java/code/src/com/redhat/rhn/common/conf/Config.java | 6 java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java | 69 ++++++++++ java/code/src/com/redhat/rhn/common/hibernate/ConnectionManager.java | 26 --- java/code/src/com/redhat/rhn/taskomatic/core/SchedulerKernel.java | 30 ---- java/conf/rhn_java.conf | 3 5 files changed, 81 insertions(+), 53 deletions(-)
New commits: commit f04c975fc675e4eaa5d6535a2049f7e10abf8760 Author: Matej Kollar mkollar@redhat.com Date: Tue Oct 22 19:43:31 2013 +0200
1020952 - SSL for Postgresql: Java (WebUI, Tascomatic)
diff --git a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java index d20b618..c847f32 100644 --- a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java +++ b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java @@ -145,9 +145,12 @@ public class ConfigDefaults { public static final String DB_NAME = "db_name"; public static final String DB_HOST = "db_host"; public static final String DB_PORT = "db_port"; + public static final String DB_SSLMODE = "db_sslmode"; public static final String DB_PROTO = "hibernate.connection.driver_proto"; public static final String DB_CLASS = "hibernate.connection.driver_class";
+ public static final String SSL_TRUSTSTORE = "java.ssl_truststore"; + public static final String LOOKUP_EXCEPT_SEND_EMAIL = "lookup_exception_email";
public static final String KS_PARTITION_DEFAULT = "kickstart.partition.default"; @@ -530,6 +533,16 @@ public class ConfigDefaults { return DB_BACKEND_POSTGRESQL.equals(Config.get().getString(DB_BACKEND)); }
+ private void setSslTrustStore() throws ConfigException { + String trustStore = Config.get().getString(SSL_TRUSTSTORE); + if (trustStore == null || !new File(trustStore).isFile()) { + throw new ConfigException("Can not find java truststore at " + + trustStore + ". Path can be changed with " + + SSL_TRUSTSTORE + " option."); + } + System.setProperty("javax.net.ssl.trustStore", trustStore); + } + /** * Constructs JDBC connection string based on configuration, checks for * some basic sanity. @@ -551,6 +564,11 @@ public class ConfigDefaults { connectionUrl += dbHost + ":" + dbPort + ":"; } connectionUrl += dbName; + + if (dbSslmode != null) { + throw new ConfigException( + "Option sslmode is not supported for Oracle database backend"); + } } else if (isPostgresql()) { connectionUrl = dbProto + ":"; @@ -562,6 +580,17 @@ public class ConfigDefaults { connectionUrl += "/"; } connectionUrl += dbName; + + if (dbSslmode != null && dbSslmode.equals("verify-full")) { + connectionUrl += "?ssl=true"; + setSslTrustStore(); + } + else if (dbSslmode != null) { + throw new ConfigException("Unsuported value for " + + DB_SSLMODE + + ". Only 'verify-full' is supported."); + } + } else { throw new ConfigException( diff --git a/java/conf/rhn_java.conf b/java/conf/rhn_java.conf index 839c27b..d603442 100644 --- a/java/conf/rhn_java.conf +++ b/java/conf/rhn_java.conf @@ -77,3 +77,6 @@ java.sc_enh = 1
# how many workers should generate channels metadata concurently java.taskomatic_channel_repodata_workers = 1 + +# path to ssl TrustStore +java.ssl_truststore = /etc/rhn/javatruststore.jks
commit e99906651bb176b3f833409bbd649aee88d70666 Author: Matej Kollar mkollar@redhat.com Date: Mon Oct 21 19:39:41 2013 +0200
Removed redundant code from SchedulerKernel
... was moved to ConfigDefaults.
diff --git a/java/code/src/com/redhat/rhn/taskomatic/core/SchedulerKernel.java b/java/code/src/com/redhat/rhn/taskomatic/core/SchedulerKernel.java index c4dd86b..71a5574 100644 --- a/java/code/src/com/redhat/rhn/taskomatic/core/SchedulerKernel.java +++ b/java/code/src/com/redhat/rhn/taskomatic/core/SchedulerKernel.java @@ -62,10 +62,8 @@ public class SchedulerKernel { */ public SchedulerKernel() throws InstantiationException, UnknownHostException { Properties props = Config.get().getNamespaceProperties("org.quartz"); - String dbName = Config.get().getString(ConfigDefaults.DB_NAME); String dbUser = Config.get().getString(ConfigDefaults.DB_USER); String dbPass = Config.get().getString(ConfigDefaults.DB_PASSWORD); - String dbProto = Config.get().getString(ConfigDefaults.DB_PROTO); props.setProperty(dataSourceConfigPath, defaultDataSource); String ds = dataSourcePrefix + "." + defaultDataSource; props.setProperty(ds + ".user", dbUser); @@ -79,15 +77,7 @@ public class SchedulerKernel { String driver = Config.get().getString(ConfigDefaults.DB_CLASS, "oracle.jdbc.driver.OracleDriver"); props.setProperty(ds + ".driver", driver); - - String dbUrl = dbProto + ":@"; - if (dbProto.contains("thin")) { - String dbHost = Config.get().getString(ConfigDefaults.DB_HOST); - String dbPort = Config.get().getString(ConfigDefaults.DB_PORT); - dbUrl += dbHost + ":" + dbPort + ":"; - } - dbUrl += dbName; - props.setProperty(ds + ".URL", dbUrl); + props.setProperty(ds + ".URL", ConfigDefaults.get().getJdbcConnectionString()); } else if (ConfigDefaults.get().isPostgresql()) { props.setProperty("org.quartz.jobStore.driverDelegateClass", @@ -96,23 +86,11 @@ public class SchedulerKernel { String driver = Config.get().getString(ConfigDefaults.DB_CLASS, "org.postgresql.Driver"); props.setProperty(ds + ".driver", driver); - - String connectionUrl = Config.get().getString( - ConfigDefaults.DB_PROTO) + - ":"; - String dbHost = Config.get().getString(ConfigDefaults.DB_HOST); - String dbPort = Config.get().getString(ConfigDefaults.DB_PORT); - if (dbHost != null && dbHost.length() > 0) { - connectionUrl += "//" + dbHost; - if (dbPort != null && dbPort.length() > 0) { - connectionUrl += ":" + dbPort; - } - connectionUrl += "/"; - } - connectionUrl += dbName; - props.setProperty(ds + ".URL", connectionUrl); + props.setProperty(ds + ".URL", ConfigDefaults.get().getJdbcConnectionString()); } else { + // This code should never get called as Exception would get + // thrown in getJdbcConnectionString. throw new InstantiationException( "Unknown db backend set, expecting oracle or postgresql"); }
commit 0455656ca4c385f85d641ff53a0ad65129eb50a0 Author: Matej Kollar mkollar@redhat.com Date: Mon Oct 21 19:37:15 2013 +0200
Removed redundant code from ConnectionManager
... was moved to ConfigDefaults.
diff --git a/java/code/src/com/redhat/rhn/common/hibernate/ConnectionManager.java b/java/code/src/com/redhat/rhn/common/hibernate/ConnectionManager.java index c059e1a..b5580a8 100644 --- a/java/code/src/com/redhat/rhn/common/hibernate/ConnectionManager.java +++ b/java/code/src/com/redhat/rhn/common/hibernate/ConnectionManager.java @@ -169,29 +169,9 @@ class ConnectionManager { hibProperties.put("hibernate.connection.password", Config.get() .getString(ConfigDefaults.DB_PASSWORD)); - String connectionUrl = - Config.get().getString(ConfigDefaults.DB_PROTO) + ":"; - String dbName = Config.get().getString(ConfigDefaults.DB_NAME); - String dbHost = Config.get().getString(ConfigDefaults.DB_HOST); - String dbPort = Config.get().getString(ConfigDefaults.DB_PORT); - - if (ConfigDefaults.get().isOracle() && connectionUrl.contains("thin")) { - connectionUrl += "@" + dbHost + ":" + dbPort + ":" + dbName; - } - else if (ConfigDefaults.get().isOracle()) { - connectionUrl += "@" + dbName; - } - else { - if (dbHost != null && dbHost.length() > 0) { - connectionUrl += "//" + dbHost; - if (dbPort != null && dbPort.length() > 0) { - connectionUrl += ":" + dbPort; - } - connectionUrl += "/"; - } - connectionUrl += dbName; - } - hibProperties.put("hibernate.connection.url", connectionUrl); + + hibProperties.put("hibernate.connection.url", + ConfigDefaults.get().getJdbcConnectionString());
config.addProperties(hibProperties); // Force the use of our txn factory
commit 72fdd663221f09de51358eb64d0da7222e708b9e Author: Matej Kollar mkollar@redhat.com Date: Mon Oct 21 18:31:33 2013 +0200
Put JDBC connect string creation into ConfigDefaults
diff --git a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java index 8ed6b38..d20b618 100644 --- a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java +++ b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java @@ -531,6 +531,46 @@ public class ConfigDefaults { }
/** + * Constructs JDBC connection string based on configuration, checks for + * some basic sanity. + * @return JDBC connection string + * @throws ConfigException if unknown database backend is set, + */ + public String getJdbcConnectionString() throws ConfigException { + String dbName = Config.get().getString(DB_NAME); + String dbHost = Config.get().getString(DB_HOST); + String dbPort = Config.get().getString(DB_PORT); + String dbProto = Config.get().getString(DB_PROTO); + String dbSslmode = Config.get().getString(DB_SSLMODE); + + String connectionUrl; + + if (isOracle()) { + connectionUrl = dbProto + ":@"; + if (dbProto.contains("thin")) { + connectionUrl += dbHost + ":" + dbPort + ":"; + } + connectionUrl += dbName; + } + else if (isPostgresql()) { + connectionUrl = dbProto + ":"; + if (dbHost != null && dbHost.length() > 0) { + connectionUrl += "//" + dbHost; + if (dbPort != null && dbPort.length() > 0) { + connectionUrl += ":" + dbPort; + } + connectionUrl += "/"; + } + connectionUrl += dbName; + } + else { + throw new ConfigException( + "Unknown db backend set, expecting oracle or postgresql"); + } + return connectionUrl; + } + + /** * is documentation available * @return true if so */
commit 2e74a5109f609ce56bd7c9a35d57e12dc6c875bd Author: Matej Kollar mkollar@redhat.com Date: Mon Oct 21 18:29:43 2013 +0200
Removed unchecked conversion
com/redhat/rhn/common/conf/Config.java:85: warning: [unchecked] unchecked conversion found : <anonymous java.util.Comparator> required: java.util.Comparator<? super java.io.File> private final TreeSet<File> fileList = new TreeSet<File>(new Comparator() {
diff --git a/java/code/src/com/redhat/rhn/common/conf/Config.java b/java/code/src/com/redhat/rhn/common/conf/Config.java index 82359a7..11573bf 100644 --- a/java/code/src/com/redhat/rhn/common/conf/Config.java +++ b/java/code/src/com/redhat/rhn/common/conf/Config.java @@ -82,18 +82,16 @@ public class Config { /** hash of configuration properties */ private final Properties configValues = new Properties(); /** set of configuration file names */ - private final TreeSet<File> fileList = new TreeSet<File>(new Comparator() { + private final TreeSet<File> fileList = new TreeSet<File>(new Comparator<File>() {
/** {inheritDoc} */ - public int compare(Object o1, Object o2) { + public int compare(File f1, File f2) { // Need to make sure we read the child namespace before the base // namespace. To do that, we sort the list in reverse order based // on the length of the file name. If two filenames have the same // length, then we need to do a lexigraphical comparison to make // sure that the filenames themselves are different.
- File f1 = (File) o1; - File f2 = (File) o2; int lenDif = f2.getAbsolutePath().length() - f1.getAbsolutePath().length();
if (lenDif != 0) {
spacewalk-commits@lists.fedorahosted.org