foundation/org.eclipse.persistence.oracle.test/src/it/java/org/eclipse/persistence/testing/tests/proxyauthentication/thin/ProxyAuthenticationUsersAndProperties.java

/*
 * Copyright (c) 1998, 2020 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0 which is available at
 * http://www.eclipse.org/legal/epl-2.0,
 * or the Eclipse Distribution License v. 1.0 which is available at
 * http://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
 */

// Contributors:
//     05/28/2008-1.0M8 Andrei Ilitchev.
//       - New file introduced for bug 224964: Provide support for Proxy Authentication through JPA.
package org.eclipse.persistence.testing.tests.proxyauthentication.thin;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import oracle.jdbc.OracleConnection;

import org.eclipse.persistence.config.PersistenceUnitProperties;
import org.eclipse.persistence.sessions.DatabaseSession;
import org.eclipse.persistence.testing.framework.oracle.SessionExchanger;

/**
 * Initializes and holds user names and properties used by for thin and jpa ProxyAuthentication tests.
 */
public class ProxyAuthenticationUsersAndProperties {
    // specify connectionUser in a System property PA_CONNECTION_USER, otherwise connectionUserDefault is used.
    public static final String PA_CONNECTION_USER = "pa.connection.user";
    public static String connectionUserDefault = "PA_CONN";

    // specify connectionPassword in a System property PA_CONNECTION_PASSWORD, otherwise connectionPasswordDefault is used.
    public static final String PA_CONNECTION_PASSWORD = "pa.connection.password";
    public static String connectionPasswordDefault = "PA_CONN";

    // specify proxyUser in a System property PA_PROXYUSER, otherwise proxyUserDefault is used.
    public static final String PA_PROXYUSER = "pa.proxyuser";
    public static String proxyUserDefault = "PA_PROXY";

    // specify proxyUser in a System property PA_PROXYUSERPWD, otherwise proxyUserPasswordDefault is used.
    public static final String PA_PROXYUSERPWD = "pa.proxyuser.password";
    public static String proxyUserPasswordDefault = "PA_PROXY";

    // specify proxyUser2 in a System property PA_PROXYUSER2, otherwise proxyUser2Default is used.
    public static final String PA_PROXYUSER2 = "pa.proxyuser2";
    public static String proxyUser2Default = "PA_PROXY2";

    // specify proxyUser2 in a System property PA_PROXYUSER2PWD, otherwise proxyUser2PasswordDefault is used.
    public static final String PA_PROXYUSER2PWD = "pa.proxyuser2.password";
    public static String proxyUser2PasswordDefault = "PA_PROXY2";

    /** to setup Proxy Authentication users in Oracle db, need to execute in sqlPlus or EnterpriseManager
     * (sql in the following example uses default names):
    1 - Connect as sysdba
    connect sys/password as sysdba

    2 - Create connectionUser:
    create user PA_CONN identified by PA_CONN
    grant connect to PA_CONN

    3 - Create proxyUsers:
    create user PA_PROXY identified by PA_PROXY
    grant connect to PA_PROXY

    create user PA_PROXY2 identified by PA_PROXY2
    grant connect to PA_PROXY2

    4. Grant proxyUsers connection through connUser
    alter user PA_PROXY grant connect through PA_CONN
    alter user PA_PROXY2 grant connect through PA_CONN
    */

    public static String connectionUser;
    public static String connectionPassword;
    public static String proxyUser;
    public static String proxyUserPassword;
    public static String proxyUser2;
    public static String proxyUser2Password;

    public static Properties connectionProperties;
    public static Map proxyProperties;
    public static Map proxyProperties2;
    public static Map cancelProxyProperties;

    public static String getProperty(String property, String defaultValue) {
        String propertyValue = System.getProperty(property);

        if (propertyValue == null || propertyValue.equals("")) {
            return defaultValue;
        } else {
            return propertyValue;
        }
    }

    /*
     * Create all user names and properties.
     */
    public static void initialize() {
        // obtain user and password that should be used to connect to the db.
        connectionUser = getProperty(PA_CONNECTION_USER, connectionUserDefault);
        connectionPassword = getProperty(PA_CONNECTION_PASSWORD, connectionPasswordDefault);
        // connectionProperties used to connect to the db to test the users
        connectionProperties = new Properties();
        connectionProperties.setProperty("user", connectionUser);
        connectionProperties.setProperty("password", connectionPassword);

        // obtain proxyuser, put into proxyProperties.
        // proxyProperties could be used either by ServerSession or ClientSession (EMFactory or EntityManager).
        proxyUser = getProperty(PA_PROXYUSER, proxyUserDefault);
        proxyUserPassword = getProperty(PA_PROXYUSERPWD, proxyUserPasswordDefault);
        proxyProperties = new HashMap(3);
        proxyProperties.put(PersistenceUnitProperties.ORACLE_PROXY_TYPE, OracleConnection.PROXYTYPE_USER_NAME);
        proxyProperties.put(OracleConnection.PROXY_USER_NAME, proxyUser);
        proxyProperties.put(OracleConnection.PROXY_USER_PASSWORD, proxyUserPassword);

        // obtain proxyuser2, put into proxyProperties2.
        // proxyProperties2 could be used by ClientSession (EntityManager) to override proxyProperties used by ServerSession (EMFactory).
        proxyUser2 = getProperty(PA_PROXYUSER2, proxyUser2Default);
        proxyUser2Password = getProperty(PA_PROXYUSER2PWD, proxyUser2PasswordDefault);
        proxyProperties2 = new HashMap(3);
        proxyProperties2.put(PersistenceUnitProperties.ORACLE_PROXY_TYPE, OracleConnection.PROXYTYPE_USER_NAME);
        proxyProperties2.put(OracleConnection.PROXY_USER_NAME, proxyUser2);
        proxyProperties2.put(OracleConnection.PROXY_USER_PASSWORD, proxyUser2Password);

        // cancelProxyProperties could be used by ClientSession (EntityManager) to NOT to use proxyProperties used by ServerSession (EMFactory).
        cancelProxyProperties = new HashMap(1);
        cancelProxyProperties.put(PersistenceUnitProperties.ORACLE_PROXY_TYPE, "");
    }

    /*
     * Verify all the users correctly setup in the database.
     * Returns an empty string in case of success, otherwise returns the error message.
     */
    public static String verify(DatabaseSession dbSession) {
        String errorMsg = "";
        SessionExchanger exchanger = new SessionExchanger();
        DatabaseSession newSession = null;
        try {
            // create a simple database session that uses connectionProperties to connect.
            newSession = exchanger.createNewSession(dbSession, true, false, connectionProperties, null);
        } catch (Exception exception) {
            errorMsg = createErrorMsgConnectionFailed();
            errorMsg += createErrorMsgProxyFailed(true);
            errorMsg += createErrorMsgProxy2Failed(true);
        }

        // errorMsg.length() > 0 case:
        // if couldn't connect to connectionUser directly then there is
        // no point in trying to connect proxyUsers through connectionUser.
        if(errorMsg.length() == 0) {
            // try to open proxy session using proxyUser
            try {
                Properties props = new Properties();
                props.setProperty(OracleConnection.PROXY_USER_NAME, proxyUser);
                props.setProperty(OracleConnection.PROXY_USER_PASSWORD, proxyUserPassword);
                OracleConnection oracleConnection = (oracle.jdbc.OracleConnection)((org.eclipse.persistence.internal.sessions.AbstractSession)newSession).getAccessor().getConnection();
                oracleConnection.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, props);
                // close proxy session
                oracleConnection.close(OracleConnection.PROXY_SESSION);
            } catch (Exception exception) {
                errorMsg += createErrorMsgProxyFailed(false);
            }

            // try to open proxy session using proxyUser2
            try {
                Properties props = new Properties();
                props.setProperty(OracleConnection.PROXY_USER_NAME, proxyUser2);
                props.setProperty(OracleConnection.PROXY_USER_PASSWORD, proxyUser2Password);
                OracleConnection oracleConnection = (oracle.jdbc.OracleConnection)((org.eclipse.persistence.internal.sessions.AbstractSession)newSession).getAccessor().getConnection();
                oracleConnection.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, props);
                // close proxy session
                oracleConnection.close(OracleConnection.PROXY_SESSION);
            } catch (Exception exception) {
                errorMsg += createErrorMsgProxy2Failed(false);
            }
        }

        // kill newSession, reconnect the original session.
        exchanger.returnOriginalSession();

        return errorMsg;
    }

    static String createErrorMsgConnectionFailed() {
        // failed to connect using connectionUser / connectionPassword
        String str1 = "Failed to connect using user = "+ connectionUser + "; password = " +connectionPassword+".\n";
        String str2 = "Specify connectionUser in "+PA_CONNECTION_USER+" and connectionPassword in "+PA_CONNECTION_PASSWORD+" System properties.\n";
        String str3 = "Otherwise default connectionUser "+ connectionUserDefault +" and default connectionPassword "+ connectionPasswordDefault + " used.\n";
        String str4 = "In the db connectionUser should exist (authenticated by connectionPassword) and be authorized to connect:\n";
        String str5 = " create user "+connectionUser+" identified by "+connectionPassword+"\n";
        String str6 = " grant connect to "+connectionUser+"\n";
        return str1 + str2 + str3 + str4 + str5 + str6;
    }

    static String createErrorMsgProxyFailed(boolean connectionHasFailed) {
        // failed to open proxy session using proxyUser
        String str1 = "";
        if(!connectionHasFailed) {
            // printing this because connection was ok, but proxy connection failed.
            str1 = "Failed to open proxy session using proxyUser = "+ proxyUser+" on connection through "+connectionUser+".\n";
        }
        String str2 = "Specify proxyUser in "+PA_PROXYUSER+" System property. Otherwise default proxyUser "+ proxyUserDefault + " is used.\n";
        String str3 = "In the db proxyUser should exist and be authorized to connect both directly and through connectionUser:\n";
        String str4 = " create user "+proxyUser+" identified by "+proxyUser+"\n";
        String str5 = " grant connect to "+proxyUser+"\n";
        String str6 = " grant connect to "+proxyUser+" through "+connectionUser+"\n";
        return str1 + str2 + str3 + str4 + str5 + str6;
    }

    static String createErrorMsgProxy2Failed(boolean connectionHasFailed) {
        // failed to open proxy session using proxyUser2
        String str1 = "";
        if(!connectionHasFailed) {
            // printing this because connection was ok, but proxy connection failed.
            str1 = "Failed to open proxy session using proxyUser2 = "+ proxyUser2+" on connection through "+connectionUser+".\n";
        }
        String str2 = "Specify proxyUser2 in "+PA_PROXYUSER+" System property. Otherwise default proxyUser2 "+ proxyUser2Default + " is used.\n";
        String str3 = "In the db proxyUser2 should exist and be authorized to connect both directly and through connectionUser:\n";
        String str4 = " create user "+proxyUser2+" identified by "+proxyUser2+"\n";
        String str5 = " grant connect to "+proxyUser2+"\n";
        String str6 = " grant connect to "+proxyUser2+" through "+connectionUser+"\n";
        return str1 + str2 + str3 + str4 + str5 + str6;
    }
}