") \ + or not os.path.exists(tns_admin + os.sep + truststore): + ex = exception_helper.create_create_exception('WLSDPLY-12562') + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex + + if rcu_db_info.get_tns_entry() is None: + ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', + "['tns.alias','javax.net.ssl.keyStorePassword'," + "'javax.net.ssl.trustStorePassword']") + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex + rcu_database, error = ssl_helper.get_ssl_connect_string(tns_admin + os.sep + 'tnsnames.ora', + rcu_db_info.get_tns_entry()) truststore = rcu_db_info.get_truststore() truststore_type = rcu_db_info.get_truststore_type() truststore_pwd = rcu_db_info.get_truststore_password() @@ -1200,14 +1238,25 @@ def __set_datasource_url(self, datasource_name, url_string): self.aliases.get_wlst_attribute_name_and_value(location, URL, url) self.wlst_helper.set_if_needed(wlst_name, wlst_value) + def __get_store_path(self, tns_admin, store): + result = store + if not os.path.isabs(store): + if tns_admin: + result = tns_admin + os.sep + store + return result + def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd, truststore_type, keystore_pwd, keystore_type, keystore): location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases) - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep - + truststore) + # Should always have trust store + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, + self.__get_store_path(tns_admin, truststore)) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type) + + # if not sso type then user must provide pwd if truststore_pwd is not None and truststore_pwd != 'None': self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, encrypted=True) @@ -1215,12 +1264,13 @@ def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, trustst if keystore_pwd is not None and keystore_pwd != 'None': self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) + # if it is 2 ways SSL if keystore is not None and keystore != 'None': - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, keystore, encrypted=True) + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, + self.__get_store_path(tns_admin, keystore)) if keystore_type is not None and keystore_type != 'None': - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type, encrypted=True) - + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type) def __set_atp_standard_conn_properties(self, keystore_pwd, datasource_name, tns_admin, truststore_pwd): location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases) diff --git a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py index 4279de6e14..5380a7be7a 100644 --- a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py @@ -14,6 +14,7 @@ from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORE_PROPERTY from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY +from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_KEYSTORE_PROPERTY from wlsdeploy.aliases.model_constants import RCU_ADMIN_PASSWORD from wlsdeploy.aliases.model_constants import RCU_DB_CONN from wlsdeploy.aliases.model_constants import RCU_DB_INFO @@ -96,7 +97,7 @@ def get_rcu_schema_password(self): return self.aliases.decrypt_password(password) def get_keystore(self): - return self._get_dictionary_element_value(DRIVER_PARAMS_kEYSTORE_PROPERTY) + return self._get_dictionary_element_value(DRIVER_PARAMS_KEYSTORE_PROPERTY) def get_keystore_type(self): return self._get_dictionary_element_value(DRIVER_PARAMS_KEYSTORETYPE_PROPERTY) From 0f7fc8cdffce750520b8f1a2d8b2c06e1424ed78 Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Thu, 26 Jan 2023 09:47:04 -0600 Subject: [PATCH 2/6] refactoring --- .../wlsdeploy/tool/create/atp_helper.py | 52 +++++++++--- .../wlsdeploy/tool/create/domain_creator.py | 82 ++++++++++--------- .../wlsdeploy/tool/create/ssl_helper.py | 13 ++- 3 files changed, 96 insertions(+), 51 deletions(-) diff --git a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py index 2d513e7071..72fe2f528e 100644 --- a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py @@ -2,7 +2,7 @@ Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. All rights reserved. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ -import re +import re, os from xml.dom.minidom import parse from wlsdeploy.exception import exception_helper @@ -11,7 +11,8 @@ _logger = PlatformLogger('wlsdeploy.create') -def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password): +def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type): ''' Add SSL config properties to the specified XML document. :param xml_doc: The XML document @@ -22,22 +23,47 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa collection = dom_tree.documentElement props = collection.getElementsByTagName("propertySet") + keystore, keystore_type, truststore, truststore_type = fix_store_type_and_default_value(keystore, keystore_type, + truststore, truststore_type) + for prop in props: if prop.getAttribute('name') == 'props.db.1': set_property(dom_tree, prop, 'oracle.net.ssl_server_dn_match', 'true') set_property(dom_tree, prop, 'oracle.net.ssl_version', '1.2') set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path) - set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', 'JKS') - set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/truststore.jks') - set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', 'JKS') - set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/keystore.jks') - set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password) - set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) + set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type) + set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type) + if not os.path.isabs(keystore): + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + keystore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore) + if not os.path.isabs(truststore): + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + truststore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore) + + if keystore_password is not None: + set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password) + if truststore_password is not None: + set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) # Persist the changes in the xml file file_handle = open(xml_doc, "w") dom_tree.writexml(file_handle) file_handle.close() + +def fix_store_type_and_default_value(keystore, keystore_type, truststore, truststore_type): + if truststore is None: + truststore = "truststore.jks" + if keystore is None: + keystore = "keystore.jks" + if truststore_type is None: + truststore_type = "JKS" + if keystore_type is None: + keystore_type = "JKS" + return keystore, keystore_type, truststore, truststore_type + + def set_property(dom_tree, prop, name, value): ''' Sets the property child element under prop parent node. @@ -58,11 +84,17 @@ def fix_jps_config(rcu_db_info, model_context): tns_admin = rcu_db_info.get_tns_admin() keystore_password = rcu_db_info.get_keystore_password() truststore_password = rcu_db_info.get_truststore_password() + keystore_type = rcu_db_info.get_keystore_type() + truststore_type = rcu_db_info.get_truststore_type() + keystore = rcu_db_info.get_keystore() + truststore = rcu_db_info.get_truststore() jps_config = model_context.get_domain_home() + '/config/fmwconfig/jps-config.xml' jps_config_jse = model_context.get_domain_home() + '/config/fmwconfig/jps-config-jse.xml' - set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password) - set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password) + set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type) + set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password, keystore, keystore_type, + truststore, truststore_type) def get_atp_connect_string(tnsnames_ora_path, tns_sid_name): diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index 9520af34b9..a237c05de6 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -276,7 +276,8 @@ def __run_rcu(self): # ATP database, build runner map from RCUDbInfo in the model. # check it first - self.__validate_and_get_atp_rcudbinfo(rcu_db_info, True) + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_atp_rcudbinfo(rcu_db_info, True) rcu_runner_map = dict() ssl_conn_properties = dict() @@ -288,15 +289,9 @@ def __run_rcu(self): keystore = rcu_db_info.get_keystore() truststore_type = rcu_db_info.get_truststore_type() keystore_type = rcu_db_info.get_keystore_type() + keystore, keystore_type, truststore, truststore_type = atp_helper.fix_store_type_and_default_value(keystore, + keystore_type, truststore, truststore_type) - if truststore is None: - truststore = "truststore.jks" - if keystore is None: - keystore = "keystore.jks" - if truststore_type is None: - truststore_type = "JKS" - if keystore_type is None: - keystore_type = "JKS" self._set_rcu_ssl_args_properties(ssl_conn_properties, rcu_db_info, keystore, keystore_type, truststore, truststore_type) @@ -314,7 +309,7 @@ def __run_rcu(self): rcu_runner_map[ATP_TEMPORARY_TABLESPACE] = rcu_db_info.get_atp_temporary_tablespace() rcu_runner_map[ATP_DEFAULT_TABLESPACE] = rcu_db_info.get_atp_default_tablespace() - fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_db_info.get_tns_entry()) + fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database) runner = RCURunner.createAtpRunner(domain_type, oracle_home, java_home, fmw_database, rcu_schemas, rcu_prefix, rcu_db_info.get_rcu_variables(), rcu_db_info.get_database_type(), @@ -1020,36 +1015,40 @@ def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): _method_name = '__validate_and_get_atp_rcudbinfo' tns_admin = rcu_db_info.get_tns_admin() + rcu_database = rcu_db_info.get_preferred_db() - if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora"): - ex = exception_helper.create_create_exception('WLSDPLY-12562') - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + if rcu_database is None: + if tns_admin is None or not os.path.exists(tns_admin + os.sep + "tnsnames.ora"): + ex = exception_helper.create_create_exception('WLSDPLY-12562') + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex - if rcu_db_info.get_tns_entry() is None: - ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', - "['tns.alias','javax.net.ssl.keyStorePassword'," - "'javax.net.ssl.trustStorePassword']") - self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) - raise ex + if rcu_db_info.get_tns_entry() is None: + ex = exception_helper.create_create_exception('WLSDPLY-12413','tns.alias', + "['tns.alias','javax.net.ssl.keyStorePassword'," + "'javax.net.ssl.trustStorePassword']") + self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) + raise ex - rcu_database, error = atp_helper.get_atp_connect_string(tns_admin + os.sep + 'tnsnames.ora', - rcu_db_info.get_tns_entry()) + rcu_database, error = atp_helper.get_atp_connect_string(tns_admin + os.sep + 'tnsnames.ora', + rcu_db_info.get_tns_entry()) # keystore_pwd = rcu_db_info.get_keystore_password() truststore_pwd = rcu_db_info.get_truststore_password() truststore_type = rcu_db_info.get_truststore_type() keystore_type = rcu_db_info.get_keystore_type() + truststore = rcu_db_info.get_truststore() + keystore = rcu_db_info.get_keystore() - if keystore_pwd is None: + if keystore_pwd is None and keystore_type != 'SSO': ex = exception_helper.create_create_exception('WLSDPLY-12413','javax.net.ssl.keyStorePassword', "['tns.alias','javax.net.ssl.keyStorePassword'," "'javax.net.ssl.trustStorePassword']") self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) raise ex - if truststore_pwd is None: + if truststore_pwd is None and truststore_type != 'SSO': ex = exception_helper.create_create_exception('WLSDPLY-12413','javax.net.ssl.trustStorePassword', "['tns.alias','javax.net.ssl.keyStorePassword'," "'javax.net.ssl.trustStorePassword']") @@ -1063,7 +1062,7 @@ def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): "'rcu_admin_password']") raise ex - return tns_admin, rcu_database, keystore_pwd, truststore_pwd + return tns_admin, rcu_database, truststore_pwd, truststore_type, truststore, keystore_pwd, keystore_type, keystore def __validate_and_get_ssl_rcudbinfo(self, rcu_db_info, check_admin_pwd=False): """ @@ -1169,7 +1168,8 @@ def __set_rcu_datasource_parameters_without_shadow_table(self, rcu_db_info): is_ssl_ds = rcu_db_info.is_use_ssl() if is_atp_ds: - tns_admin, rcu_database, keystore_pwd, truststore_pwd = self.__validate_and_get_atp_rcudbinfo(rcu_db_info) + tns_admin, rcu_database, truststore_pwd, truststore_type, \ + truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_atp_rcudbinfo(rcu_db_info) elif is_ssl_ds: tns_admin, rcu_database, truststore_pwd, truststore_type, \ truststore, keystore_pwd, keystore_type, keystore = self.__validate_and_get_ssl_rcudbinfo(rcu_db_info) @@ -1199,7 +1199,8 @@ def __set_rcu_datasource_parameters_without_shadow_table(self, rcu_db_info): self.__reset_datasource_template_userid(ds_name, rcu_prefix) if is_atp_ds: - self.__set_atp_standard_conn_properties(keystore_pwd, ds_name, tns_admin, truststore_pwd) + self.__set_atp_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type, + keystore_pwd, keystore_type, keystore) elif is_ssl_ds: self.__set_ssl_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type, keystore_pwd, keystore_type, keystore) @@ -1272,19 +1273,24 @@ def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, trustst if keystore_type is not None and keystore_type != 'None': self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type) - def __set_atp_standard_conn_properties(self, keystore_pwd, datasource_name, tns_admin, truststore_pwd): + def __set_atp_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd, + truststore_type, keystore_pwd, keystore_type, keystore): location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases) + keystore, keystore_type, truststore, truststore_type = atp_helper.fix_store_type_and_default_value(keystore, + keystore_type, truststore, truststore_type) - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, tns_admin + os.sep - + 'keystore.jks') - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, - 'JKS') - self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, tns_admin + os.sep - + 'truststore.jks') - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, - 'JKS') - self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, encrypted=True) + + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, self.__get_store_path(tns_admin, + keystore)) + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type) + if keystore_pwd: + self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, self.__get_store_path(tns_admin, + truststore)) + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type) + if truststore_pwd: + self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd, + encrypted=True) self.__set_connection_property(location, DRIVER_PARAMS_NET_SSL_VERSION, '1.2') self.__set_connection_property(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true') self.__set_connection_property(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin) diff --git a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py index b044b4d96f..5eb12b511d 100644 --- a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py @@ -4,7 +4,7 @@ """ -import re +import re, os from java.lang import String from xml.dom.minidom import parse from wlsdeploy.exception import exception_helper @@ -28,12 +28,19 @@ def set_ssl_properties(xml_doc, atp_creds_path, truststore, truststore_type, tru for prop in props: if prop.getAttribute('name') == 'props.db.1': set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type) - set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/' + truststore) + if not os.path.isabs(truststore): + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/' + truststore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore) + set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path) if truststore_password is not None: set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password) if keystore is not None: - set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/' + keystore) + if not os.path.isabs(keystore): + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/' + keystore) + else: + set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore) if keystore_type is not None: set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type) if keystore_password is not None: From 2ed6ab7410f87b27c5a3b1a22e7f53ccd67947ac Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Thu, 26 Jan 2023 10:12:51 -0600 Subject: [PATCH 3/6] copyrights updates --- core/src/main/python/wlsdeploy/tool/create/atp_helper.py | 2 +- core/src/main/python/wlsdeploy/tool/create/domain_creator.py | 2 +- core/src/main/python/wlsdeploy/tool/create/ssl_helper.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py index 72fe2f528e..b478fff473 100644 --- a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. All rights reserved. +Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates. All rights reserved. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ import re, os diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index a237c05de6..7776316229 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2017, 2022, Oracle and/or its affiliates. +Copyright (c) 2017, 2023, Oracle and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ import os, re diff --git a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py index 5eb12b511d..12863d9295 100644 --- a/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/ssl_helper.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2022, Oracle Corporation and/or its affiliates. +Copyright (c) 2022, 2023 Oracle Corporation and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. From d42491727b59d5c8fa4170dc06b597eeac4ded6e Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Thu, 26 Jan 2023 10:28:01 -0600 Subject: [PATCH 4/6] cleanup --- .../weblogic/deploy/create/RCURunner.java | 35 ------------------- .../wlsdeploy/tool/create/rcudbinfo_helper.py | 2 +- 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java index 933bbebcba..6c7b8e1714 100644 --- a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java +++ b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java @@ -170,8 +170,6 @@ private static StringBuilder getSSLArgsStringBuilder(PyDictionary connectionProp String key = connectionProperty.toString(); sslArgs.append(key); sslArgs.append('='); -// PyDictionary valueObject = (PyDictionary) connectionProperties.get(new PyString(key)); -// sslArgs.append(valueObject.get(new PyString("Value"))); sslArgs.append(get(connectionProperties, key)); } return sslArgs; @@ -205,44 +203,11 @@ public static RCURunner createSslRunner(String domainType, String oracleHome, St PyDictionary rcuProperties, PyDictionary sslConnectionProperties) throws CreateException { - // Wallet directory - String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin"); RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables); StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); - -// String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword"); -// String trustStore = get(rcuProperties, "javax.net.ssl.keyStore"); -// String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); -// String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword"); -// String keyStore = get(rcuProperties, "javax.net.ssl.keyStore"); -// String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType"); -// String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match"); -// if (matchType == null || matchType.equals("None")) { -// matchType = Boolean.FALSE.toString(); -// } -// -// StringBuilder sslArgs = new StringBuilder(); -// sslArgs.append("oracle.net.tns_admin="); -// sslArgs.append(tnsAdmin); -// -// sslArgs.append(",javax.net.ssl.trustStore="); -// sslArgs.append(tnsAdmin + "/" + trustStore); -// sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType); -// // If wallet type is SSO, no password present -// if (trustStorePassword != null && !trustStorePassword.equals("None")) { -// sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword); -// } -// sslArgs.append(",javax.net.ssl.keyStore="); -// sslArgs.append(tnsAdmin + "/" + keyStore); -// sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType); -// if (keyStorePassword != null && !keyStorePassword.equals("None")) { -// sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword); -// } -// sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType); - runner.sslDB = true; runner.sSlArgs = sslArgs.toString(); return runner; diff --git a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py index 5380a7be7a..86b2dc17f6 100644 --- a/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py @@ -1,5 +1,5 @@ """ -Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates. +Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. """ from wlsdeploy.aliases import alias_utils From 0cbfcf0e3889e49034cc98c0523129140ddcd947 Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Thu, 26 Jan 2023 10:37:44 -0600 Subject: [PATCH 5/6] add comment --- core/src/main/python/wlsdeploy/tool/create/atp_helper.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py index b478fff473..a83c91c7bf 100644 --- a/core/src/main/python/wlsdeploy/tool/create/atp_helper.py +++ b/core/src/main/python/wlsdeploy/tool/create/atp_helper.py @@ -53,6 +53,8 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa def fix_store_type_and_default_value(keystore, keystore_type, truststore, truststore_type): + # historical reason atp does not need these inputs by default and it uses JKS + # set the default and return it if truststore is None: truststore = "truststore.jks" if keystore is None: From 84681803c26d9f8b8d507c55dfaf628cdcfa84cd Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Thu, 26 Jan 2023 13:17:16 -0600 Subject: [PATCH 6/6] Fix per PR comments --- .../java/oracle/weblogic/deploy/create/RCURunner.java | 10 +++++----- .../python/wlsdeploy/tool/create/domain_creator.py | 4 +--- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java index 6c7b8e1714..a70b7a93f7 100644 --- a/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java +++ b/core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java @@ -71,7 +71,7 @@ public class RCURunner { private boolean atpDB = false; private boolean sslDB = false; - private String sSlArgs = null; + private String sslArgs = null; private String atpAdminUser = null; private String rcuAdminUser = DB_USER; private String atpDefaultTablespace = null; @@ -151,7 +151,7 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.trustStorePassword"); runner.atpDB = true; // "ATP".equals(databaseType); // or scan if there are any 'ssl' in properties ? - runner.sSlArgs = sslArgs.toString(); + runner.sslArgs = sslArgs.toString(); runner.atpAdminUser = get(runnerMap, "atp.admin.user"); runner.atpDefaultTablespace = get(runnerMap, "atp.default.tablespace"); @@ -209,7 +209,7 @@ public static RCURunner createSslRunner(String domainType, String oracleHome, St StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties); runner.sslDB = true; - runner.sSlArgs = sslArgs.toString(); + runner.sslArgs = sslArgs.toString(); return runner; } @@ -350,11 +350,11 @@ private String[] getCommandLineArgs(String operationSwitch) { arguments.add(SERVER_DN_SWITCH); arguments.add("CN=ignored"); arguments.add(SSLARGS); - arguments.add(sSlArgs); + arguments.add(sslArgs); } else if (sslDB) { arguments.add(USE_SSL_SWITCH); arguments.add(SSLARGS); - arguments.add(sSlArgs); + arguments.add(sslArgs); arguments.add(DB_ROLE_SWITCH); arguments.add(DB_ROLE); arguments.add(DB_USER_SWITCH); diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index 7776316229..2812b79734 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -297,9 +297,7 @@ def __run_rcu(self): truststore_type) # hard coding for now, may need to expose it if ATP access changed later - - if not ssl_conn_properties.has_key(DRIVER_PARAMS_NET_FAN_ENABLED): - ssl_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = 'false' + ssl_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = 'false' ssl_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = '1.2' ssl_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = 'false'