Encrypting and Decrypting the Oracle Identity Manager user password as follows
1. Create the config directory
Create the config directory and its required to encrypt and decrypt the password. The following way to create the config directory in your home.
mkdir config
mkdir config/fwmconfig
2. Copy the WeB Logic Config Files
Copy the WebLogic OIM Domain config files to the config/fmwconfig directory. The config files are located in $DOMAIN_HOME/config/fmwconfig.
xlserver.cert
xell.csr
usermessagingconfig.xml
system-jazn-data.xml
policy-accessor-config.xml
opss-resource-types.xml
logging-template.xml
keystores.xml
jps-config.xml
jps-config-jse.xml
default-keystore.jks
.xldatabasekey
3. Setup the Class Path
If your Decrypting the password at the web logic server level, the following class path needs to be set. They are
1. source $DOMAIN_HOME/bin/setDomainEnv.sh
2. export CLASSPATH=$OIM_ORACLE_HOME/server/platform/iam-platform-utils.jar:$WL_HOME/server/lib/wlfullclient.jar:$OIM_ORACLE_HOME/designconsole/ext/spring.jar:$OIM_ORACLE_HOME/designconsole/lib/oimclient.jar:$OIM_ORACLE_HOME/designconsole/ext/commons-logging.jar:$CLASSPATH
If your going to decrypt the user password using eclipse IDE, set the following jar files into the eclipse classpath. They are
commons-logging.jar
fmw_audit.jar
glassfish.jaxb_1.0.0.0_2-1-12.jar
iam-platform-utils.jar
identitystore.jar
jacc-spi.jar
jps-api.jar
jps-az-api.jar
jps-az-common.jar
jps-az-management.jar
jps-az-rt.jar
jps-az-sspi.jar
jps-common.jar
jps-ee.jar
jps-internal.jar
jps-jboss-deployer.jar
jps-jboss.jar
jps-manifest.jar
jps-mbeans.jar
jps-patching.jar
jps-pep.jar
jps-platform.jar
jps-unsupported-api.jar
jps-upgrade.jar
jps-was.jar
jps-wls-trustprovider.jar
jps-wls.jar
jrf-api.jar
mdsrt.jar
oimclient.jar
opss-patch-wlst.jar
opss-patch.jar
oracle.security.jps.was.deployment.jar
oraclepki.jar
osdt_cert.jar
osdt_core.jar
osdt_xmlsec.jar
spring.jar
wlfullclient.jar
4. Execute the Sample Code
The Sample Code is given below to encrypt and decrypt the password.
package dcrpwd;
import com.thortech.xl.crypto.*;
public class DecryptPassword
{
public static void main(String[] args) throws tcCryptoException
{
String encryptPwd= tcCryptoUtil.encrypt("testpwd123","DBSecretKey");
System.out.println(encryptPwd);
String decryptPwd = tcCryptoUtil.decrypt(encryptPwd,"DBSecretKey" );
System.out.println(decryptPwd );
}
}
java -Doracle.security.jps.config=<Location Of the jps-config.xml file> -DDOMAIN_HOME=<Specify the Before config directory> dcrpwd.DecryptPassword
Final Sample Execution
java -Doracle.security.jps.config=c:/sample/config/fmwconfig/jps-config.xml -DDOMAIN_HOME=c:/sample dcrpwd.DecryptPassword
Final Execution Output in eclipse:
I have highlighted the encryption and decryption string in bold font below.
May 27, 2014 11:31:16 AM org.springframework.context.support.AbstractApplicationContext prepareRefresh
INFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@7f8bea70: display name [org.springframework.context.support.ClassPathXmlApplicationContext@7f8bea70]; startup date [Tue May 27 11:31:16 PDT 2014]; root of context hierarchy
May 27, 2014 11:31:16 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource [META-INF/iam-spring-config.xml]
May 27, 2014 11:31:16 AM oracle.iam.platform.utils.SpringBeanFactory createBeanFactory
SEVERE: Instantiating Spring Bean Factory Failed.IOException parsing XML document from class path resource [META-INF/iam-spring-config.xml]; nested exception is java.io.FileNotFoundException: class path resource [META-INF/iam-spring-config.xml] cannot be opened because it does not exist
May 27, 2014 11:31:18 AM oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil getMasterKey
WARNING: Failed to get/set credential in credstore.
May 27, 2014 11:31:18 AM oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil getMasterKey
WARNING: Failed to get/set credential in credstore.
WLS ManagedService is not up running. Fall back to use system properties for configuration.
May 27, 2014 11:31:19 AM com.thortech.xl.crypto.tcCryptoHelper getKeyStoreFile
WARNING: Not able to fetch OIMPlatform instance for the given Platform. Hence defaulting to the OIMWebLogicPlatform
6013:DsDvxzJYlY47sP6WUaZNMw==
testpwd123
