Addopssencryptkey (#392)

* add opss set secret capability

* complete logic for opss secret

* fix _method name

* refactoring

Author: jshum2479

core/src/main/java/oracle/weblogic/deploy/util/FileUtils.java

@@ -12,12 +12,15 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
 
 import javax.xml.bind.DatatypeConverter;
 
@@ -632,6 +635,56 @@ public static File writeInputStreamToFile(InputStream input, String fileName) th
         return file;
     }
 
+
+    public static void extractZipFileContent(WLSDeployArchive archiveFile, String zipEntry, String extractPath)  {
+        final String METHOD = "extractZipFileContent";
+
+        try {
+
+            if (zipEntry != null) {
+
+                File extractDir = new File(extractPath);
+                extractDir.mkdirs();
+                String walletZip = archiveFile.extractFile(zipEntry,
+                    Files.createTempDirectory("tempwallet").toFile());
+
+                if (!Files.exists(Paths.get(extractPath))) {
+                    Files.createDirectory(Paths.get(extractPath));
+                }
+
+                byte[] buffer = new byte[1024];
+                FileInputStream fis = new FileInputStream(walletZip);
+                ZipInputStream zis = new ZipInputStream(fis);
+                ZipEntry ze = zis.getNextEntry();
+                while (ze != null) {
+                    String fileName = ze.getName();
+                    File newFile = new File(extractPath + File.separator + fileName);
+                    new File(newFile.getParent()).mkdirs();
+                    FileOutputStream fos = new FileOutputStream(newFile);
+                    int len = zis.read(buffer);
+                    while (len > 0) {
+                        fos.write(buffer, 0, len);
+                        len = zis.read(buffer);
+                    }
+                    fos.close();
+                    zis.closeEntry();
+                    ze = zis.getNextEntry();
+
+                }
+                zis.closeEntry();
+                zis.close();
+                fis.close();
+                Files.delete(Paths.get(walletZip));
+            }
+        } catch (IOException | WLSDeployArchiveIOException ioe) {
+            String message = ExceptionHelper.getMessage("WLSDPLY-01118", METHOD, CLASS, ioe.getLocalizedMessage());
+            IllegalArgumentException iae = new IllegalArgumentException(message);
+            LOGGER.throwing(CLASS, METHOD, iae);
+            throw iae;
+
+        }
+
+    }
     ///////////////////////////////////////////////////////////////////////////
     // Private helper methods                                                //
     ///////////////////////////////////////////////////////////////////////////
@@ -718,4 +771,6 @@ public boolean accept(File dir, String name) {
             return result;
         }
     }
+
+
 }

core/src/main/java/oracle/weblogic/deploy/util/WLSDeployArchive.java

@@ -46,7 +46,6 @@
 from wlsdeploy.util import wlst_helper
 from wlsdeploy.util.cla_utils import CommandLineArgUtil
 from wlsdeploy.util.model_context import ModelContext
-from wlsdeploy.util.model_translator import FileToPython
 from wlsdeploy.util.weblogic_helper import WebLogicHelper
 from wlsdeploy.tool.create import atp_helper
 

core/src/main/python/create.py

@@ -185,7 +185,8 @@ class AliasEntries(object):
         # the ServerGroup is not listed in this map, it will be targeted to all managed
         # servers in the domain.
         'ServerGroupTargetingLimits': 'dict',
-        'RCUDbInfo' : 'dict'
+        'RCUDbInfo': 'dict',
+        'OPSSSecrets': 'string'
     }
 
     __domain_name_token = 'DOMAIN'

core/src/main/python/wlsdeploy/aliases/alias_entries.py

@@ -19,6 +19,7 @@
 APP_DIR = 'AppDir'
 APPLICATION = 'Application'
 RCU_DB_INFO = 'RCUDbInfo'
+OPSS_SECRETS = 'OPSSSecrets'
 RCU_PREFIX = 'rcu_prefix'
 RCU_SCHEMA_PASSWORD = 'rcu_schema_password'
 RCU_ADMIN_PASSWORD = 'rcu_admin_password'

core/src/main/python/wlsdeploy/aliases/model_constants.py

@@ -5,17 +5,12 @@
 
 """
 
-import os, re
-
-from xml.dom.minidom import parse
-
+import os
+import re
 from java.io import File
-from java.io import FileInputStream
-from java.io import FileOutputStream
-from java.util.zip import ZipInputStream
-import jarray
-
+from oracle.weblogic.deploy.util import FileUtils
 from wlsdeploy.aliases import model_constants
+from xml.dom.minidom import parse
 
 
 def set_ssl_properties(xmlDoc, atp_creds_path, keystore_password, truststore_password):
@@ -61,34 +56,6 @@ def set_property(DOMTree, prop, name, value):
     newline = DOMTree.createTextNode('\n')
     prop.appendChild(newline)
 
-
-def unzip_atp_wallet(wallet_file, location):
-
-    if not os.path.exists(location):
-        os.mkdir(location)
-
-    buffer = jarray.zeros(1024, "b")
-    fis = FileInputStream(wallet_file)
-    zis = ZipInputStream(fis)
-    ze = zis.getNextEntry()
-    while ze:
-        fileName = ze.getName()
-        newFile = File(location + File.separator + fileName)
-        File(newFile.getParent()).mkdirs()
-        fos = FileOutputStream(newFile)
-        len = zis.read(buffer)
-        while len > 0:
-            fos.write(buffer, 0, len)
-            len = zis.read(buffer)
-
-        fos.close()
-        zis.closeEntry()
-        ze = zis.getNextEntry()
-    zis.closeEntry()
-    zis.close()
-    fis.close()
-
-
 def fix_jps_config(rcu_db_info, model_context):
     tns_admin = rcu_db_info.get_atp_tns_admin()
     keystore_password = rcu_db_info.get_keystore_password()
@@ -163,7 +130,6 @@ def extract_walletzip(model, model_context, archive_file, atp_zipentry):
     extract_dir = File(extract_path)
     extract_dir.mkdirs()
     wallet_zip = archive_file.extractFile(atp_zipentry, File(domain_path))
-    unzip_atp_wallet(wallet_zip, extract_path)
-    os.remove(wallet_zip)
+    FileUtils.extractZipFileContent(archive_file, wallet_zip, extract_path)
     return extract_path
     # update the model to add the tns_admin

core/src/main/python/wlsdeploy/tool/create/atp_helper.py

@@ -3,18 +3,21 @@
 The Universal Permissive License (UPL), Version 1.0
 """
 import javaos as os
-from java.util import Properties
+import weblogic.security.internal.SerializedSystemIni as SerializedSystemIni
+import weblogic.security.internal.encryption.ClearOrEncryptedService as ClearOrEncryptedService
 from java.io import FileOutputStream
+from java.util import Properties
 from oracle.weblogic.deploy.create import RCURunner
+from oracle.weblogic.deploy.util import WLSDeployArchive, FileUtils
 from wlsdeploy.aliases.location_context import LocationContext
 from wlsdeploy.aliases.model_constants import ADMIN_PASSWORD
 from wlsdeploy.aliases.model_constants import ADMIN_SERVER_NAME
 from wlsdeploy.aliases.model_constants import ADMIN_USERNAME
 from wlsdeploy.aliases.model_constants import APP_DIR
 from wlsdeploy.aliases.model_constants import ATP_ADMIN_USER
-from wlsdeploy.aliases.model_constants import ATP_TNS_ENTRY
 from wlsdeploy.aliases.model_constants import ATP_DEFAULT_TABLESPACE
 from wlsdeploy.aliases.model_constants import ATP_TEMPORARY_TABLESPACE
+from wlsdeploy.aliases.model_constants import ATP_TNS_ENTRY
 from wlsdeploy.aliases.model_constants import CLUSTER
 from wlsdeploy.aliases.model_constants import CREATE_ONLY_DOMAIN_ATTRIBUTES
 from wlsdeploy.aliases.model_constants import DEFAULT_ADMIN_SERVER_NAME
@@ -41,14 +44,15 @@
 from wlsdeploy.aliases.model_constants import MACHINE
 from wlsdeploy.aliases.model_constants import MIGRATABLE_TARGET
 from wlsdeploy.aliases.model_constants import NAME
+from wlsdeploy.aliases.model_constants import OPSS_SECRETS
 from wlsdeploy.aliases.model_constants import PARTITION
 from wlsdeploy.aliases.model_constants import PASSWORD
 from wlsdeploy.aliases.model_constants import PASSWORD_ENCRYPTED
+from wlsdeploy.aliases.model_constants import RCU_ADMIN_PASSWORD
 from wlsdeploy.aliases.model_constants import RCU_DB_CONN
 from wlsdeploy.aliases.model_constants import RCU_DB_INFO
 from wlsdeploy.aliases.model_constants import RCU_PREFIX
 from wlsdeploy.aliases.model_constants import RCU_SCHEMA_PASSWORD
-from wlsdeploy.aliases.model_constants import RCU_ADMIN_PASSWORD
 from wlsdeploy.aliases.model_constants import RESOURCE_GROUP
 from wlsdeploy.aliases.model_constants import RESOURCE_GROUP_TEMPLATE
 from wlsdeploy.aliases.model_constants import SECURITY
@@ -70,8 +74,8 @@
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.exception.expection_types import ExceptionType
 from wlsdeploy.tool.create import atp_helper
-from wlsdeploy.tool.create.rcudbinfo_helper import RcuDbInfo
 from wlsdeploy.tool.create.creator import Creator
+from wlsdeploy.tool.create.rcudbinfo_helper import RcuDbInfo
 from wlsdeploy.tool.create.security_provider_creator import SecurityProviderCreator
 from wlsdeploy.tool.deploy import deployer_utils
 from wlsdeploy.tool.deploy import model_deployer
@@ -82,8 +86,6 @@
 from wlsdeploy.tool.util.topology_helper import TopologyHelper
 from wlsdeploy.util import dictionary_utils
 from wlsdeploy.util import model as model_helper
-import weblogic.security.internal.SerializedSystemIni as SerializedSystemIni
-import weblogic.security.internal.encryption.ClearOrEncryptedService as ClearOrEncryptedService
 
 
 class DomainCreator(Creator):
@@ -349,6 +351,7 @@ def __deploy(self):
         self.__set_domain_attributes()
         self._configure_security_configuration()
         self.__deploy_resources_and_apps()
+        self.__configure_opss_secrets()
         self.wlst_helper.update_domain()
         self.wlst_helper.close_domain()
         return
@@ -1128,3 +1131,20 @@ def __create_boot_dot_properties(self):
             ostream.close()
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
+
+    def __configure_opss_secrets(self):
+        _method_name = '__configure_opss_secrets'
+        self.logger.entering(class_name=self.__class_name, method_name=_method_name)
+        extract_path = None
+        domain_info = self._domain_info
+        if domain_info is not None:
+            if OPSS_SECRETS in domain_info:
+                opss_secret_password = domain_info[OPSS_SECRETS]
+                if self.model_context.get_archive_file_name() and opss_secret_password:
+                    archive_file = WLSDeployArchive(self.model_context.get_archive_file_name())
+                    extract_path = self._domain_home + os.sep + 'opsswallet'
+                    zip_entry = archive_file.getOPSSWallet();
+                    FileUtils.extractZipFileContent(archive_file, zip_entry, extract_path)
+                    self.wlst_helper.setSharedSecretStoreWithPassword(extract_path, opss_secret_password)
+        self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
+        return extract_path

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -1047,3 +1047,18 @@ def reopen(self, model_context):
                                                    pwe.getLocalizedMessage(), error=pwe)
             self.__logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
+
+    def setSharedSecretStoreWithPassword(self, wallet_path, password):
+        """
+        set the shared secret store opss password
+        :param wallet_path: opss extracted wallet dir
+        :param password: extract time password
+        """
+        _method_name = 'setSharedSecretStoreWithPassword'
+        try:
+            wlst_helper.set_shared_secret_store_with_password(wallet_path, password)
+        except PyWLSTException, pwe:
+            ex = exception_helper.create_exception(self.__exception_type, 'WLSDPLY-19144',
+                                                   pwe.getLocalizedMessage(), error=pwe)
+            self.__logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
+            raise ex

core/src/main/python/wlsdeploy/tool/util/wlst_helper.py

@@ -1395,3 +1395,16 @@ def reopen_offline(domain_home):
     _logger.fine('WLSDPLY-00081', class_name=_class_name, method_name=_method_name)
     read_domain(domain_home)
     _logger.exiting(class_name=_class_name, method_name=_method_name)
+
+
+def set_shared_secret_store_with_password(wallet_path, password):
+    """
+    Set opss store password
+    :param wallet_path: opss extracted wallet
+    :param password:  opss store extraction time password
+    """
+    _method_name = 'set_shared_secret_store_with_password'
+    _logger.fine('WLSDPLY-00081', class_name=_class_name, method_name=_method_name)
+    wlst.setSharedSecretStoreWithPassword(wallet_path,password)
+    _logger.exiting(class_name=_class_name, method_name=_method_name)
+

core/src/main/python/wlsdeploy/util/wlst_helper.py

@@ -128,7 +128,7 @@ WLSDPLY-01114=Deleting the file {1} in directory {0}
 WLSDPLY-01115=Unable to delete file {0} from directory {1}
 WLSDPLY-01116=Unable to successfully delete the directory {0}
 WLSDPLY-01117=Model directory {0} has more than one {1} file, found {2} after previously finding {3}
-
+WLSDPLY-01118=Error extracting zipentry zip file {0}
 # oracle.weblogic.deploy.util.ProcessHandler.java
 WLSDPLY-01200=Process for command {0} isRunning() unable to get an exit value: {1}
 WLSDPLY-01201=ProcessHandler had no registered wait handler when asked to exec() command: {0}