Translate

Wednesday, February 10, 2016

Encrypt/Decrypt Weblogic Server Password..

Encrypt WLS Password - 

  1. Change directory to your domain's bin folder (For Eg. cd c:\bea\user_projects\domains\mydomain\bin)
  2. Execute the setDomainEnv script (For Eg. setDomainEnv.cmd)
  3. Execute java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout.
The following are some sample output from running the utility

 -bash-4.1$ java weblogic.security.Encrypt
Password: *****
{AES}x2TMt6AIrZlpkfiqdV1l2vubITipFV60rAexEz+rCco=

 C:\bea\user_projects\domains\mydomain>java weblogic.security.Encrypt testpwd
{3DES}9HWsf87pJTw=

 You can also use WLST to encrypt clear text strings as below:

C:\bea\user_projects\domains\mydomain>java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> es = encrypt('wbstg2014')
wls:/offline> print es
{3DES}9HWsf87pJTw=
wls:/offline>

Sooner or later while we deal with Weblogic. We may face the situation where you do not remember or recollect the weblogic Admin/Server passwords.

Lets us see how to decrypt the password -

Step 1 -  Navigate to domain/bin

Ex - cd /opt/middleware/oracle/oracle_WL_Home/user_projects/domains/comcast_domain/bin

Run   . ./setDomainEnv.sh


Step2:       Copy the following into a file and save it as decrypt.py (click here to download the file)

import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
    domainHomeAbsolutePath = os.path.abspath(domainHomeName)
    encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
    ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
    clear = ces.decrypt(encryptedPwd)
    print "Decrypted Password:" + clear

try:
    if len(sys.argv) == 3:
        decrypt(sys.argv[1], sys.argv[2])
    else:
        print "INVALID ARGUMENTS"
        print " Usage: java weblogic.WLST decryptPassword.py <DOMAIN_HOME> <ENCRYPTED_PASSWORD>"
        print " Example:"
        print "    java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
    print "Unexpected error: ", sys.exc_info()[0]
    dumpStack()
    raise


Step3 -

copy this file into $domain/security Dir as script needs to access serializedSystemIni and other ldif files in this directory.

Step 4 -

Step4:
     Execute the following command

Syntax:
    java  weblogic.WLST  decrypt.py  . encrypted_password_from_boot.properties

Example:
    java  weblogic.WLST  decrypt.py  . {3DES}H6HVU9HWbD8AD2BHQajnEA==

Note - You need to input the correct encrypted password ( read it from boot.properties) else you will see below issues..

Unexpected error:  weblogic.security.internal.encryption.EncryptionServiceException

Problem invoking WLST - Traceback (innermost last):
  File "/opt/middleware/scripts/decrypt.py", line 14, in ?
  File "/opt/middleware/scripts/decrypt.py", line 9, in decrypt
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:141)
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:189)
    at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)

weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.



Method 2 : 

Below steps can be followed to Decrypt the Passwords in Weblogic.

source $DOMAIN_HOME/bin/setDomainEnv.sh

cd $DOMAIN_HOME/security 
 
 
Please create a file called plainpassword.py with the below contents and save the file.
 
from weblogic.security.internal import *  
from weblogic.security.internal.encryption import *

encryptionService = SerializedSystemIni.getEncryptionService(".")  
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

passwd = raw_input("Enter encrypted password of one which you wanted to decrypt : ")

plainpwd = passwd.replace("\\", "")

print "Plain Text password is: " + clearOrEncryptService.decrypt(plainpwd) 
 
 
 Run the below command to decrypting the password. Enter the encrypted password when prompted.


java weblogic.WLST plainpassword.py  
Initializing WebLogic Scripting Tool (WLST) ...  
Welcome to WebLogic Server Administration Scripting Shell  
Type help() for help on available commands  
Enter encrypted password of one which you wanted to decrypt : {AES}LsGaddassssvQDyibmejXFkf1tWxyndNArAhZ3M5GcnjXWUpJs=  
Plain Text password is: Welcome1234 
 
 
Using this way we can decrypt the encrypted password from boot.propertis
 and db schema passwords stored data source xml files on 
$DOMAIN_HOME/config/jdbc and also we can decrypt the NM password which 
is on config.xml.
 
Thanks,
Srikanth Govada
Step1:
    Open a command prompt and navigate to the domain bin

user_projects/DOMAIN_HOME/bin - See more at: http://middleware7.blogspot.com/2012/09/how-to-decrypt-weblogic-password.html#sthash.QWAGMaTn.dpuf
Posted by at
Labels:

1 comment:

Subscribe to: Post Comments (Atom)