def _encrypt_attribute(self, folder_name, model_nodes, key):
"""
Encrypt a specific attribute that was flagged as password type.
If the attribute value uses a variable, encrypt the variable and replace the value,
otherwise replace the value in the dictionary with the encrypted value.
:param folder_name: text describing the folder location, used for logging
:param model_nodes: the dictionary containing the attribute
:param key: the key of the model attribute
"""
_method_name = '_encrypt_attribute'
value = model_nodes[key]
variable_names = variable_helper.get_variable_names(value)
if len(variable_names) == 0:
if not EncryptionUtils.isEncryptedString(value):
encrypted_value = EncryptionUtils.encryptString(value, String(self.passphrase).toCharArray())
model_nodes[key] = encrypted_value
self._logger.fine('WLSDPLY-04103', folder_name, key,
class_name=self._class_name, method_name=_method_name)
self.model_changes += 1
else:
self._logger.fine('WLSDPLY-04104', folder_name, key,
class_name=self._class_name, method_name=_method_name)
elif len(variable_names) == 1:
self._encrypt_variable_value(folder_name, key, variable_names[0])
else:
self._logger.warning('WLSDPLY-04105', folder_name, key, len(variable_names), variable_names,
class_name=self._class_name, method_name=_method_name)
def _encrypt_variable_value(self, folder_name, field_name, var_name):
"""
Encrypt the variable value, and replace it in the variable set.
:param folder_name: text describing the folder location, used for logging
:param field_name: the attribute name
:param var_name: the variable name
:return: the number of variable changes
"""
_method_name = '_encrypt_variable_value'
# if variables file was not specified, don't try to encrypt
if self.variables is None:
return
# Do not encrypt already encrypted to match model encryption: Don't encrypt encrypted value
if var_name in self.variables:
var_value = self.variables[var_name]
if len(var_value) > 0:
# don't encrypt an already encrypted variable. Matches logic in model
if EncryptionUtils.isEncryptedString(var_value):
self._logger.fine('WLSDPLY-04109', folder_name, field_name, var_name)
return
encrypted_value = EncryptionUtils.encryptString(var_value, String(self.passphrase).toCharArray())
self.variables[var_name] = encrypted_value
self.variable_changes += 1
self._logger.fine('WLSDPLY-04106', folder_name, field_name, var_name,
class_name=self._class_name, method_name=_method_name)
else:
ex = exception_helper.create_encryption_exception('WLSDPLY-04107', var_name, field_name, folder_name)
self._logger.throwing(ex, class_name=self._class_name, method_name=_method_name)
raise ex
def testDirectEncryption(self):
copy2(self._src_model_file_wo_variables, self._target_model_test1)
args = list()
args.append(
'encrypt') # dummy arg for args[0] to get arg padding right
args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
args.append(self._oracle_home)
args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
args.append(self._target_model_test1)
args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
args.append(self._passphrase)
exit_code = encrypt._process_request(args)
self.assertEquals(exit_code, 0)
model = FileToPython(self._target_model_test1).parse()
passphrase_array = String(self._passphrase).toCharArray()
admin_pass = model['domainInfo']['AdminPassword']
self.assertEquals(admin_pass.startswith('{AES}'), True)
_decrypted_admin_pass = EncryptionUtils.decryptString(
admin_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_admin_pass)),
self._unencrypted_password)
nm_pass = model['topology']['SecurityConfiguration'][
'NodeManagerPasswordEncrypted']
self.assertEquals(nm_pass.startswith('{AES}'), True)
_decrypted_nm_pass = EncryptionUtils.decryptString(
nm_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_nm_pass)),
self._unencrypted_password)
ds1_pass = model['resources']['JDBCSystemResource']['Generic1'][
'JdbcResource']['JDBCDriverParams']['PasswordEncrypted']
self.assertEquals(ds1_pass.startswith('{AES}'), True)
_decrypted_ds1_pass = EncryptionUtils.decryptString(
ds1_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_ds1_pass)),
self._unencrypted_password)
ons_pass = \
model['resources']['JDBCSystemResource']['Generic1']['JdbcResource']['JDBCOracleParams']['OnsWalletPasswordEncrypted']
self.assertEquals(ons_pass.startswith('{AES}'), True)
_decrypted_ons_pass = EncryptionUtils.decryptString(
ons_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_ons_pass)),
self._unencrypted_password)
ds2_pass = model['resources']['JDBCSystemResource']['Generic2'][
'JdbcResource']['JDBCDriverParams']['PasswordEncrypted']
self.assertEquals(ds2_pass.startswith('{AES}'), True)
_decrypted_ds2_pass = EncryptionUtils.decryptString(
ds2_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_ds2_pass)),
self._unencrypted_password)
return
def testMultipleModelsIndirectEncryptionVariables(self):
copy2(self._src_model_file_w_variables, self._target_model_test2)
copy2(self._src_model_file_w_variables_multi, self._target_model_test3)
copy2(self._src_variable_file, self._target_variables_test3)
args = list()
args.append(
'encrypt') # dummy arg for args[0] to get arg padding right
args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
args.append(self._oracle_home)
args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
args.append(self._target_model_test2 + ',' + self._target_model_test3)
args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH)
args.append(self._target_variables_test3)
args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
args.append(self._passphrase)
exit_code = encrypt._process_request(args)
self.assertEquals(exit_code, 0)
model2 = FileToPython(self._target_model_test2).parse()
model3 = FileToPython(self._target_model_test3).parse()
variables = variables_helper.load_variables(
self._target_variables_test3)
passphrase_array = String(self._passphrase).toCharArray()
admin_pass = model2['domainInfo']['AdminPassword']
self.assertNotEquals(admin_pass.startswith('{AES}'), True)
admin_pass = model3['domainInfo']['AdminPassword']
self.assertNotEquals(admin_pass.startswith('{AES}'), True)
admin_pass = variables['admin.password']
self.assertEquals(admin_pass.startswith('{AES}'), True)
_decrypted_admin_pass = EncryptionUtils.decryptString(
admin_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_admin_pass)),
self._unencrypted_password)
nm_pass = model2['topology']['SecurityConfiguration'][
'NodeManagerPasswordEncrypted']
self.assertNotEquals(nm_pass.startswith('{AES}'), True)
nm_pass = variables['nm.password']
self.assertEquals(nm_pass.startswith('{AES}'), True)
_decrypted_nm_pass = EncryptionUtils.decryptString(
nm_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_nm_pass)),
self._unencrypted_password)
ds1_pass = model2['resources']['JDBCSystemResource']['Generic1'][
'JdbcResource']['JDBCDriverParams']['PasswordEncrypted']
self.assertEquals(ds1_pass.startswith('{AES}'), True)
_decrypted_ds1_pass = EncryptionUtils.decryptString(
ds1_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_ds1_pass)),
self._unencrypted_password)
return
def _encrypt_variable_value(passphrase, dict_name, field_name, var_name, variables):
"""
Encrypt the variable value.
:param passphrase: the encryption passphrase
:param dict_name: the model element name
:param field_name: the attribute name
:param var_name: the variable name
:param variables: the variables
:return: the number of variable changes
"""
_method_name = '_encrypt_variable_value'
variable_changes = 0
if variables is None:
return variable_changes
if var_name in variables:
var_value = variables[var_name]
if len(var_value) > 0:
encrypted_value = EncryptionUtils.encryptString(var_value, String(passphrase).toCharArray())
variables[var_name] = encrypted_value
_logger.fine('WLSDPLY-04106', dict_name, field_name, var_name,
class_name=_class_name, method_name=_method_name)
variable_changes = 1
else:
ex = exception_helper.create_encryption_exception('WLSDPLY-04107', var_name, field_name, dict_name)
_logger.throwing(ex, class_name=_class_name, method_name=_method_name)
raise ex
return variable_changes
def encrypt_one_password(passphrase, text):
"""
Encrypt the text provided using the specified passphrase.
:param passphrase: the password to use for encryption
:param text: the text to encrypt
:return: the encrypted text
:raises EncryptionException if an error occurs
"""
return EncryptionUtils.encryptString(text, passphrase.toCharArray())
def testMultipleModelsDirectAndVariables(self):
copy2(self._src_model_file_w_variables, self._target_model_test1)
copy2(self._src_model_file_wo_variables_for_multi,
self._target_model_test2)
copy2(self._src_variable_file, self._target_variables_test3)
args = list()
args.append(
'encrypt') # dummy arg for args[0] to get arg padding right
args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
args.append(self._oracle_home)
args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
args.append(self._target_model_test1 + ',' + self._target_model_test2)
args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH)
args.append(self._target_variables_test3)
args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
args.append(self._passphrase)
exit_code = encrypt._process_request(args)
self.assertEquals(exit_code, 0)
model2 = FileToPython(self._target_model_test1).parse()
model3 = FileToPython(self._target_model_test2).parse()
variables = variables_helper.load_variables(
self._target_variables_test3)
passphrase_array = String(self._passphrase).toCharArray()
admin_pass = model2['domainInfo']['AdminPassword']
self.assertNotEquals(admin_pass.startswith('{AES}'), True)
admin_pass = variables['admin.password']
self.assertEquals(admin_pass.startswith('{AES}'), True)
_decrypted_admin_pass = EncryptionUtils.decryptString(
admin_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_admin_pass)),
self._unencrypted_password)
admin_pass = model3['domainInfo']['AdminPassword']
self.assertEquals(admin_pass.startswith('{AES}'), True)
_decrypted_admin_pass = EncryptionUtils.decryptString(
admin_pass, passphrase_array)
self.assertEquals(str(String(_decrypted_admin_pass)),
self._unencrypted_password_second)
return
def get_wlst_attribute_name(attribute_info, attribute_value, wlst_mode):
"""
Returns the corrected WLST attribute name for the specified parameters.
The "Encrypted" suffix is removed from online dual-password attributes for use with unencrypted values.
:param attribute_info: the attribute information to be checked
:param attribute_value: the vaue to be checked for encryption
:param wlst_mode: the offline or online type to be checked
:return: the corrected value, or None if no correction was required
"""
if _is_dual_password(attribute_info) and (wlst_mode == WlstModes.ONLINE) \
and not EncryptionUtils.isEncryptedString(attribute_value):
return _get_non_encrypted_wlst_name(attribute_info)
return None
def encrypt_file(clear_text, password, outputfile):
try:
pwd = String(password)
x = EncryptionUtils.encryptString(clear_text, pwd.toCharArray())
encrypted_text = String(x)
fh = open(outputfile, "w")
fh.write(str(encrypted_text))
fh.close()
System.exit(0)
except EncryptionException, e:
# Catch the exact exception to get the real cause
trace("SEVERE", "Error in encrypting file: %s" % e.getCause())
System.exit(-1)
def _search_and_replace_passwords(passphrase, dict_name, model_dict, variables):
"""
Search the model file for password fields and replace the value with its encrypted value.
:param passphrase: the encryption passphrase to use
:param dict_name: the name of the model element represented by the dictionary
:param model_dict: the model dictionary to search
:param variables: the variables to use with the model
:return: the number of changes to the model dictionary, the number of changes to the variables
"""
_method_name = '_search_and_replace_passwords'
model_changes = 0
variable_changes = 0
if model_dict is None or len(model_dict) == 0:
return model_changes, variable_changes
for key in model_dict:
value = model_dict[key]
if isinstance(value, dict):
_model_changes, _variable_changes = _search_and_replace_passwords(passphrase, key, value, variables)
model_changes += _model_changes
variable_changes += _variable_changes
elif type(value) is str and key in _password_field_names:
variable_names = variable_helper.get_variable_names(value)
if len(variable_names) == 0:
if not EncryptionUtils.isEncryptedString(value):
encrypted_value = EncryptionUtils.encryptString(value, String(passphrase).toCharArray())
model_dict[key] = encrypted_value
_logger.fine('WLSDPLY-04103', dict_name, key, class_name=_class_name, method_name=_method_name)
model_changes += 1
else:
_logger.fine('WLSDPLY-04104', dict_name, key, class_name=_class_name, method_name=_method_name)
elif len(variable_names) == 1:
_variable_changes = _encrypt_variable_value(passphrase, dict_name, key, variable_names[0], variables)
variable_changes += _variable_changes
else:
_logger.warning('WLSDPLY-04105', dict_name, key, len(variable_names), variable_names,
class_name=_class_name, method_name=_method_name)
return model_changes, variable_changes
def encrypt_file(clear_text, password, outputfile):
try:
pwd = String(password)
x = EncryptionUtils.encryptString(clear_text, pwd.toCharArray())
encrypted_text = String(x)
fh = open(outputfile, "w")
fh.write(str(encrypted_text))
fh.close()
System.exit(0)
except:
exc_type, exc_obj, exc_tb = sys.exc_info()
eeString = traceback.format_exception(exc_type, exc_obj, exc_tb)
print eeString
System.exit(-1)
def _encrypt_variable_value(self, folder_name, field_name, var_name):
"""
Encrypt the variable value, and replace it in the variable set.
:param folder_name: text describing the folder location, used for logging
:param field_name: the attribute name
:param var_name: the variable name
:return: the number of variable changes
"""
_method_name = '_encrypt_variable_value'
# if variables file was not specified, don't try to encrypt
if self.variables is None:
return
# this variable may have been encrypted for another attribute
if var_name in self.variables_changed:
return
if var_name in self.variables:
var_value = self.variables[var_name]
if len(var_value) > 0:
encrypted_value = EncryptionUtils.encryptString(
var_value,
String(self.passphrase).toCharArray())
self.variables[var_name] = encrypted_value
self.variables_changed.append(var_name)
self._logger.fine('WLSDPLY-04106',
folder_name,
field_name,
var_name,
class_name=self._class_name,
method_name=_method_name)
else:
ex = exception_helper.create_encryption_exception(
'WLSDPLY-04107', var_name, field_name, folder_name)
self._logger.throwing(ex,
class_name=self._class_name,
method_name=_method_name)
raise ex
