Created
November 10, 2021 15:06
-
-
Save recursivecodes/9f1e41fbc018bf4c8bed1636731766d1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.oracle.bmc.auth.AbstractAuthenticationDetailsProvider; | |
import com.oracle.bmc.auth.ConfigFileAuthenticationDetailsProvider; | |
import com.oracle.bmc.databasetools.DatabaseToolsClient; | |
import com.oracle.bmc.databasetools.model.*; | |
import com.oracle.bmc.databasetools.requests.GetDatabaseToolsConnectionRequest; | |
import com.oracle.bmc.databasetools.responses.GetDatabaseToolsConnectionResponse; | |
import com.oracle.bmc.secrets.SecretsClient; | |
import com.oracle.bmc.secrets.model.Base64SecretBundleContentDetails; | |
import com.oracle.bmc.secrets.requests.GetSecretBundleRequest; | |
import com.oracle.bmc.secrets.responses.GetSecretBundleResponse; | |
import oracle.jdbc.OracleConnection; | |
import oracle.jdbc.pool.OracleDataSource; | |
import oracle.security.pki.OraclePKIProvider; | |
import javax.net.ssl.KeyManagerFactory; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.TrustManagerFactory; | |
import java.io.ByteArrayInputStream; | |
import java.io.IOException; | |
import java.security.*; | |
import java.security.cert.CertificateException; | |
import java.sql.*; | |
import java.util.Base64; | |
import java.util.List; | |
import java.util.Properties; | |
/** | |
* A demo of using a Database Tools connection | |
* to retrieve credentials and connect/query Autonomous DB | |
* Credit: https://github.com/nomisvai/oracle-in-memory-wallet-samples | |
* SDK Docs: https://docs.oracle.com/en-us/iaas/tools/java/2.8.1/ | |
* @author Todd Sharp | |
*/ | |
public class Demo { | |
private final String connectionId; | |
DatabaseToolsClient databaseToolsClient; | |
SecretsClient secretsClient; | |
public Demo(String connectionId) throws IOException { | |
this.connectionId = connectionId; | |
AbstractAuthenticationDetailsProvider provider = new ConfigFileAuthenticationDetailsProvider("DEFAULT"); | |
databaseToolsClient = DatabaseToolsClient.builder().build(provider); | |
secretsClient = SecretsClient.builder().build(provider); | |
} | |
public void run() throws IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SQLException, KeyManagementException { | |
/* for decoding secrets after they are retrieved */ | |
Base64.Decoder decoder = Base64.getDecoder(); | |
/* get database tools connection */ | |
GetDatabaseToolsConnectionRequest connectionRequest = | |
GetDatabaseToolsConnectionRequest.builder() | |
.databaseToolsConnectionId(connectionId) | |
.build(); | |
GetDatabaseToolsConnectionResponse connectionResponse = databaseToolsClient | |
.getDatabaseToolsConnection(connectionRequest); | |
DatabaseToolsConnectionOracleDatabase databaseToolsConnection = | |
(DatabaseToolsConnectionOracleDatabase) connectionResponse | |
.getDatabaseToolsConnection(); | |
/* get connect string from dbtools connection */ | |
String connectionString = databaseToolsConnection.getConnectionString(); | |
System.out.printf("Connection String: %s %n", connectionString); | |
/* get username from dbtools connection */ | |
String username = databaseToolsConnection.getUserName(); | |
System.out.printf("Username: %s %n", username); | |
/* get wallet SSO contents from dbtools connection */ | |
List<DatabaseToolsKeyStore> keyStores = databaseToolsConnection.getKeyStores(); | |
KeyStoreType keyStoreType = keyStores.get(0).getKeyStoreType(); | |
System.out.printf("KeyStore Type: %s %n", keyStoreType); | |
DatabaseToolsKeyStoreContentSecretId keyStoreSecretId = | |
(DatabaseToolsKeyStoreContentSecretId) keyStores | |
.get(0) | |
.getKeyStoreContent(); | |
String keyStoreContentSecretId = keyStoreSecretId.getSecretId(); | |
GetSecretBundleRequest keyStoreContentRequest = GetSecretBundleRequest | |
.builder() | |
.secretId(keyStoreContentSecretId) | |
.build(); | |
GetSecretBundleResponse keyStoreContentResponse = secretsClient | |
.getSecretBundle(keyStoreContentRequest); | |
Base64SecretBundleContentDetails keyStoreSecretContent = | |
(Base64SecretBundleContentDetails) keyStoreContentResponse | |
.getSecretBundle() | |
.getSecretBundleContent(); | |
String keyStoreSecret = keyStoreSecretContent.getContent(); | |
byte[] keyStoreSecretBytes = decoder.decode(keyStoreSecret); | |
/* get connection password */ | |
DatabaseToolsUserPasswordSecretId passwordSecretId = | |
(DatabaseToolsUserPasswordSecretId) databaseToolsConnection | |
.getUserPassword(); | |
GetSecretBundleRequest passwordSecretBundleRequest = | |
GetSecretBundleRequest.builder() | |
.secretId(passwordSecretId.getSecretId()) | |
.build(); | |
GetSecretBundleResponse passwordSecretBundleResponse = secretsClient | |
.getSecretBundle(passwordSecretBundleRequest); | |
Base64SecretBundleContentDetails passwordSecretBundleContent = | |
(Base64SecretBundleContentDetails) passwordSecretBundleResponse | |
.getSecretBundle() | |
.getSecretBundleContent(); | |
byte[] decodedBytes = decoder.decode(passwordSecretBundleContent.getContent()); | |
String password = new String(decodedBytes); | |
System.out.printf("Password: %s %n", password); | |
/* create datasource properties */ | |
Properties info = new Properties(); | |
info.put(OracleConnection.CONNECTION_PROPERTY_USER_NAME, username); | |
info.put(OracleConnection.CONNECTION_PROPERTY_PASSWORD, password); | |
String dbUrl = "jdbc:oracle:thin:@" + connectionString; | |
/* create "in-memory" wallet */ | |
TrustManagerFactory trustManagerFactory = | |
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
KeyManagerFactory keyManagerFactory = | |
KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
KeyStore keyStore = KeyStore.getInstance("SSO", new OraclePKIProvider()); | |
keyStore.load(new ByteArrayInputStream(keyStoreSecretBytes), null); | |
keyManagerFactory.init(keyStore, null); | |
trustManagerFactory.init(keyStore); | |
SSLContext sslContext = SSLContext.getInstance("SSL"); | |
sslContext.init( | |
keyManagerFactory.getKeyManagers(), | |
trustManagerFactory.getTrustManagers(), | |
null); | |
/* create datasource */ | |
OracleDataSource datasource = new OracleDataSource(); | |
datasource.setSSLContext(sslContext); | |
datasource.setURL(dbUrl); | |
datasource.setConnectionProperties(info); | |
/* get connection and execute query */ | |
Connection connection = datasource.getConnection(); | |
Statement statement = connection.createStatement(); | |
ResultSet resultSet = statement.executeQuery("select sysdate from dual"); | |
resultSet.next(); | |
Date d = resultSet.getDate(1); | |
System.out.printf("Current Date from DB: %tc", d); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment