Self signed certificates and Oracle 19

Problem 

Starting with Oracle 19 you need to do some additional steps to allow Java calls within your Oracle 19 db to access self signed web services or other ssl/https resources. You'll notice the problem with error like the following while calling an https site from java within Oracle 19:

ORA-29532: Java-Aufruf durch nicht abgefangene Java-Ausnahme beendet: java.rmi.RemoteException: java.rmi.RemoteException:; nested exception is: 

                HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Solution

Copy the existing cacerts file located in /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts

to /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt

add your self signed cert with (how to get my cert from an existing web site)

keytool -importcert -trustcacerts \

    -keystore /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt \

    -storepass changeit \

    -file my_ca_cert.crt -alias myrootca \

    -v -noprompt

Load the file into oracle with sqlplus

$ sqlplus / as sysdba

SQL> alter session set container = orclpdb;

SQL> exec dbms_java.loadjava('-schema SYS -grant PUBLIC -dirprefix /home/oracle/database/javavm/jdk/jdk8 /home/oracle/database/javavm/jdk/jdk8/lib/security/cacerts.alt')

or with the CLI Tool 

$ cd /home/oracle/database/javavm/jdk/jdk8

$ loadjava -user sys@db -v -schema SYS -grant PUBLIC  \

    /lib/security/cacerts.alt

Flyway spring.jpa.hibernate.ddl-auto=validate fails with Oracle synonyms

Using Flyway alongside with Hibernate is a nice matchmaker. Within one of the Spring Boot project I noticed that the flyway validate fails. Reason was a missing view. But looking deeper into the conf shows a synonym, which is handling the view. Doesn't appear within the dev env because the devs disabled the long running validate.

They got error messages like:

Schema-validation: missing table

Schema-validation: missing column

Easy to get rid of this within a spring boot app if you know how. Here is my thought on that:

spring.jpa.hibernate.ddl-auto=validate

spring.datasource.hikari.datasource-properties.includeSynonyms=true

spring.jpa.properties.hibernate.synonyms=true

will help Spring Boot to configure the hikari pool and the hibernate source to also use synonyms for the metadata exploration.

Take care to also add config for tomcat or any other pool, if you don't use the spring default hikari pool.

Windows Subsystem for Linux (WSL)

If you need a real linux shell on your Windows 10 system follow these steps

1. Ensure "Windows-Subsystem for Linux" is active on your machine with the following cmd in a admin power shell

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

2. Restart your machine if asked

3. Download the linux distribution of your choice via wget 

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1604 -OutFile Ubuntu.appx –UseBasicParsing

or within you browser  

https://www.microsoft.com/en-us/p/debian/9msvkqc78pk6?activetab=pivot:overviewtab

or even from the MS App Store. 

You'll find a list of distributions here 

• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• OpenSUSE Leap 15
• OpenSUSE Leap 42
• SUSE Linux Enterprise Server 12
• SUSE Linux Enterprise Server 15
• Kali Linux
• Debian GNU/Linux
• Fedora Remix for WSL
• Pengwin
• Pengwin Enterprise
• Alpine WSL

4. Install distribution with

Add-AppxPackage .\Ubuntu.Appx

5. If you now search for Ubuntu in your start menu, you'll find your ready to rock linux console in windows

Appcelerator Titanium projects with IntelliJ

Developing Appcelerator mobile Apps is usually done within the Axway Appcelerator Studio. I'm using IntelliJ to develop most of my apps and here is the way how you could build and run you Appcelerator projects.

Open the project and create a package.json like this:

{
  "name": "my-app",
  "version": "1.0.0",
  "description": "Sample package.json for running titanium apps within IntelliJ.",
  "main": "index.js",
  "directories": {},
  "scripts": {
    "setup": "./node_modules/.bin/titanium sdk install 8.3.1.GA --default",
    "clean": "./node_modules/.bin/titanium clean",
    "build": "npm run build:android && npm run build:ios",
    "build:android": "./node_modules/.bin/titanium build -p android -b",
    "build:android:full": "npm run build:android",
    "build:ios": "./node_modules/.bin/titanium build -p ios -b",
    "build:ios:full": "npm run build:ios",
    "init:android": "npm install && npm run setup | $ANDROID_HOME/tools/bin/sdkmanager --licenses",
    "init:ios": "npm install",
    "android": "./node_modules/.bin/titanium build -p android -T emulator -C HUGO",
    "ios": "./node_modules/.bin/titanium build -p ios -T simulator -C HUGO",
    "download:android:sdk": "$ANDROID_HOME/tools/bin/sdkmanager \"platform-tools\" \"platforms;android-29\" \"build-tools;29.0.2\" \"emulator\" \"ndk-bundle\" \"system-images;android-29;google_apis_playstore;x86\"",
    "create:avd": "echo \"no\"| $ANDROID_HOME/tools/bin/avdmanager create avd -f -n Pixel_2_API_28 -k \"system-images;android-29;google_apis_playstore;x86\" -d \"pixel\"",
    "configure:avd": "for f in ~/.android/avd/*.avd/config.ini; do echo 'hw.keyboard=yes' >> \"$f\"; done",
    "prepare:env:android": "npm install && npm-run-all init:android download:android:sdk create:avd configure:avd"
  },
  "author": "Andre Dvorak",
  "license": "GPL",
  "homepage": "https://www.kambrium.net",
  "devDependencies": {
    "npm-run-all": "4.1.5"
  },
  "dependencies": {
    "alloy": "1.14.1",
    "titanium": "5.2.1"
  }
}

To start a device session with your new app just open the package.json an select

1. "setup" target
2. "android" target 

After the build you will be asked you for the emulator of choice. You could skip this by replacing HUGO with the name of your favourite emulator.

OAuth2 and Open ID connect

OAuth2 is a standard protocol for authorisation. It is a framework which delegates the user authentication to a service, which manages the user accounts. It provides flows for web, desktop and mobile applications.

https://oauth.net/2/

OpenID Connect is an extension of OAuth2. An OAuth2 server which implements OpenID connect is a so called OpenID provider (OP). The client of an OpenID connect server is called Relying Party (RP).
OpenID Connect offers the possibility to retrieve user profile information beside the access token defined within OAuth2. The user information is delivered within the payload of the id_token or within the access_token.
The following steps are the flow of the authorization code flow of an OP

1. The RP open the app and clicks login
2. The app starts an authorize request by opening the website which is defined within the authorization endpoint and specifies a redirect url
3. The user fills in username and password or any information the OP needs to authorise it's user
4. After the user click's continue on the login page the OP will redirect to the url specified in 2. and add an authorization code as a parameter to the redirect url
5. The app fetches the authorization code and calls the token endpoint with the grant_type "authorization_code" to obtain an access token
6. The OP will reply with an access token, refresh token and a lot of other field defined in oauth2 spec
7. The app could now use the access token to authorize the logged in user
8. Within the access token or as a separat id token the app could extract user profile information delivered by the OP

[ERROR] Unable to find suitable Xcode install

Problem
I was unable to build a titanium appcelerator based app on an iMac. My target was ios. So it seems to me that something must be missing within my xcode install.

Solution
Even if they are installed, configure your xcode cmd line tools. Go to

Xcode->Preferences->Locations

and check that the Command Line Tools are visible like in the following screen

JUnit5 or TestNG

Both frameworks are full of testing features. The list of features is quite similar in both frameworks. Here are a few links you might check out the list of relevant features:

https://www.baeldung.com/junit-vs-testng

https://www.stickyminds.com/article/junit-vs-testng-choosing-framework-unit-testing

https://www.guru99.com/junit-vs-testng.html

I choose TestNG because of a feature which JUnit5 is currently missing

Group Test

This feature let me group my i.e. integration test together and let them run in my master build. With TestNG I could also do a before or after group and initialise my test group or cleanup after group run.

With JUnit5 we got something called Tags. Tags are good for grouping tests together. Let's see if they implement more in this direction in future.