#### (g)make file, requires a posix-like shell ################################### # # To clean javavm/demo/jmx/* before running, do # make clean # # To run the demo, do # make # # Notes. # to run successfully this makefile needs # 1. env variables ORACLE_HOME and JAVA_HOME # note: set JAVA_HOME to JDK home, not JRE home # 2. current directory (.../javavm/demo/) and its subdirs writable. # 3. directory TMPDIR (/tmp by default) writeable # # # The first (main) target of this makefile is 'all'. This target runs # several short client-server sessions. Currently, the set includes the # following sessions: RMI session over plan socket # (run_cs_rmissl_noauth) JMX session over plan socket # (run_cs_jmx_no_ssl) RMI session over SSL socket # (run_cs_rmissl_auth_dflt) JMX session over SSL socket, JKS keys # (run_cs_jmx_ssl_dflt_k) RMI session over SSL socket, programmatic # SLL setup for RMI (run_cs_rmissl_auth_prog) # # # Each of these targets can be invoked individually in any order. # # To retrieve an MBean's info or specific MBean attribute, use the following # commands: # # make ping # this prints out info for singleton bean java.lang:type=Runtime # make ping BEAN=oracle.jvm:type=OracleRuntime # this prints out info for bean OracleRuntime # make ping BEAN=java.lang:type=MemoryPool,name='New Generation' # this prints out info for memory pool 'New Generation' # # make get # this retrieves attribute InputArguments of singleton bean java.lang:type=Runtime # make get ATTR=VmName # this retrieves attribute VmName of the Runtime MBean # make get BEAN=oracle.jvm:type=OracleRuntime ATTR=NewspaceSize # this retrieves attribute NewspaceSize of singleton bean OracleRuntime # make get BEAN=java.lang:type=MemoryPool,name='New Generation' ATTR=UsageThreshold # this retrieves attribute UsageThreshold of memory pool 'New Generation' ################################################################################ include $(ORACLE_HOME)/javavm/demo/unix.mk include $(ORACLE_HOME)/javavm/demo/java.mk all: run_cs_all_modes ##### Variables ############################################################## OUT=@echo # this directory needs be writeable TMPDIR=/tmp ifndef BEAN BEAN=java.lang:type=Runtime endif ifndef ATTR ATTR=InputArguments endif ORAPKI_CLASSPATH = $(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)oraclepki.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)osdt_cert.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)osdt_core.jar ORAPKI_JARS = $(subst $(PATHSEP), ,$(ORAPKI_CLASSPATH)) MAKE_CLASSPATH = .$(PATHSEP)$(JAVA_HOME)$(DIRSEP)lib$(DIRSEP)tools.jar$(PATHSEP)$(JAVA_HOME)$(DIRSEP)jre$(DIRSEP)lib$(DIRSEP)rt.jar$(PATHSEP)$(JAVA_HOME)$(DIRSEP)lib$(DIRSEP)jconsole.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)javavm$(DIRSEP)lib$(DIRSEP)aurora.zip$(PATHSEP)$(ORAPKI_CLASSPATH) CLASSES = \ common/DBPropsMBean.class \ common/RMISSLServerSocketFactory.class \ common/RMISSLClientSocketFactory.class \ common/TestParamsRMISSL.class \ common/PermissionManagerMBean.class \ common/WorkLoadMBean.class \ common/OJVMMBean.class \ jmxclcl/Messages.class \ jmxclcl/ProxyClient.class \ jmxclcl/CLJconsole.class \ jmxclcl/TestParamsRMISSLClient.class \ jmxserv/PermissionManager.class \ jmxserv/FilePermission.class \ jmxserv/PropertyPermission.class \ jmxserv/DBProps.class \ jmxserv/OJVM.class \ jmxserv/TestParamsRMISSLImpl.class \ jmxserv/Load.class \ CLASSES_JDK16 = \ com/sun/management/GcInfo.class LOADJAVA = loadjava -verbose -force -resolve ###### Certificates, Keys, Keystores ########################################### KEYTOOL = $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)keytool SERVER_DN = "CN=OJVM JMX, OU=OJVM, O=Oracle, L=Redwood Shores, ST=CA, C=US" CLIENT_DN = "CN=JMX Client, OU=JMXCLient, O=Demo, L=Somewhere, ST=CA, C=US" CA_DN = "CN=Demo CA, C=US" ##### Aux Targets ############################################################ prep_jdk16: (cd ./com/sun/management/; cat GcInfo16.txt > GcInfo.java) $(RMRF) rmrf_jdk16.stamp rmrf_jdk16.stamp: $(RMRF) com/sun/management/GcInfo.java > rmrf_jdk16.stamp rmrf_jdk16: rmrf_jdk16.stamp compile: rmrf_jdk16 $(CLASSES) compile_jdk16: prep_jdk16 $(MAKE) JAVA_HOME=$(JDKHOME_16) $(CLASSES_JDK16) setup_schema_stamp: sqlplus /nolog @setup.sql $(SYSPASSWD) touch setup_schema_stamp jmxserv.jar: $(CLASSES) $(RMRF) jmxserv.jar jmxserv_jar_load_stamp $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -cf jmxserv.jar jmxserv/*.class common/*.class $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -tvf jmxserv.jar jdk16patch.jar: compile_jdk16 $(RMRF) jdk16patch.jar $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -cf jdk16patch.jar com/sun/management/*.class $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -tvf jdk16patch.jar jmxserv_jar_load_stamp: $(LOADJAVA) -u jmxdemo/jmxdemo jmxserv.jar touch jmxserv_jar_load_stamp setup_java: compile jmxserv.jar jmxserv_jar_load_stamp setup_wrappers_stamp: wrappers.sql sqlplus /nolog @wrappers.sql touch setup_wrappers_stamp run_workload: sqlplus /nolog @run.sql run_workload_ssl: sqlplus /nolog @run_ssl.sql setup: setup_schema_stamp setup_java setup_wrappers_stamp setup_run_workload: setup run_workload setup_run_workload_ssl: setup run_workload_ssl ##### JKS Key Management for SSL ############################################## SSL_CL_DFILE_K = -Djavax.net.ssl.trustStore=$(TMPDIR)/client_truststore -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore -Djavax.net.ssl.keyStorePassword=client_demo_pswd SSL_CL_DFILE_O = -Djavax.net.ssl.trustStore=$(TMPDIR)/client_truststore_dir/ewallet.p12 -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.keyStorePassword=client_demo_pswd -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStoreType=PKCS12 SSL_CL_DFILE_O_SAMPLE_PKCS12 = -Djavax.net.ssl.trustStore=$(TMPDIR)/certificates1/truststore/ewallet.p12 -Djavax.net.ssl.keyStore=$(TMPDIR)/certificates1/client_wallet/ewallet.p12 -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=welcome123 -Djavax.net.ssl.trustStorePassword=welcome123 SSL_CL_DFILE_O_SAMPLE_SSO = -Djavax.net.ssl.trustStore=$(TMPDIR)/certificates1/truststore/cwallet.sso -Djavax.net.ssl.keyStore=$(TMPDIR)/certificates1/client_wallet/cwallet.sso -Djavax.net.ssl.keyStoreType=SSO -Djavax.net.ssl.trustStoreType=SSO SSL_CL_DFILE_O_CA_PKCS12 = -Djavax.net.ssl.trustStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.keyStorePassword=client_demo_pswd -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStoreType=PKCS12 SSL_CL_DFILE_O_CA_SSO = -Djavax.net.ssl.trustStore=$(TMPDIR)/client_keystore_dir/cwallet.sso -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/cwallet.sso -Djavax.net.ssl.keyStoreType=SSO -Djavax.net.ssl.trustStoreType=SSO keytool_keystores_clean: $(RMRF) *_keystore *_truststore $(TMPDIR)/*_keystore $(TMPDIR)/*_truststore *_public_key *_jks.* keytool_* # keytool_keystores.log: this target uses Java 'keytool' to create # keystore and truststore. After keytool_keystores.log finishes, the # follwing files are created: # # server_keystore keystore holding server private key # server_truststore keystore holding server public certificate # client_keystore keystore holding client private key # client_truststore keystore holding client public certificate # server_public_key key exported from server_keystore to be put in client_truststore # client_public_key key exported from client_keystore to be put in server_truststore keytool_keystores.log: echo 'new JKS certificate material' > keytool_keystores.log echo "server_demo_pswd" > keytool_input echo "" >> keytool_input $(KEYTOOL) -genkey -v -keyalg RSA -alias server_key -keystore server_keystore -dname $(SERVER_DN) < keytool_input >> keytool_keystores.log echo "client_demo_pswd" > keytool_input echo "" >> keytool_input $(KEYTOOL) -genkey -v -keyalg RSA -alias client_key -keystore client_keystore -dname $(CLIENT_DN) < keytool_input >> keytool_keystores.log echo "server_demo_pswd" > keytool_input $(KEYTOOL) -list -keystore server_keystore < keytool_input >> keytool_keystores.log $(KEYTOOL) -export -rfc -keystore server_keystore -alias server_key -file server_public_key < keytool_input >> keytool_keystores.log echo "client_demo_pswd" > keytool_input echo "yes" >> keytool_input $(KEYTOOL) -import -alias server -keystore client_truststore -file server_public_key < keytool_input >> keytool_keystores.log echo "client_demo_pswd" > keytool_input $(KEYTOOL) -list -keystore client_keystore < keytool_input >> keytool_keystores.log $(KEYTOOL) -export -rfc -keystore client_keystore -alias client_key -file client_public_key < keytool_input >> keytool_keystores.log cp keytool_input $(TMPDIR)/client_input echo "server_demo_pswd" > keytool_input echo "yes" >> keytool_input $(KEYTOOL) -import -alias client -keystore server_truststore -file client_public_key < keytool_input >> keytool_keystores.log cp *_keystore *_truststore $(TMPDIR) $(RMRF) server_jks.zip client_jks.zip cp keytool_input $(TMPDIR)/server_input zip server_jks.zip $(TMPDIR)/server_keystore $(TMPDIR)/server_truststore $(TMPDIR)/server_input zip client_jks.zip $(TMPDIR)/client_keystore $(TMPDIR)/client_truststore $(TMPDIR)/client_input $(RMRF) $(TMPDIR)/server_input $(TMPDIR)/client_input $(LOADJAVA) -u jmxdemo/jmxdemo server_jks.zip ##### Oracle PKCS12 Key Management for SSL ##################################### # use Oracle 'orapki' to create keystore and truststore wallets # files created by this target: # # $(TMPDIR)/server_keystore_dir directory with pkcs12 keystore holding server private key # $(TMPDIR)/server_truststore_dir directory with pkcs12 keystore holding server public certificate # $(TMPDIR)/client_keystore_dir directory with pkcs12 keystore holding client private key # $(TMPDIR)/client_truststore_dir directory with pkcs12 keystore holding client public certificate # server_public_key key exported from $(TMPDIR)/server_keystore_dir to be put in $(TMPDIR)/client_truststore_dir # client_public_key key exported from $(TMPDIR)/client_keystore_dir to be put in $(TMPDIR)/server_truststore_dir KSOUT = >> orapki_keystores.log ## we add trusted certs twice, one time does not alays work orapki_keystores.log: echo '---- new PKCS12 certificate material' > orapki_keystores.log echo "server_demo_pswd" > keytool_input echo "server_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -keysize 1024 -self_signed -validity 100 < keytool_input $(KSOUT) echo "---- server keystore wallet: " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) orapki wallet export -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -cert server_public_key < keytool_input $(KSOUT) echo "---- cert server_public_key: " $(KSOUT) orapki cert display -cert server_public_key -complete $(KSOUT) echo "client_demo_pswd" > keytool_input echo "client_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -keysize 1024 -self_signed -validity 100 < keytool_input $(KSOUT) echo "---- client keystore wallet: " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) orapki wallet export -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -cert client_public_key < keytool_input echo "---- cert client_public_key: " $(KSOUT) orapki cert display -cert client_public_key -complete $(KSOUT) echo "server_demo_pswd" > keytool_input echo "server_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/server_truststore_dir -auto_login < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/server_truststore_dir -trusted_cert -cert client_public_key < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/server_truststore_dir -trusted_cert -cert client_public_key < keytool_input $(KSOUT) echo "---- server truststore wallet, must have client trusted cert " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_truststore_dir < keytool_input $(KSOUT) echo "client_demo_pswd" > keytool_input echo "client_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/client_truststore_dir -auto_login < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/client_truststore_dir -trusted_cert -cert server_public_key < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/client_truststore_dir -trusted_cert -cert server_public_key < keytool_input $(KSOUT) echo "---- client truststore wallet, must have server trusted cert " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_truststore_dir < keytool_input $(KSOUT) orapki_keystores_clean: $(RMRF) $(TMPDIR)/*_keystore_dir $(TMPDIR)/*_truststore_dir *_public_key keytool_input orapki_keystores.log orapki_keystores-ca.log: echo '---- First we Creatre a Certificate authority ' > orapki_keystores.log echo "ca_demo_pswd" > keytool_input echo "ca_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/ca_keystore_dir < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/ca_keystore_dir -dn $(CA_DN) -keysize 2048 -self_signed -validity 100 < keytool_input $(KSOUT) echo "---- CA keystore wallet: " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/ca_keystore_dir < keytool_input $(KSOUT) orapki wallet export -wallet $(TMPDIR)/ca_keystore_dir -dn $(CA_DN) -cert $(TMPDIR)/ca_keystore_dir/ca_public_key < keytool_input $(KSOUT) echo "---- cert server_public_key: " $(KSOUT) orapki cert display -cert $(TMPDIR)/ca_keystore_dir/ca_public_key -complete $(KSOUT) echo '---- Second, create new server wallets (PKCS12 and SSO)' $(KSOUT) echo "server_demo_pswd" > keytool_input echo "server_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -keysize 2048 -validity 100 < keytool_input $(KSOUT) echo "---- server keystore wallet: " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) echo "---- Export certificate request " $(KSOUT) orapki wallet export -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -request $(TMPDIR)/server_keystore_dir/request < keytool_input $(KSOUT) echo "---- Sign the certificate request using the CA and CA's passwords " $(KSOUT) echo "ca_demo_pswd" > keytool_input echo "ca_demo_pswd" >> keytool_input orapki cert create -wallet $(TMPDIR)/ca_keystore_dir -request $(TMPDIR)/server_keystore_dir/request -cert $(TMPDIR)/server_keystore_dir/server_public_key -validity 100 < keytool_input $(KSOUT) orapki cert display -cert $(TMPDIR)/server_keystore_dir/server_public_key -complete $(KSOUT) echo "---- Add the test CA trusted certificate to the wallet " $(KSOUT) echo "server_demo_pswd" > keytool_input echo "server_demo_pswd" >> keytool_input orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -trusted_cert -cert $(TMPDIR)/ca_keystore_dir/ca_public_key < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) echo "---- Add the signed server certificate to the wallet " $(KSOUT) orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -user_cert -cert $(TMPDIR)/server_keystore_dir/server_public_key < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) orapki wallet create -wallet $(TMPDIR)/server_keystore_dir -auto_login < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT) echo '---- Third, create new client wallets (PKCS12 and SSO)' $(KSOUT) echo "client_demo_pswd" > keytool_input echo "client_demo_pswd" >> keytool_input orapki wallet create -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -keysize 2048 -validity 100 < keytool_input $(KSOUT) echo "---- client keystore wallet: " $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) echo "---- Export certificate request " $(KSOUT) orapki wallet export -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -request $(TMPDIR)/client_keystore_dir/request < keytool_input $(KSOUT) echo "ca_demo_pswd" > keytool_input echo "ca_demo_pswd" >> keytool_input echo "---- Sign the certificate request using the CA " $(KSOUT) orapki cert create -wallet $(TMPDIR)/ca_keystore_dir -request $(TMPDIR)/client_keystore_dir/request -cert $(TMPDIR)/client_keystore_dir/client_public_key -validity 100 < keytool_input $(KSOUT) orapki cert display -cert $(TMPDIR)/client_keystore_dir/client_public_key -complete $(KSOUT) echo "---- Add the test CA trusted certificate to the wallet " $(KSOUT) echo "client_demo_pswd" > keytool_input echo "client_demo_pswd" >> keytool_input orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -trusted_cert -cert $(TMPDIR)/ca_keystore_dir/ca_public_key < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) echo "---- Add the signed client certificate to the wallet " $(KSOUT) orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -user_cert -cert $(TMPDIR)/client_keystore_dir/client_public_key < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) orapki wallet create -wallet $(TMPDIR)/client_keystore_dir -auto_login < keytool_input $(KSOUT) orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT) echo "done, see orapki_keystores.log" > orapki_keystores-ca.log ##### Oracle SSO Key Management for SSL ##################################### # use sample-wallets.zip as souce of certificate material # # $(TMPDIR)/certificates1/client_wallet/ directory holding client material # $(TMPDIR)/certificates1/server directory holding server material orapki_keystores_sample.stamp: unzip -o -d $(TMPDIR) sample-wallets.zip > orapki_keystores_sample.stamp ##### Client/Server Variables and Targets ################################### JAVA_BOOTPATH= JAVA_BOOTPATH_16=-Xbootclasspath$(PATHSEP)jdk16patch.jar$(PATHSEP)$(JDKHOME_16)$(DIRSEP)jre$(DIRSEP)lib$(DIRSEP)rt.jar RUN_JAVA = \ $(JAVA_HOME)$(DIRSEP)jre$(DIRSEP)bin$(DIRSEP)java \ $(JAVA_BOOTPATH) -classpath $(MAKE_CLASSPATH) RUN_JAVA_SSL_K = $(RUN_JAVA) $(SSL_CL_DFILE_K) RUN_JAVA_SSL_O = $(RUN_JAVA) -Djavax.net.debug=ssl,handshake,trustmanager $(SSL_CL_DFILE_O) CONSOLE_ARGS_SIMPLE = \ jmxclcl.CLJconsole $(HOSTNAME) -p 9999 RUN_CONSOLE = $(RUN_JAVA) $(CONSOLE_ARGS_SIMPLE) RUN_CONSOLE_SSL_K = $(RUN_JAVA_SSL_K) $(CONSOLE_ARGS_SIMPLE) RUN_CONSOLE_SSL_O = $(RUN_JAVA_SSL_O) $(CONSOLE_ARGS_SIMPLE) run: compile $(RUN_CONSOLE) -r 5 -i 5000 run_jdk16: compile jdk16patch.jar $(MAKE) JAVA_HOME=$(JDKHOME_16) JAVA_BOOTPATH=$(JAVA_BOOTPATH_16) run run_ssl: compile $(RUN_CONSOLE_SSL_K) -r 5 -i 5000 # RMI with no SSL authentication ifdef DEBUG RUN_RMISSL_CLIENT_NO_AUTH = $(RUN_JAVA) jmxclcl.TestParamsRMISSLClient rmi 2019 60 TRACE else RUN_RMISSL_CLIENT_NO_AUTH = $(RUN_JAVA) jmxclcl.TestParamsRMISSLClient rmi 2019 60 endif # RMI with SSL authentication, Uses the default factory and the default keystore options RMISSL_PORT = 2021 RMISSL_PORT_PROG = 2017 ifdef DEBUG RMISSL_TRACE=TRACE else RMISSL_TRACE= endif RUN_RMISSL_CLIENT_KAUTH_DFLT = \ $(RUN_JAVA_SSL_K) jmxclcl.TestParamsRMISSLClient rmi_ssl_dflt $(RMISSL_PORT) 60 $(RMISSL_TRACE) RUN_RMISSL_CLIENT_OAUTH_DFLT = \ $(RUN_JAVA_SSL_O) jmxclcl.TestParamsRMISSLClient rmi_ssl_dflt $(RMISSL_PORT) 60 $(RMISSL_TRACE) # ..._AUTH_PRG: credentials are not passed on command line, but # instead passed in an archive that is added to the classpath. # # Note: this assumes that RUN_JAVA ends with classpath RUN_RMISSL_CLIENT_AUTH_PROG = $(RUN_JAVA)$(PATHSEP)client_jks.zip jmxclcl.TestParamsRMISSLClient \ rmi_ssl_prog $(RMISSL_PORT_PROG) 60 $(DEBUG) RUN_RMISSL_CLIENT_AUTH_PROG_TRACE = $(RUN_RMISSL_CLIENT_AUTH_PROG) TRACE run_rmissl_noauth: compile $(RUN_RMISSL_CLIENT_NO_AUTH) run_rmissl_auth_dflt: compile $(RUN_RMISSL_CLIENT_KAUTH_DFLT) run_rmissl_auth_prog: compile $(RUN_RMISSL_CLIENT_AUTH_PROG) # run_cs_* targets work in the following manner: first the client starts # in a particular configuration, waiting to obtain connection with the # server. The server is not running at this moment. The client will attempt to obtain JMX connection for 10 # secs before reporting a failure. For that, each client invocation # contains '-ht 10000'. The client process is forked with '&' as child # process. Next line starts the server in compatible mode. This # usually takes less than 10 secs and the client is able to # communicate. Each client invocation contains -invoke # jmxserv:type=Load stop which tells the Load bean (class # jmxserv.Load) to stop the workload. This way, both the client and # the server gracefully close connections and workload. run_cs_all_modes # can execute several modes in a row. ifdef DEBUG RMISSL_SERV_OPTIONS_PROG = 'ssl', 'prog', $(RMISSL_PORT_PROG) , 'trace' RMISSL_SERV_OPTIONS_DEFAULT = 'ssl', 'default', $(RMISSL_PORT), 'trace' else RMISSL_SERV_OPTIONS_PROG = 'ssl', 'prog', $(RMISSL_PORT_PROG) RMISSL_SERV_OPTIONS_DEFAULT = 'ssl', 'default', $(RMISSL_PORT) endif CONSOLE_ARGS_SAMPLE_AND_STOP = \ -sc jmxserv:type=Load Count1 ne 0 -invoke jmxserv:type=Load stop CONSOLE_SAMPLE_AND_STOP = \ $(RUN_CONSOLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP) CONSOLE_SAMPLE_AND_STOP_SSL_K = \ $(RUN_CONSOLE_SSL_K) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 CONSOLE_SAMPLE_AND_STOP_SSL_O = \ $(RUN_CONSOLE_SSL_O) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 OUT2SEP = @echo "\#" ; echo "\#" # RMI with no SSL authentication run_cs_rmissl_noauth: setup $(OUT2SEP) $(OUT) "### plain RMI " $(OUT2SEP) echo "call wrappers.rmi();" > rmi.tmp echo "quit" >> rmi.tmp make run_rmissl_noauth & # on port 2019, default value sqlplus jmxdemo/jmxdemo @rmi.tmp configure_ssl_sql_keytool: sed -e 's,TYPE,JKS,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,server_demo_pswd,g' \ -e 's,KEYST,server_keystore,g' -e 's,TRUSTST,server_truststore,g' prepSSL.sql > configure_SSL.tmp # RMI with SSL authentication. # Uses the default factory and the default method of configuring keystores via javax.net.ssl.*. run_cs_rmissl_auth_dflt: setup keytool_keystores.log configure_ssl_sql_keytool $(OUT2SEP) $(OUT) "### RMI with SSL, default authentication" $(OUT2SEP) echo "@configure_SSL.tmp" > rmi.tmp echo "call wrappers.rmi( $(RMISSL_SERV_OPTIONS_DEFAULT) );" >> rmi.tmp echo "quit" >> rmi.tmp make run_rmissl_auth_dflt & sqlplus jmxdemo/jmxdemo @rmi.tmp # RMI with SSL authentication. # Key/trust stores are created and initialized programmatically run_cs_rmissl_auth_prog: setup keytool_keystores.log $(OUT2SEP) $(OUT) "### RMI with SSL, programmatic setup" $(OUT2SEP) echo "call wrappers.rmi( $(RMISSL_SERV_OPTIONS_PROG) );" > rmi.tmp echo "quit" >> rmi.tmp make run_rmissl_auth_prog & sqlplus jmxdemo/jmxdemo @rmi.tmp # JMX-monitor all available MBeans, no SSL run_cs_jmx_no_ssl: setup $(OUT2SEP) $(OUT) "### JMX, no SSL" $(OUT2SEP) $(CONSOLE_SAMPLE_AND_STOP) -s PASS -f FAIL & sqlplus /nolog @run.sql # JMX-monitor all available MBeans, with SSL with JKS material, in file-based mode. On # the server, the javax.net.ssl.* property settings done is SQL using # dbms_java.set_property in file configure_SSL. # On the client side, -Djavax.net.ssl.* are used. run_cs_jmx_ssl_dflt_k: setup keytool_keystores.log configure_ssl_sql_keytool $(OUT2SEP) $(OUT) "### JMX with SSL, default authentication using keytool material" $(OUT2SEP) $(CONSOLE_SAMPLE_AND_STOP_SSL_K) -s PASS -f FAIL & sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp InstallOraPki.stamp: echo "public class InstallOraPki {static public void main(String[] av) {" > InstallOraPki.java echo " System.setProperty(\"oracle.pki.debug\",\"true\"); " >> InstallOraPki.java echo " System.setProperty(\"oracle.pki.trace\",\"10\"); " >> InstallOraPki.java echo " oracle.security.pki.OraclePKIProvider op = new oracle.security.pki.OraclePKIProvider(); " >> InstallOraPki.java echo " System.out.println(\"OraclePKIProvider: \" + op); " >> InstallOraPki.java echo " java.security.Security.insertProviderAt(op, 3);" >> InstallOraPki.java echo " System.out.println(\"OraclePKIProvider inserted\"); }} " >> InstallOraPki.java $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)javac -g -classpath $(MAKE_CLASSPATH) InstallOraPki.java echo "debug and not " $(RMRF) InstallOraPki.java loadjava -verbose -u jmxdemo/jmxdemo $(ORAPKI_JARS) InstallOraPki.class echo "done" > InstallOraPki.stamp setup_opki.stamp: echo "call dbms_java.grant_permission('JMXDEMO', 'SYS:java.security.SecurityPermission', 'putProviderProperty.*', '' );" > setup_opki.tmp echo "call dbms_java.grant_permission( 'JMXDEMO', 'SYS:java.security.SecurityPermission', 'insertProvider.*', '' );" >> setup_opki.tmp echo "call dbms_java.grant_permission( 'JMXDEMO', 'SYS:java.util.PropertyPermission', 'oracle.pki.*', 'write' );" >> setup_opki.tmp echo "quit" >> setup_opki.tmp sqlplus / as sysdba @setup_opki.tmp echo "done" > setup_opki.stamp configure_ssl_sql_orapki_pkcs12.stamp: InstallOraPki.stamp setup_opki.tmp sed -e 's,TYPE,PKCS12,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,server_demo_pswd,g' \ -e 's,KEYST,server_keystore_dir/ewallet.p12,g' -e 's,TRUSTST,server_truststore_dir/ewallet.p12,g' prepSSL.sql > configure_SSL.tmp echo "call wrappers.setup_opki();" >> configure_SSL.tmp echo "done" >> configure_ssl_sql_orapki_pkcs12.stamp # Here we use SSO wallets that come from sample-wallets.zip. # When SSO type is used for key and truststores, passwords are not needed. configure_ssl_sql_orapki_sso.stamp: orapki_keystores_sample.stamp InstallOraPki.stamp setup_opki.stamp sed -e 's,TYPE,SSO,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,does not matter,g' \ -e 's,KEYST,certificates1/server/cwallet.sso,g' -e 's,TRUSTST,certificates1/truststore/cwallet.sso,g' prepSSL.sql > configure_SSL.tmp echo "call wrappers.setup_opki();" >> configure_SSL.tmp echo "done" >> configure_ssl_sql_orapki_sso.stamp # JMX-monitor all available MBeans, with SSL with PKCS12 oracle wallet # material, in file-based mode. On the server, the javax.net.ssl.* # property settings done is SQL using dbms_java.set_property in file # configure_SSL. On the client side, -Djavax.net.ssl.* are used. run_cs_jmx_ssl_dflt_o: setup orapki_keystores.log configure_ssl_sql_orapki_pkcs12.stamp $(OUT2SEP) $(OUT) "### JMX with SSL, authentication using OW/orapki PKCS12 material, javax flags" $(OUT2SEP) $(CONSOLE_SAMPLE_AND_STOP_SSL_O) -s PASS -f FAIL -ssl default_orapki -d & sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp # JMX-monitor all available MBeans, with SSL with SSO oracle wallet # material, in file-based mode. On the server, the javax.net.ssl.* # property settings done is SQL using dbms_java.set_property in file # configure_SSL. On the client side, -Djavax.net.ssl.* are used. run_cs_jmx_ssl_dflt_o_sso: setup configure_ssl_sql_orapki_sso.stamp $(OUT2SEP) $(OUT) "### JMX with SSL, authentication using OW/orapki SSO material, javax flags" $(OUT2SEP) $(RUN_JAVA) -Doracle.pki.debug=true -Doracle.pki.trace=10 -Djavax.net.debug=ssl,handshake,trustmanager $(SSL_CL_DFILE_O_SAMPLE_SSO) $(CONSOLE_ARGS_SIMPLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 -s PASS -f FAIL -ssl default_orapki -d & sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp # in this configuration the javax.net.ssl.* property settings on the # server are _not_ administered by means of dbms_java.set_property in # prepSSL.sql, but instead done in java code Load.setup_ssl(...) # invoked from the PLSQL wrapper wrappers.setup_ssl. run_cs_jmx_ssl_dflt__rmi_piggyback: setup keytool_keystores.log echo "call wrappers.setup_ssl('default');" > rmi_and_jmx.tmp grep "call " run_ssl.sql >> rmi_and_jmx.tmp echo "quit" >> rmi_and_jmx.tmp $(CONSOLE_SAMPLE_AND_STOP_SSL) -s PASS -f FAIL & sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp run_cs_jmx_ssl_dflt__rmi_piggyback_2: setup keytool_keystores.log echo "call wrappers.setup_ssl('default');" > rmi_and_jmx.tmp grep "call " run_ssl.sql >> rmi_and_jmx.tmp echo "quit" >> rmi_and_jmx.tmp $(CONSOLE_SAMPLE_AND_STOP_SSL) -s PASS -f FAIL -ssl default & sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp # in this mode, SSL is configured programmatically on the server and # with default implementation on the client. Not yet working properly. run_cs_jmx_ssl_prog_dflt: setup keytool_keystores.log echo "call wrappers.setup_ssl('prog');" > rmi_and_jmx.tmp grep "call " run_ssl.sql >> rmi_and_jmx.tmp echo "quit" >> rmi_and_jmx.tmp $(RUN_JAVA)$(PATHSEP)client_jks.zip $(CONSOLE_ARGS_SIMPLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -s PASS -f FAIL -ssl prog & sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp run_cs_all_modes: \ run_cs_rmissl_noauth \ run_cs_jmx_no_ssl \ run_cs_rmissl_auth_dflt \ run_cs_jmx_ssl_dflt_k \ run_cs_rmissl_auth_prog echo `time` ##### MBean Info, Attributes, Operations ################################################## # Ping an MBean. This retrieves the bean which name descriptor is passed as BEAN # variable or java.lang:type=Runtime by default. # examples: # make ping # this prints out info for singleton bean java.lang:type=Runtime # make ping BEAN=oracle.jvm:type=OracleRuntime # this prints out info for bean OracleRuntime # make ping BEAN=java.lang:type=MemoryPool,name='New Generation' # this prints out info for memory pool 'New Generation' ping: compile $(RUN_CONSOLE) -noReport -beanInfo "$(BEAN)" # Get an attribute of an MBean. This retrieves an attribute of a bean # examples: # make get # this retrieves attribute InputArguments of singleton bean java.lang:type=Runtime # make get ATTR=VmName # this retrieves attribute VmName of the Runtime MBean # make get BEAN=oracle.jvm:type=OracleRuntime ATTR=NewspaceSize # this retrieves attribute NewspaceSize of singleton bean OracleRuntime # make get BEAN=java.lang:type=MemoryPool,name='New Generation' ATTR=UsageThreshold # this retrieves attribute UsageThreshold of memory pool 'New Generation' get: compile $(RUN_CONSOLE) -noReport -getAttribute "$(BEAN)" "$(ATTR)" ##### Clesn, Clobber, etc. #################################################### clean: rmrf_jdk16 keytool_keystores_clean orapki_keystores_clean $(RMRF) *.tmp InstallOraPki.* Test*.* $(RMRF) `find . -name \*.class` *stamp *.~?~ */*.~?~ clobber: clean show-variables: $(OUT) "pwd:" `pwd` ##### End ######################################################################