#### (g)make file, requires a posix-like shell ###################################
#
# To clean javavm/demo/jmx/* before running, do
#   make clean
#
# To run the demo, do
#   make 
#
# Notes.
#   to run successfully this makefile needs
#      1. env variables ORACLE_HOME and  JAVA_HOME 
#           note: set JAVA_HOME to JDK home, not JRE home
#      2. current directory (.../javavm/demo/) and its subdirs writable.
#      3. directory TMPDIR (/tmp by default) writeable
# 
# 
# The first (main) target of this makefile is 'all'. This target runs
# several short client-server sessions. Currently, the set includes the
# following sessions: RMI session over plan socket
# (run_cs_rmissl_noauth) JMX session over plan socket
# (run_cs_jmx_no_ssl) RMI session over SSL socket
# (run_cs_rmissl_auth_dflt) JMX session over SSL socket, JKS keys
# (run_cs_jmx_ssl_dflt_k) RMI session over SSL socket, programmatic
# SLL setup for RMI (run_cs_rmissl_auth_prog)
# 
# 
# Each of these targets can be invoked individually in any order.
# 
# To retrieve an MBean's info or specific MBean attribute, use the following
# commands:
# 
#    make ping
#           this prints out info for singleton bean java.lang:type=Runtime
#    make ping BEAN=oracle.jvm:type=OracleRuntime
#           this prints out info for bean OracleRuntime
#    make ping BEAN=java.lang:type=MemoryPool,name='New Generation'
#           this prints out info for memory pool 'New Generation'
# 
#    make get
#           this retrieves attribute InputArguments of singleton bean java.lang:type=Runtime
#    make get ATTR=VmName   
#           this retrieves attribute VmName of the Runtime MBean
#    make get BEAN=oracle.jvm:type=OracleRuntime ATTR=NewspaceSize
#           this retrieves attribute NewspaceSize of singleton bean OracleRuntime
#    make get BEAN=java.lang:type=MemoryPool,name='New Generation' ATTR=UsageThreshold
#           this retrieves attribute UsageThreshold  of memory pool 'New Generation'
################################################################################

include $(ORACLE_HOME)/javavm/demo/unix.mk
include $(ORACLE_HOME)/javavm/demo/java.mk

all: run_cs_all_modes

#####  Variables  ##############################################################

OUT=@echo 

# this directory needs be writeable
TMPDIR=/tmp

ifndef BEAN
BEAN=java.lang:type=Runtime
endif

ifndef ATTR
ATTR=InputArguments
endif

ORAPKI_CLASSPATH = $(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)oraclepki.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)osdt_cert.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)jlib$(DIRSEP)osdt_core.jar

ORAPKI_JARS = $(subst $(PATHSEP), ,$(ORAPKI_CLASSPATH))

MAKE_CLASSPATH = .$(PATHSEP)$(JAVA_HOME)$(DIRSEP)lib$(DIRSEP)tools.jar$(PATHSEP)$(JAVA_HOME)$(DIRSEP)jre$(DIRSEP)lib$(DIRSEP)rt.jar$(PATHSEP)$(JAVA_HOME)$(DIRSEP)lib$(DIRSEP)jconsole.jar$(PATHSEP)$(ORACLE_HOME)$(DIRSEP)javavm$(DIRSEP)lib$(DIRSEP)aurora.zip$(PATHSEP)$(ORAPKI_CLASSPATH)


CLASSES = \
  common/DBPropsMBean.class \
  common/RMISSLServerSocketFactory.class \
  common/RMISSLClientSocketFactory.class \
  common/TestParamsRMISSL.class \
  common/PermissionManagerMBean.class \
  common/WorkLoadMBean.class \
  common/OJVMMBean.class \
  jmxclcl/Messages.class \
  jmxclcl/ProxyClient.class \
  jmxclcl/CLJconsole.class \
  jmxclcl/TestParamsRMISSLClient.class  \
  jmxserv/PermissionManager.class \
  jmxserv/FilePermission.class \
  jmxserv/PropertyPermission.class \
  jmxserv/DBProps.class \
  jmxserv/OJVM.class \
  jmxserv/TestParamsRMISSLImpl.class \
  jmxserv/Load.class \

CLASSES_JDK16 = \
  com/sun/management/GcInfo.class


LOADJAVA = loadjava -verbose -force -resolve 

###### Certificates, Keys, Keystores ###########################################
KEYTOOL = $(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)keytool
SERVER_DN = "CN=OJVM JMX, OU=OJVM, O=Oracle, L=Redwood Shores, ST=CA, C=US"
CLIENT_DN = "CN=JMX Client, OU=JMXCLient, O=Demo, L=Somewhere, ST=CA, C=US"
CA_DN = "CN=Demo CA, C=US"

#####  Aux Targets  ############################################################

prep_jdk16:
	(cd ./com/sun/management/; cat GcInfo16.txt > GcInfo.java)
	$(RMRF) rmrf_jdk16.stamp

rmrf_jdk16.stamp:
	$(RMRF) com/sun/management/GcInfo.java > rmrf_jdk16.stamp
rmrf_jdk16: rmrf_jdk16.stamp


compile: rmrf_jdk16  $(CLASSES)

compile_jdk16: prep_jdk16
	$(MAKE) JAVA_HOME=$(JDKHOME_16) $(CLASSES_JDK16)

setup_schema_stamp:
	sqlplus /nolog @setup.sql $(SYSPASSWD)
	touch setup_schema_stamp

jmxserv.jar: $(CLASSES)
	$(RMRF) jmxserv.jar jmxserv_jar_load_stamp
	$(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -cf jmxserv.jar jmxserv/*.class common/*.class
	$(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -tvf jmxserv.jar

jdk16patch.jar: compile_jdk16
	$(RMRF) jdk16patch.jar
	$(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -cf jdk16patch.jar com/sun/management/*.class
	$(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)jar -tvf jdk16patch.jar

jmxserv_jar_load_stamp:
	$(LOADJAVA) -u jmxdemo/jmxdemo jmxserv.jar
	touch jmxserv_jar_load_stamp

setup_java: compile jmxserv.jar jmxserv_jar_load_stamp

setup_wrappers_stamp: wrappers.sql
	sqlplus /nolog @wrappers.sql
	touch setup_wrappers_stamp

run_workload:
	sqlplus /nolog @run.sql

run_workload_ssl:
	sqlplus /nolog @run_ssl.sql

setup: setup_schema_stamp setup_java setup_wrappers_stamp

setup_run_workload: setup run_workload
setup_run_workload_ssl: setup run_workload_ssl

#####  JKS Key Management for SSL ##############################################

SSL_CL_DFILE_K =  -Djavax.net.ssl.trustStore=$(TMPDIR)/client_truststore -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore -Djavax.net.ssl.keyStorePassword=client_demo_pswd 

SSL_CL_DFILE_O =  -Djavax.net.ssl.trustStore=$(TMPDIR)/client_truststore_dir/ewallet.p12 -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.keyStorePassword=client_demo_pswd -Djavax.net.ssl.keyStoreType=PKCS12  -Djavax.net.ssl.trustStoreType=PKCS12 

SSL_CL_DFILE_O_SAMPLE_PKCS12 =  -Djavax.net.ssl.trustStore=$(TMPDIR)/certificates1/truststore/ewallet.p12 -Djavax.net.ssl.keyStore=$(TMPDIR)/certificates1/client_wallet/ewallet.p12 -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=welcome123  -Djavax.net.ssl.trustStorePassword=welcome123

SSL_CL_DFILE_O_SAMPLE_SSO =  -Djavax.net.ssl.trustStore=$(TMPDIR)/certificates1/truststore/cwallet.sso -Djavax.net.ssl.keyStore=$(TMPDIR)/certificates1/client_wallet/cwallet.sso -Djavax.net.ssl.keyStoreType=SSO -Djavax.net.ssl.trustStoreType=SSO 

SSL_CL_DFILE_O_CA_PKCS12 =  -Djavax.net.ssl.trustStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.trustStorePassword=client_demo_pswd -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/ewallet.p12 -Djavax.net.ssl.keyStorePassword=client_demo_pswd -Djavax.net.ssl.keyStoreType=PKCS12  -Djavax.net.ssl.trustStoreType=PKCS12 

SSL_CL_DFILE_O_CA_SSO = -Djavax.net.ssl.trustStore=$(TMPDIR)/client_keystore_dir/cwallet.sso -Djavax.net.ssl.keyStore=$(TMPDIR)/client_keystore_dir/cwallet.sso  -Djavax.net.ssl.keyStoreType=SSO  -Djavax.net.ssl.trustStoreType=SSO

keytool_keystores_clean:
	$(RMRF) *_keystore *_truststore $(TMPDIR)/*_keystore $(TMPDIR)/*_truststore  *_public_key *_jks.* keytool_*

# keytool_keystores.log: this target uses Java 'keytool' to create
# keystore and truststore.  After keytool_keystores.log finishes, the
# follwing files are created:
#
# server_keystore     keystore holding server private key
# server_truststore   keystore holding server public certificate
# client_keystore     keystore holding client private key
# client_truststore   keystore holding client public certificate
# server_public_key   key exported from server_keystore to be put in client_truststore
# client_public_key   key exported from client_keystore to be put in server_truststore  
keytool_keystores.log: 
	echo 'new JKS certificate material' > keytool_keystores.log
	echo "server_demo_pswd" > keytool_input
	echo "" >> keytool_input
	$(KEYTOOL) -genkey -v -keyalg RSA -alias server_key -keystore server_keystore -dname $(SERVER_DN) < keytool_input >> keytool_keystores.log
	echo "client_demo_pswd" > keytool_input
	echo "" >> keytool_input
	$(KEYTOOL) -genkey -v -keyalg RSA -alias client_key -keystore client_keystore -dname $(CLIENT_DN)  < keytool_input >> keytool_keystores.log
	echo "server_demo_pswd" > keytool_input
	$(KEYTOOL) -list -keystore server_keystore < keytool_input >> keytool_keystores.log
	$(KEYTOOL) -export -rfc -keystore server_keystore -alias server_key -file server_public_key < keytool_input >> keytool_keystores.log
	echo "client_demo_pswd" > keytool_input
	echo "yes" >> keytool_input
	$(KEYTOOL) -import -alias server -keystore client_truststore -file server_public_key < keytool_input >> keytool_keystores.log
	echo "client_demo_pswd" > keytool_input
	$(KEYTOOL) -list -keystore client_keystore < keytool_input >> keytool_keystores.log
	$(KEYTOOL) -export -rfc -keystore client_keystore -alias client_key -file client_public_key < keytool_input >> keytool_keystores.log
	cp keytool_input $(TMPDIR)/client_input
	echo "server_demo_pswd" > keytool_input
	echo "yes" >> keytool_input
	$(KEYTOOL) -import -alias client -keystore server_truststore -file client_public_key < keytool_input >> keytool_keystores.log
	cp  *_keystore *_truststore $(TMPDIR)
	$(RMRF) server_jks.zip client_jks.zip
	cp keytool_input $(TMPDIR)/server_input
	zip server_jks.zip $(TMPDIR)/server_keystore $(TMPDIR)/server_truststore $(TMPDIR)/server_input
	zip client_jks.zip $(TMPDIR)/client_keystore $(TMPDIR)/client_truststore $(TMPDIR)/client_input
	$(RMRF) $(TMPDIR)/server_input $(TMPDIR)/client_input
	$(LOADJAVA) -u jmxdemo/jmxdemo server_jks.zip


##### Oracle PKCS12 Key Management for SSL #####################################

# use Oracle 'orapki' to create keystore and truststore wallets
# files created by this target:
#
# $(TMPDIR)/server_keystore_dir     directory with pkcs12 keystore holding server private key
# $(TMPDIR)/server_truststore_dir   directory with pkcs12 keystore holding server public certificate
# $(TMPDIR)/client_keystore_dir     directory with pkcs12 keystore holding client private key
# $(TMPDIR)/client_truststore_dir   directory with pkcs12 keystore holding client public certificate
# server_public_key   key exported from $(TMPDIR)/server_keystore_dir to be put in $(TMPDIR)/client_truststore_dir
# client_public_key   key exported from $(TMPDIR)/client_keystore_dir to be put in $(TMPDIR)/server_truststore_dir  

KSOUT =  >> orapki_keystores.log

## we add trusted certs twice, one time does not alays work
orapki_keystores.log: 
	echo '---- new PKCS12 certificate material' > orapki_keystores.log
	echo "server_demo_pswd" > keytool_input
	echo "server_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/server_keystore_dir  < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -keysize 1024 -self_signed -validity 100 < keytool_input $(KSOUT)
	echo "----  server keystore wallet: "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT)
	orapki wallet export -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -cert server_public_key < keytool_input $(KSOUT)
	echo "----  cert server_public_key: "   $(KSOUT)
	orapki cert display -cert server_public_key -complete  $(KSOUT)
	echo "client_demo_pswd" > keytool_input
	echo "client_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/client_keystore_dir  < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -keysize 1024 -self_signed -validity 100 < keytool_input  $(KSOUT)
	echo "----  client keystore wallet: "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT)
	orapki wallet export -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN)  -cert client_public_key < keytool_input
	echo "----  cert client_public_key: "   $(KSOUT)
	orapki cert display -cert client_public_key -complete  $(KSOUT)
	echo "server_demo_pswd" > keytool_input
	echo "server_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/server_truststore_dir -auto_login < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/server_truststore_dir -trusted_cert -cert client_public_key < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/server_truststore_dir -trusted_cert -cert client_public_key < keytool_input $(KSOUT)
	echo "----  server truststore wallet, must have client trusted cert "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_truststore_dir < keytool_input $(KSOUT)
	echo "client_demo_pswd" > keytool_input
	echo "client_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/client_truststore_dir -auto_login < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/client_truststore_dir -trusted_cert -cert server_public_key < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/client_truststore_dir -trusted_cert -cert server_public_key < keytool_input $(KSOUT)
	echo "----  client truststore wallet, must have server trusted cert "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_truststore_dir < keytool_input $(KSOUT)
 
orapki_keystores_clean:
	$(RMRF) $(TMPDIR)/*_keystore_dir $(TMPDIR)/*_truststore_dir  *_public_key keytool_input orapki_keystores.log


orapki_keystores-ca.log: 
	echo '---- First we Creatre a Certificate authority ' > orapki_keystores.log
	echo "ca_demo_pswd" > keytool_input
	echo "ca_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/ca_keystore_dir  < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/ca_keystore_dir -dn $(CA_DN) -keysize 2048 -self_signed -validity 100 < keytool_input $(KSOUT)
	echo "----  CA keystore wallet: "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/ca_keystore_dir < keytool_input $(KSOUT)
	orapki wallet export -wallet $(TMPDIR)/ca_keystore_dir -dn $(CA_DN) -cert $(TMPDIR)/ca_keystore_dir/ca_public_key < keytool_input $(KSOUT)
	echo "----  cert server_public_key: "   $(KSOUT)
	orapki cert display -cert $(TMPDIR)/ca_keystore_dir/ca_public_key  -complete  $(KSOUT)
	echo '---- Second, create new server wallets (PKCS12 and SSO)'   $(KSOUT)
	echo "server_demo_pswd" > keytool_input
	echo "server_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/server_keystore_dir  < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -keysize 2048  -validity 100 < keytool_input $(KSOUT)
	echo "----  server keystore wallet: "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT)
	echo "----  Export certificate request "   $(KSOUT)
	orapki wallet export -wallet $(TMPDIR)/server_keystore_dir -dn $(SERVER_DN) -request $(TMPDIR)/server_keystore_dir/request < keytool_input $(KSOUT)
	echo "----  Sign the certificate request using the CA and CA's passwords "   $(KSOUT)
	echo "ca_demo_pswd" > keytool_input
	echo "ca_demo_pswd" >> keytool_input
	orapki cert create -wallet $(TMPDIR)/ca_keystore_dir -request $(TMPDIR)/server_keystore_dir/request -cert $(TMPDIR)/server_keystore_dir/server_public_key -validity 100 < keytool_input  $(KSOUT)
	orapki cert display -cert $(TMPDIR)/server_keystore_dir/server_public_key -complete $(KSOUT)
	echo "----  Add the test CA trusted certificate to the wallet "   $(KSOUT)
	echo "server_demo_pswd" > keytool_input
	echo "server_demo_pswd" >> keytool_input
	orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -trusted_cert -cert $(TMPDIR)/ca_keystore_dir/ca_public_key  < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT)
	echo "----  Add the signed server certificate to the wallet "   $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/server_keystore_dir -user_cert -cert $(TMPDIR)/server_keystore_dir/server_public_key  < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT)
	orapki wallet create -wallet $(TMPDIR)/server_keystore_dir -auto_login  < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/server_keystore_dir < keytool_input $(KSOUT)
	echo '---- Third, create new client wallets (PKCS12 and SSO)'   $(KSOUT)
	echo "client_demo_pswd" > keytool_input
	echo "client_demo_pswd" >> keytool_input
	orapki wallet create -wallet $(TMPDIR)/client_keystore_dir  < keytool_input $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -keysize 2048  -validity 100 < keytool_input $(KSOUT)
	echo "----  client keystore wallet: "   $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT)
	echo "----  Export certificate request "   $(KSOUT)
	orapki wallet export -wallet $(TMPDIR)/client_keystore_dir -dn $(CLIENT_DN) -request $(TMPDIR)/client_keystore_dir/request < keytool_input $(KSOUT)
	echo "ca_demo_pswd" > keytool_input
	echo "ca_demo_pswd" >> keytool_input
	echo "----  Sign the certificate request using the CA "   $(KSOUT)
	orapki cert create -wallet $(TMPDIR)/ca_keystore_dir -request $(TMPDIR)/client_keystore_dir/request -cert  $(TMPDIR)/client_keystore_dir/client_public_key -validity 100  < keytool_input  $(KSOUT)
	orapki cert display -cert $(TMPDIR)/client_keystore_dir/client_public_key -complete  $(KSOUT)
	echo "----  Add the test CA trusted certificate to the wallet "   $(KSOUT)
	echo "client_demo_pswd" > keytool_input
	echo "client_demo_pswd" >> keytool_input
	orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -trusted_cert -cert $(TMPDIR)/ca_keystore_dir/ca_public_key  < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT)
	echo "----  Add the signed client certificate to the wallet "   $(KSOUT)
	orapki wallet add -wallet $(TMPDIR)/client_keystore_dir -user_cert -cert $(TMPDIR)/client_keystore_dir/client_public_key  < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT)
	orapki wallet create -wallet $(TMPDIR)/client_keystore_dir  -auto_login < keytool_input $(KSOUT)
	orapki wallet display -wallet $(TMPDIR)/client_keystore_dir < keytool_input $(KSOUT)
	echo "done, see orapki_keystores.log" > orapki_keystores-ca.log



##### Oracle SSO Key Management for SSL #####################################

# use sample-wallets.zip as souce of certificate material
#
# $(TMPDIR)/certificates1/client_wallet/ directory holding client material
# $(TMPDIR)/certificates1/server  directory holding server material

orapki_keystores_sample.stamp: 
	unzip -o -d $(TMPDIR) sample-wallets.zip > orapki_keystores_sample.stamp

##### Client/Server Variables and Targets  ###################################

JAVA_BOOTPATH=
JAVA_BOOTPATH_16=-Xbootclasspath$(PATHSEP)jdk16patch.jar$(PATHSEP)$(JDKHOME_16)$(DIRSEP)jre$(DIRSEP)lib$(DIRSEP)rt.jar

RUN_JAVA = \
 $(JAVA_HOME)$(DIRSEP)jre$(DIRSEP)bin$(DIRSEP)java \
 $(JAVA_BOOTPATH) -classpath $(MAKE_CLASSPATH)
RUN_JAVA_SSL_K  = $(RUN_JAVA) $(SSL_CL_DFILE_K)
RUN_JAVA_SSL_O  = $(RUN_JAVA) -Djavax.net.debug=ssl,handshake,trustmanager  $(SSL_CL_DFILE_O)

CONSOLE_ARGS_SIMPLE = \
 jmxclcl.CLJconsole $(HOSTNAME) -p 9999

RUN_CONSOLE = $(RUN_JAVA) $(CONSOLE_ARGS_SIMPLE)
RUN_CONSOLE_SSL_K = $(RUN_JAVA_SSL_K) $(CONSOLE_ARGS_SIMPLE)
RUN_CONSOLE_SSL_O = $(RUN_JAVA_SSL_O) $(CONSOLE_ARGS_SIMPLE)

run:  compile
	$(RUN_CONSOLE) -r 5 -i 5000

run_jdk16: compile jdk16patch.jar
	$(MAKE) JAVA_HOME=$(JDKHOME_16) JAVA_BOOTPATH=$(JAVA_BOOTPATH_16) run

run_ssl: compile
	$(RUN_CONSOLE_SSL_K)  -r 5 -i 5000


# RMI with no SSL authentication
ifdef DEBUG
 RUN_RMISSL_CLIENT_NO_AUTH = $(RUN_JAVA) jmxclcl.TestParamsRMISSLClient rmi 2019 60 TRACE
else
 RUN_RMISSL_CLIENT_NO_AUTH = $(RUN_JAVA) jmxclcl.TestParamsRMISSLClient rmi 2019 60
endif

# RMI with SSL authentication, Uses the default factory and the default keystore options
RMISSL_PORT = 2021
RMISSL_PORT_PROG = 2017

ifdef DEBUG
 RMISSL_TRACE=TRACE
else
 RMISSL_TRACE=
endif

RUN_RMISSL_CLIENT_KAUTH_DFLT = \
  $(RUN_JAVA_SSL_K) jmxclcl.TestParamsRMISSLClient rmi_ssl_dflt $(RMISSL_PORT) 60 $(RMISSL_TRACE)
RUN_RMISSL_CLIENT_OAUTH_DFLT = \
  $(RUN_JAVA_SSL_O) jmxclcl.TestParamsRMISSLClient rmi_ssl_dflt $(RMISSL_PORT) 60 $(RMISSL_TRACE)

# ..._AUTH_PRG: credentials are not passed on command line, but
# instead passed in an archive that is added to the classpath.
#
# Note: this assumes that RUN_JAVA ends with classpath
RUN_RMISSL_CLIENT_AUTH_PROG = $(RUN_JAVA)$(PATHSEP)client_jks.zip jmxclcl.TestParamsRMISSLClient \
 rmi_ssl_prog $(RMISSL_PORT_PROG) 60 $(DEBUG)
RUN_RMISSL_CLIENT_AUTH_PROG_TRACE = $(RUN_RMISSL_CLIENT_AUTH_PROG) TRACE

run_rmissl_noauth: compile
	$(RUN_RMISSL_CLIENT_NO_AUTH)

run_rmissl_auth_dflt: compile
	$(RUN_RMISSL_CLIENT_KAUTH_DFLT)

run_rmissl_auth_prog: compile
	$(RUN_RMISSL_CLIENT_AUTH_PROG)

# run_cs_* targets work in the following manner: first the client starts
# in a particular configuration, waiting to obtain connection with the
# server. The server is not running at this moment. The client will attempt to obtain JMX connection for 10
# secs before reporting a failure. For that, each client invocation
# contains '-ht 10000'. The client process is forked with '&' as child
# process. Next line starts the server in compatible mode. This
# usually takes less than 10 secs and the client is able to
# communicate. Each client invocation contains -invoke
# jmxserv:type=Load stop which tells the Load bean (class
# jmxserv.Load) to stop the workload. This way, both the client and
# the server gracefully close connections and workload. run_cs_all_modes
# can execute several modes in a row. 

ifdef DEBUG
  RMISSL_SERV_OPTIONS_PROG = 'ssl', 'prog', $(RMISSL_PORT_PROG) , 'trace'
  RMISSL_SERV_OPTIONS_DEFAULT = 'ssl', 'default', $(RMISSL_PORT), 'trace'
else
  RMISSL_SERV_OPTIONS_PROG = 'ssl', 'prog', $(RMISSL_PORT_PROG)
  RMISSL_SERV_OPTIONS_DEFAULT = 'ssl', 'default', $(RMISSL_PORT)
endif

CONSOLE_ARGS_SAMPLE_AND_STOP = \
 -sc jmxserv:type=Load Count1 ne 0 -invoke jmxserv:type=Load stop

CONSOLE_SAMPLE_AND_STOP = \
 $(RUN_CONSOLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP)

CONSOLE_SAMPLE_AND_STOP_SSL_K = \
 $(RUN_CONSOLE_SSL_K) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 

CONSOLE_SAMPLE_AND_STOP_SSL_O = \
 $(RUN_CONSOLE_SSL_O) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 


OUT2SEP = @echo "\#" ; echo "\#"
# RMI with no SSL authentication
run_cs_rmissl_noauth: setup
	$(OUT2SEP)
	$(OUT) "###   plain RMI "
	$(OUT2SEP)
	echo "call wrappers.rmi();" > rmi.tmp
	echo "quit" >> rmi.tmp
	make run_rmissl_noauth & # on port 2019, default value
	sqlplus jmxdemo/jmxdemo @rmi.tmp


configure_ssl_sql_keytool:
	sed -e 's,TYPE,JKS,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,server_demo_pswd,g'  \
  -e 's,KEYST,server_keystore,g' -e 's,TRUSTST,server_truststore,g'  prepSSL.sql  > configure_SSL.tmp


# RMI with SSL authentication.
# Uses the default factory and the default method of configuring keystores via javax.net.ssl.*.
run_cs_rmissl_auth_dflt: setup keytool_keystores.log  configure_ssl_sql_keytool
	$(OUT2SEP)
	$(OUT) "###   RMI with SSL, default authentication"
	$(OUT2SEP)
	echo "@configure_SSL.tmp" > rmi.tmp
	echo "call wrappers.rmi( $(RMISSL_SERV_OPTIONS_DEFAULT) );" >> rmi.tmp
	echo "quit" >> rmi.tmp
	make run_rmissl_auth_dflt &
	sqlplus jmxdemo/jmxdemo @rmi.tmp

# RMI with SSL authentication. 
# Key/trust stores are created and initialized programmatically
run_cs_rmissl_auth_prog: setup keytool_keystores.log 
	$(OUT2SEP)
	$(OUT) "###   RMI with SSL, programmatic setup"
	$(OUT2SEP)
	echo "call wrappers.rmi( $(RMISSL_SERV_OPTIONS_PROG) );" > rmi.tmp
	echo "quit" >> rmi.tmp
	make  run_rmissl_auth_prog &
	sqlplus jmxdemo/jmxdemo @rmi.tmp

# JMX-monitor all available MBeans, no SSL
run_cs_jmx_no_ssl: setup
	$(OUT2SEP)
	$(OUT) "###   JMX, no SSL"
	$(OUT2SEP)
	$(CONSOLE_SAMPLE_AND_STOP) -s PASS -f FAIL &
	sqlplus /nolog  @run.sql

# JMX-monitor all available MBeans, with SSL with JKS material, in file-based mode.  On
# the server, the javax.net.ssl.* property settings done is SQL using
# dbms_java.set_property in file configure_SSL.
# On the client side, -Djavax.net.ssl.* are used.
run_cs_jmx_ssl_dflt_k: setup keytool_keystores.log  configure_ssl_sql_keytool
	$(OUT2SEP)
	$(OUT) "###   JMX with SSL, default authentication using keytool material"
	$(OUT2SEP)
	$(CONSOLE_SAMPLE_AND_STOP_SSL_K) -s PASS -f FAIL &
	sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp 

InstallOraPki.stamp:
	echo "public class InstallOraPki {static public void main(String[] av) {" > InstallOraPki.java
	echo " System.setProperty(\"oracle.pki.debug\",\"true\"); "  >> InstallOraPki.java
	echo " System.setProperty(\"oracle.pki.trace\",\"10\"); "  >> InstallOraPki.java
	echo " oracle.security.pki.OraclePKIProvider op = new oracle.security.pki.OraclePKIProvider(); " >> InstallOraPki.java
	echo " System.out.println(\"OraclePKIProvider: \" + op); " >> InstallOraPki.java
	echo " java.security.Security.insertProviderAt(op, 3);" >> InstallOraPki.java
	echo " System.out.println(\"OraclePKIProvider inserted\"); }} " >> InstallOraPki.java
	$(JAVA_HOME)$(DIRSEP)bin$(DIRSEP)javac -g -classpath $(MAKE_CLASSPATH) InstallOraPki.java
	echo "debug and not " $(RMRF) InstallOraPki.java
	loadjava -verbose -u jmxdemo/jmxdemo $(ORAPKI_JARS) InstallOraPki.class
	echo "done" > InstallOraPki.stamp

setup_opki.stamp:
	echo "call dbms_java.grant_permission('JMXDEMO', 'SYS:java.security.SecurityPermission', 'putProviderProperty.*', '' );" > setup_opki.tmp
	echo "call dbms_java.grant_permission( 'JMXDEMO', 'SYS:java.security.SecurityPermission', 'insertProvider.*', '' );" >> setup_opki.tmp
	echo "call dbms_java.grant_permission( 'JMXDEMO', 'SYS:java.util.PropertyPermission', 'oracle.pki.*', 'write' );" >> setup_opki.tmp
	echo "quit" >> setup_opki.tmp
	sqlplus / as sysdba @setup_opki.tmp
	echo "done" > setup_opki.stamp

configure_ssl_sql_orapki_pkcs12.stamp: InstallOraPki.stamp setup_opki.tmp
	sed -e 's,TYPE,PKCS12,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,server_demo_pswd,g'  \
  -e 's,KEYST,server_keystore_dir/ewallet.p12,g' -e 's,TRUSTST,server_truststore_dir/ewallet.p12,g'  prepSSL.sql  > configure_SSL.tmp
	echo "call wrappers.setup_opki();" >> configure_SSL.tmp
	echo "done" >> configure_ssl_sql_orapki_pkcs12.stamp

# Here we use SSO wallets that come from sample-wallets.zip. 
# When SSO type is used for key and truststores, passwords are not needed.
configure_ssl_sql_orapki_sso.stamp: orapki_keystores_sample.stamp InstallOraPki.stamp setup_opki.stamp
	sed -e 's,TYPE,SSO,g' -e 's,DIR,$(TMPDIR),g' -e 's,PSW,does not matter,g'  \
  -e 's,KEYST,certificates1/server/cwallet.sso,g' -e 's,TRUSTST,certificates1/truststore/cwallet.sso,g'  prepSSL.sql  > configure_SSL.tmp
	echo "call wrappers.setup_opki();" >> configure_SSL.tmp
	echo "done" >> configure_ssl_sql_orapki_sso.stamp


# JMX-monitor all available MBeans, with SSL with PKCS12 oracle wallet
# material, in file-based mode.  On the server, the javax.net.ssl.*
# property settings done is SQL using dbms_java.set_property in file
# configure_SSL.  On the client side, -Djavax.net.ssl.* are used.
run_cs_jmx_ssl_dflt_o: setup orapki_keystores.log configure_ssl_sql_orapki_pkcs12.stamp 
	$(OUT2SEP)
	$(OUT) "###   JMX with SSL, authentication using OW/orapki PKCS12 material, javax flags"
	$(OUT2SEP)
	$(CONSOLE_SAMPLE_AND_STOP_SSL_O) -s PASS -f FAIL -ssl default_orapki -d &
	sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp 

# JMX-monitor all available MBeans, with SSL with SSO oracle wallet
# material, in file-based mode.  On the server, the javax.net.ssl.*
# property settings done is SQL using dbms_java.set_property in file
# configure_SSL.  On the client side, -Djavax.net.ssl.* are used.
run_cs_jmx_ssl_dflt_o_sso: setup configure_ssl_sql_orapki_sso.stamp
	$(OUT2SEP)
	$(OUT) "###   JMX with SSL, authentication using OW/orapki SSO material, javax flags"
	$(OUT2SEP)
	$(RUN_JAVA)  -Doracle.pki.debug=true -Doracle.pki.trace=10  -Djavax.net.debug=ssl,handshake,trustmanager  $(SSL_CL_DFILE_O_SAMPLE_SSO)  $(CONSOLE_ARGS_SIMPLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP) -ht 25 -s PASS -f FAIL -ssl default_orapki -d &
	sqlplus /nolog @run_ssl.sql # uses configure_SSL.tmp 

# in this configuration the javax.net.ssl.* property settings on the
# server are _not_ administered by means of dbms_java.set_property in
# prepSSL.sql, but instead done in java code Load.setup_ssl(...) 
# invoked from the PLSQL wrapper wrappers.setup_ssl.
run_cs_jmx_ssl_dflt__rmi_piggyback: setup keytool_keystores.log 
	echo "call wrappers.setup_ssl('default');" > rmi_and_jmx.tmp
	grep "call " run_ssl.sql >> rmi_and_jmx.tmp
	echo "quit" >> rmi_and_jmx.tmp
	$(CONSOLE_SAMPLE_AND_STOP_SSL) -s PASS -f FAIL &
	sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp

run_cs_jmx_ssl_dflt__rmi_piggyback_2: setup keytool_keystores.log 
	echo "call wrappers.setup_ssl('default');" > rmi_and_jmx.tmp
	grep "call " run_ssl.sql >> rmi_and_jmx.tmp
	echo "quit" >> rmi_and_jmx.tmp
	$(CONSOLE_SAMPLE_AND_STOP_SSL) -s PASS -f FAIL -ssl default &
	sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp

# in this mode, SSL is configured programmatically on the server and
# with default implementation on the client. Not yet working properly.
run_cs_jmx_ssl_prog_dflt: setup keytool_keystores.log 
	echo "call wrappers.setup_ssl('prog');" > rmi_and_jmx.tmp
	grep "call " run_ssl.sql >> rmi_and_jmx.tmp
	echo "quit" >> rmi_and_jmx.tmp
	$(RUN_JAVA)$(PATHSEP)client_jks.zip  $(CONSOLE_ARGS_SIMPLE) $(CONSOLE_ARGS_SAMPLE_AND_STOP)  -s PASS -f FAIL -ssl prog &
	sqlplus jmxdemo/jmxdemo @rmi_and_jmx.tmp

run_cs_all_modes: \
 run_cs_rmissl_noauth \
 run_cs_jmx_no_ssl \
 run_cs_rmissl_auth_dflt \
 run_cs_jmx_ssl_dflt_k \
 run_cs_rmissl_auth_prog
	echo `time`

##### MBean Info, Attributes, Operations ##################################################

# Ping an MBean. This retrieves the bean which name descriptor is passed as BEAN
# variable or java.lang:type=Runtime by default.
# examples:
#    make ping
#           this prints out info for singleton bean java.lang:type=Runtime
#    make ping BEAN=oracle.jvm:type=OracleRuntime
#           this prints out info for bean OracleRuntime
#    make ping BEAN=java.lang:type=MemoryPool,name='New Generation'
#           this prints out info for memory pool 'New Generation'
ping: compile
	$(RUN_CONSOLE) -noReport -beanInfo "$(BEAN)"

# Get an attribute of an MBean. This retrieves an attribute of a bean
# examples:
#    make get
#           this retrieves attribute InputArguments of singleton bean java.lang:type=Runtime
#    make get ATTR=VmName   
#           this retrieves attribute VmName of the Runtime MBean
#    make get BEAN=oracle.jvm:type=OracleRuntime ATTR=NewspaceSize
#           this retrieves attribute NewspaceSize of singleton bean OracleRuntime
#    make get BEAN=java.lang:type=MemoryPool,name='New Generation' ATTR=UsageThreshold
#           this retrieves attribute UsageThreshold  of memory pool 'New Generation'
get: compile
	$(RUN_CONSOLE) -noReport -getAttribute "$(BEAN)" "$(ATTR)"

##### Clesn, Clobber, etc.  ####################################################

clean: rmrf_jdk16 keytool_keystores_clean orapki_keystores_clean
	$(RMRF) *.tmp InstallOraPki.* Test*.*
	$(RMRF) `find . -name \*.class`  *stamp *.~?~ */*.~?~ 

clobber: clean 

show-variables:
	$(OUT) "pwd:" `pwd`



##### End ######################################################################


