various atp and ssl JRF database refactoring (#1366)

* Fix ssl db run rcu error and refactor

* refactoring

* copyrights updates

* cleanup

* add comment

* Fix per PR comments

Author: jshum2479

core/src/main/java/oracle/weblogic/deploy/create/RCURunner.java

@@ -19,7 +19,6 @@
 import oracle.weblogic.deploy.util.ScriptRunnerException;
 import oracle.weblogic.deploy.util.StringUtils;
 
-import org.python.core.PyClass;
 import org.python.core.PyDictionary;
 import org.python.core.PyString;
 
@@ -72,7 +71,7 @@ public class RCURunner {
     private boolean atpDB = false;
     private boolean sslDB = false;
 
-    private String atpSSlArgs = null;
+    private String sslArgs = null;
     private String atpAdminUser = null;
     private String rcuAdminUser = DB_USER;
     private String atpDefaultTablespace = null;
@@ -136,36 +135,23 @@ public static RCURunner createRunner(String domainType, String oracleHome, Strin
      * @param javaHome   the JAVA_HOME location
      * @param rcuSchemas the list of RCU schemas to create (this list should not include STB)
      * @param rcuVariables a comma separated list of key=value variables
-     * @param connectionProperties dictionary of ATP specific arguments
+     * @param sslConnectionProperties dictionary of ATP specific arguments
      * @throws CreateException if a parameter validation error occurs
      */
     public static RCURunner createAtpRunner(String domainType, String oracleHome, String javaHome, String rcuDb,
                                             List<String> rcuSchemas, String rcuPrefix, String rcuVariables,
                                             String databaseType, PyDictionary runnerMap,
-                                            PyDictionary connectionProperties) throws CreateException {
+                                            PyDictionary sslConnectionProperties) throws CreateException {
 
         RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables);
 
-        StringBuilder sslArgs = new StringBuilder();
-
-        for (Object connectionProperty: connectionProperties.keys()) {
-            if (sslArgs.length() != 0) {
-                sslArgs.append(',');
-            }
-            sslArgs.append(connectionProperty.toString());
-            sslArgs.append('=');
-            PyDictionary valueObject = (PyDictionary)connectionProperties
-                .get(new PyString(connectionProperty.toString()));
-            sslArgs.append(valueObject.get(new PyString("Value")));
-        }
-
-
-        addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.keyStorePassword");
-        addExtraSSLPropertyFromMap(runnerMap, connectionProperties, sslArgs, "javax.net.ssl.trustStorePassword");
+        StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties);
 
+        addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.keyStorePassword");
+        addExtraSSLPropertyFromMap(runnerMap, sslConnectionProperties, sslArgs, "javax.net.ssl.trustStorePassword");
 
         runner.atpDB = true; // "ATP".equals(databaseType);  // or scan if there are any 'ssl' in properties ?
-        runner.atpSSlArgs = sslArgs.toString();
+        runner.sslArgs = sslArgs.toString();
 
         runner.atpAdminUser = get(runnerMap, "atp.admin.user");
         runner.atpDefaultTablespace = get(runnerMap, "atp.default.tablespace");
@@ -174,6 +160,21 @@ public static RCURunner createAtpRunner(String domainType, String oracleHome, St
         return runner;
     }
 
+    private static StringBuilder getSSLArgsStringBuilder(PyDictionary connectionProperties) {
+        StringBuilder sslArgs = new StringBuilder();
+
+        for (Object connectionProperty: connectionProperties.keys()) {
+            if (sslArgs.length() != 0) {
+                sslArgs.append(',');
+            }
+            String key = connectionProperty.toString();
+            sslArgs.append(key);
+            sslArgs.append('=');
+            sslArgs.append(get(connectionProperties, key));
+        }
+        return sslArgs;
+    }
+
     private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDictionary connectionProperties,
                                                    StringBuilder sslArgs, String key) {
         if (!connectionProperties.has_key(new PyString(key)) &&
@@ -199,44 +200,16 @@ private static void addExtraSSLPropertyFromMap(PyDictionary runnerMap, PyDiction
      */
     public static RCURunner createSslRunner(String domainType, String oracleHome, String javaHome, String rcuDb,
                                             String rcuPrefix, List<String> rcuSchemas, String rcuVariables,
-                                            PyDictionary rcuProperties) throws CreateException {
+                                            PyDictionary rcuProperties,
+                                            PyDictionary sslConnectionProperties) throws CreateException {
 
-        String tnsAdmin = get(rcuProperties, "oracle.net.tns_admin");
 
         RCURunner runner = new RCURunner(domainType, oracleHome, javaHome, rcuDb, rcuPrefix, rcuSchemas, rcuVariables);
-        String trustStorePassword = get(rcuProperties, "javax.net.ssl.trustStorePassword");
-        String trustStore = get(rcuProperties, "javax.net.ssl.keyStore");
-        String trustStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
-        String keyStorePassword = get(rcuProperties, "javax.net.ssl.keyStorePassword");
-        String keyStore = get(rcuProperties, "javax.net.ssl.keyStore");
-        String keyStoreType = get(rcuProperties, "javax.net.ssl.keyStoreType");
-        String matchType = get(rcuProperties, "oracle.net.ssl_server_dn_match");
-        if (matchType == null || matchType.equals("None"))  {
-            matchType = Boolean.FALSE.toString();
-        }
-
 
-        StringBuilder sslArgs = new StringBuilder();
-        sslArgs.append("oracle.net.tns_admin=");
-        sslArgs.append(tnsAdmin);
-
-        sslArgs.append(",javax.net.ssl.trustStore=");
-        sslArgs.append(tnsAdmin + "/" + trustStore);
-        sslArgs.append(",javax.net.ssl.trustStoreType=" + trustStoreType);
-        // If wallet type is SSO, no password present
-        if (trustStorePassword != null && !trustStorePassword.equals("None")) {
-            sslArgs.append(",javax.net.ssl.trustStorePassword="+ trustStorePassword);
-        }
-        sslArgs.append(",javax.net.ssl.keyStore=");
-        sslArgs.append(tnsAdmin + "/" + keyStore);
-        sslArgs.append(",javax.net.ssl.keyStoreType=" + keyStoreType);
-        if (keyStorePassword != null && !keyStorePassword.equals("None")) {
-            sslArgs.append(",javax.net.ssl.keyStorePassword="+ keyStorePassword);
-        }
-        sslArgs.append(",oracle.net.ssl_server_dn_match="+ matchType);
+        StringBuilder sslArgs = getSSLArgsStringBuilder(sslConnectionProperties);
 
         runner.sslDB = true;
-        runner.atpSSlArgs = sslArgs.toString();
+        runner.sslArgs = sslArgs.toString();
         return runner;
     }
 
@@ -377,11 +350,11 @@ private String[] getCommandLineArgs(String operationSwitch) {
             arguments.add(SERVER_DN_SWITCH);
             arguments.add("CN=ignored");
             arguments.add(SSLARGS);
-            arguments.add(atpSSlArgs);
+            arguments.add(sslArgs);
         } else if (sslDB) {
             arguments.add(USE_SSL_SWITCH);
             arguments.add(SSLARGS);
-            arguments.add(atpSSlArgs);
+            arguments.add(sslArgs);
             arguments.add(DB_ROLE_SWITCH);
             arguments.add(DB_ROLE);
             arguments.add(DB_USER_SWITCH);

core/src/main/python/wlsdeploy/tool/create/atp_helper.py

@@ -1,8 +1,8 @@
 """
-Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates.  All rights reserved.
+Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates.  All rights reserved.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
-import re
+import re, os
 from xml.dom.minidom import parse
 from wlsdeploy.exception import exception_helper
 
@@ -11,7 +11,8 @@
 
 _logger = PlatformLogger('wlsdeploy.create')
 
-def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password):
+def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_password, keystore, keystore_type,
+                       truststore, truststore_type):
     '''
     Add SSL config properties to the specified XML document.
     :param xml_doc:                 The XML document
@@ -22,22 +23,49 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa
     collection = dom_tree.documentElement
     props = collection.getElementsByTagName("propertySet")
 
+    keystore, keystore_type, truststore, truststore_type = fix_store_type_and_default_value(keystore, keystore_type,
+                                                                                            truststore, truststore_type)
+
     for prop in props:
         if prop.getAttribute('name') == 'props.db.1':
             set_property(dom_tree, prop, 'oracle.net.ssl_server_dn_match', 'true')
             set_property(dom_tree, prop, 'oracle.net.ssl_version', '1.2')
             set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path)
-            set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', 'JKS')
-            set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + '/truststore.jks')
-            set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', 'JKS')
-            set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + '/keystore.jks')
-            set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password)
-            set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password)
+            set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type)
+            set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type)
+            if not os.path.isabs(keystore):
+                set_property(dom_tree, prop, 'javax.net.ssl.keyStore', atp_creds_path + keystore)
+            else:
+                set_property(dom_tree, prop, 'javax.net.ssl.keyStore', keystore)
+            if not os.path.isabs(truststore):
+                set_property(dom_tree, prop, 'javax.net.ssl.trustStore', atp_creds_path + truststore)
+            else:
+                set_property(dom_tree, prop, 'javax.net.ssl.trustStore', truststore)
+
+            if keystore_password is not None:
+                set_property(dom_tree, prop, 'javax.net.ssl.keyStorePassword', keystore_password)
+            if truststore_password is not None:
+                set_property(dom_tree, prop, 'javax.net.ssl.trustStorePassword', truststore_password)
             # Persist the changes in the xml file
             file_handle = open(xml_doc, "w")
             dom_tree.writexml(file_handle)
             file_handle.close()
 
+
+def fix_store_type_and_default_value(keystore, keystore_type, truststore, truststore_type):
+    # historical reason atp does not need these inputs by default and it uses JKS
+    # set the default and return it
+    if truststore is None:
+        truststore = "truststore.jks"
+    if keystore is None:
+        keystore = "keystore.jks"
+    if truststore_type is None:
+        truststore_type = "JKS"
+    if keystore_type is None:
+        keystore_type = "JKS"
+    return keystore, keystore_type, truststore, truststore_type
+
+
 def set_property(dom_tree, prop, name, value):
     '''
     Sets the property child element under prop parent node.
@@ -58,11 +86,17 @@ def fix_jps_config(rcu_db_info, model_context):
     tns_admin = rcu_db_info.get_tns_admin()
     keystore_password = rcu_db_info.get_keystore_password()
     truststore_password = rcu_db_info.get_truststore_password()
+    keystore_type = rcu_db_info.get_keystore_type()
+    truststore_type = rcu_db_info.get_truststore_type()
+    keystore = rcu_db_info.get_keystore()
+    truststore = rcu_db_info.get_truststore()
 
     jps_config = model_context.get_domain_home() + '/config/fmwconfig/jps-config.xml'
     jps_config_jse = model_context.get_domain_home() + '/config/fmwconfig/jps-config-jse.xml'
-    set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password)
-    set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password)
+    set_ssl_properties(jps_config, tns_admin, keystore_password, truststore_password, keystore, keystore_type,
+                       truststore, truststore_type)
+    set_ssl_properties(jps_config_jse, tns_admin, keystore_password, truststore_password, keystore, keystore_type,
+                       truststore, truststore_type)
 
 
 def get_atp_connect_string(tnsnames_ora_path, tns_sid_name):