In this article I am going to describe how we can encrypt or
decrypt weblogic/jdbc password using WSLT and
simple python script by following few simple steps.
The weblogic.security.Encrypt utility encrypts clear text strings for use with WebLogic Server. The utility uses the encryption service of the current directory, or the encryption service for a specified WebLogic Server domain root directory.
Note: An encrypted string must have been encrypted by the encryption service in WebLogic Server domain where it will be used. If not, the server will not be able to decrypt the string and vice versa.
You can only run the weblogic.security.Encrypt utility on a machine
that has at least one server instance in a WebLogic Server domain; it cannot be run from a client.
BEA Systems recommends running the utility in the Administration
Server domain directory or on the machine hosting the Administration Server and
specifying a domain root directory.
1)
In order to decrypt weblogic password using WLST , follow the below
mentioned steps:-
•
Login to the Server and nevigate to the oracle Bin director
(<MW_HOME>/oracle_common/common/bin) and execute the wlst.sh
./wlst.sh
•
You will get WLST prompt in offline mode, invoke the following
command
wls:/offline> domain =
"/u01/domains/domain_name"
·
Run the below mentioned commands
wls:/offline> service =
weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption
= weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print
encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE/=")
weblogic123
wls:/offline>
Note: encrypted string starting
with AES, you can find in config.xml or boot.properties.
2)
In order to decrypt weblogic password using WLST and
Python script , follow the below mentioned steps:-
•
Create a Python script within the server using VI editor (if you are
using Linux/Unix server) and named it as <filename>.py for example in my
case I have created /opt/oracle/stage/DecryptPassword.py
from weblogic.security.internal
import *
from
weblogic.security.internal.encryption import *
passwd = "{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE/="
secPath = "/u01/domains/oam_domain/security/"
encService =
SerializedSystemIni.getEncryptionService(secPath)
coeService =
ClearOrEncryptedService(encService)
print "password is :
" + coeService.decrypt(passwd)
Note :- In order to encrpyt weblogic password using WLST and Python script
just change the the last line of the script to
“” print "password: " + coeService.encrypt(passwd) “” and put the password in
clear text as the value of passwd (i.e passwd = “weblogic123” )
•
Run the script using wlst command
<MW_HOME>/oracle_common/common/bin/wlst.sh
/opt/oracle/stage/DecryptPassword.py
Output of the command:-
Initializing WebLogic
Scripting Tool (WLST) ...
Welcome to WebLogic Server
Administration Scripting Shell
Type help() for help on
available commands
Password is : weblogic123
Issues:-
If you face the undermentioned error while trying to decrypt the
password then the solution is provided after the error message:-
Error :-
Traceback (innermost last):
File "<console>", line 1, in
?
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
at
weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.lang.reflect.Method.invoke(Method.java:606)
weblogic.security.internal.encryption.EncryptionServiceException:
weblogic.security.internal.encryption.EncryptionServiceException
Solution :-
If you have any backward slash symbol that the end then remove the backward
slash and try once again.
i.e. Change the password
from :-
wls:/offline> print
encryption.decrypt("{AES}yM9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMM\=")
To :-
wls:/offline> print
encryption.decrypt("{AES}yM9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMM=")
No comments:
Post a Comment