def _encrypt_attribute(self, folder_name, model_nodes, key): """ Encrypt a specific attribute that was flagged as password type. If the attribute value uses a variable, encrypt the variable and replace the value, otherwise replace the value in the dictionary with the encrypted value. :param folder_name: text describing the folder location, used for logging :param model_nodes: the dictionary containing the attribute :param key: the key of the model attribute """ _method_name = '_encrypt_attribute' value = model_nodes[key] variable_names = variable_helper.get_variable_names(value) if len(variable_names) == 0: if not EncryptionUtils.isEncryptedString(value): encrypted_value = EncryptionUtils.encryptString(value, String(self.passphrase).toCharArray()) model_nodes[key] = encrypted_value self._logger.fine('WLSDPLY-04103', folder_name, key, class_name=self._class_name, method_name=_method_name) self.model_changes += 1 else: self._logger.fine('WLSDPLY-04104', folder_name, key, class_name=self._class_name, method_name=_method_name) elif len(variable_names) == 1: self._encrypt_variable_value(folder_name, key, variable_names[0]) else: self._logger.warning('WLSDPLY-04105', folder_name, key, len(variable_names), variable_names, class_name=self._class_name, method_name=_method_name)
def _encrypt_variable_value(self, folder_name, field_name, var_name): """ Encrypt the variable value, and replace it in the variable set. :param folder_name: text describing the folder location, used for logging :param field_name: the attribute name :param var_name: the variable name :return: the number of variable changes """ _method_name = '_encrypt_variable_value' # if variables file was not specified, don't try to encrypt if self.variables is None: return # Do not encrypt already encrypted to match model encryption: Don't encrypt encrypted value if var_name in self.variables: var_value = self.variables[var_name] if len(var_value) > 0: # don't encrypt an already encrypted variable. Matches logic in model if EncryptionUtils.isEncryptedString(var_value): self._logger.fine('WLSDPLY-04109', folder_name, field_name, var_name) return encrypted_value = EncryptionUtils.encryptString(var_value, String(self.passphrase).toCharArray()) self.variables[var_name] = encrypted_value self.variable_changes += 1 self._logger.fine('WLSDPLY-04106', folder_name, field_name, var_name, class_name=self._class_name, method_name=_method_name) else: ex = exception_helper.create_encryption_exception('WLSDPLY-04107', var_name, field_name, folder_name) self._logger.throwing(ex, class_name=self._class_name, method_name=_method_name) raise ex
def testDirectEncryption(self): copy2(self._src_model_file_wo_variables, self._target_model_test1) args = list() args.append( 'encrypt') # dummy arg for args[0] to get arg padding right args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH) args.append(self._oracle_home) args.append(CommandLineArgUtil.MODEL_FILE_SWITCH) args.append(self._target_model_test1) args.append(CommandLineArgUtil.PASSPHRASE_SWITCH) args.append(self._passphrase) exit_code = encrypt._process_request(args) self.assertEquals(exit_code, 0) model = FileToPython(self._target_model_test1).parse() passphrase_array = String(self._passphrase).toCharArray() admin_pass = model['domainInfo']['AdminPassword'] self.assertEquals(admin_pass.startswith('{AES}'), True) _decrypted_admin_pass = EncryptionUtils.decryptString( admin_pass, passphrase_array) self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password) nm_pass = model['topology']['SecurityConfiguration'][ 'NodeManagerPasswordEncrypted'] self.assertEquals(nm_pass.startswith('{AES}'), True) _decrypted_nm_pass = EncryptionUtils.decryptString( nm_pass, passphrase_array) self.assertEquals(str(String(_decrypted_nm_pass)), self._unencrypted_password) ds1_pass = model['resources']['JDBCSystemResource']['Generic1'][ 'JdbcResource']['JDBCDriverParams']['PasswordEncrypted'] self.assertEquals(ds1_pass.startswith('{AES}'), True) _decrypted_ds1_pass = EncryptionUtils.decryptString( ds1_pass, passphrase_array) self.assertEquals(str(String(_decrypted_ds1_pass)), self._unencrypted_password) ons_pass = \ model['resources']['JDBCSystemResource']['Generic1']['JdbcResource']['JDBCOracleParams']['OnsWalletPasswordEncrypted'] self.assertEquals(ons_pass.startswith('{AES}'), True) _decrypted_ons_pass = EncryptionUtils.decryptString( ons_pass, passphrase_array) self.assertEquals(str(String(_decrypted_ons_pass)), self._unencrypted_password) ds2_pass = model['resources']['JDBCSystemResource']['Generic2'][ 'JdbcResource']['JDBCDriverParams']['PasswordEncrypted'] self.assertEquals(ds2_pass.startswith('{AES}'), True) _decrypted_ds2_pass = EncryptionUtils.decryptString( ds2_pass, passphrase_array) self.assertEquals(str(String(_decrypted_ds2_pass)), self._unencrypted_password) return
def testMultipleModelsIndirectEncryptionVariables(self): copy2(self._src_model_file_w_variables, self._target_model_test2) copy2(self._src_model_file_w_variables_multi, self._target_model_test3) copy2(self._src_variable_file, self._target_variables_test3) args = list() args.append( 'encrypt') # dummy arg for args[0] to get arg padding right args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH) args.append(self._oracle_home) args.append(CommandLineArgUtil.MODEL_FILE_SWITCH) args.append(self._target_model_test2 + ',' + self._target_model_test3) args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH) args.append(self._target_variables_test3) args.append(CommandLineArgUtil.PASSPHRASE_SWITCH) args.append(self._passphrase) exit_code = encrypt._process_request(args) self.assertEquals(exit_code, 0) model2 = FileToPython(self._target_model_test2).parse() model3 = FileToPython(self._target_model_test3).parse() variables = variables_helper.load_variables( self._target_variables_test3) passphrase_array = String(self._passphrase).toCharArray() admin_pass = model2['domainInfo']['AdminPassword'] self.assertNotEquals(admin_pass.startswith('{AES}'), True) admin_pass = model3['domainInfo']['AdminPassword'] self.assertNotEquals(admin_pass.startswith('{AES}'), True) admin_pass = variables['admin.password'] self.assertEquals(admin_pass.startswith('{AES}'), True) _decrypted_admin_pass = EncryptionUtils.decryptString( admin_pass, passphrase_array) self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password) nm_pass = model2['topology']['SecurityConfiguration'][ 'NodeManagerPasswordEncrypted'] self.assertNotEquals(nm_pass.startswith('{AES}'), True) nm_pass = variables['nm.password'] self.assertEquals(nm_pass.startswith('{AES}'), True) _decrypted_nm_pass = EncryptionUtils.decryptString( nm_pass, passphrase_array) self.assertEquals(str(String(_decrypted_nm_pass)), self._unencrypted_password) ds1_pass = model2['resources']['JDBCSystemResource']['Generic1'][ 'JdbcResource']['JDBCDriverParams']['PasswordEncrypted'] self.assertEquals(ds1_pass.startswith('{AES}'), True) _decrypted_ds1_pass = EncryptionUtils.decryptString( ds1_pass, passphrase_array) self.assertEquals(str(String(_decrypted_ds1_pass)), self._unencrypted_password) return
def _encrypt_variable_value(passphrase, dict_name, field_name, var_name, variables): """ Encrypt the variable value. :param passphrase: the encryption passphrase :param dict_name: the model element name :param field_name: the attribute name :param var_name: the variable name :param variables: the variables :return: the number of variable changes """ _method_name = '_encrypt_variable_value' variable_changes = 0 if variables is None: return variable_changes if var_name in variables: var_value = variables[var_name] if len(var_value) > 0: encrypted_value = EncryptionUtils.encryptString(var_value, String(passphrase).toCharArray()) variables[var_name] = encrypted_value _logger.fine('WLSDPLY-04106', dict_name, field_name, var_name, class_name=_class_name, method_name=_method_name) variable_changes = 1 else: ex = exception_helper.create_encryption_exception('WLSDPLY-04107', var_name, field_name, dict_name) _logger.throwing(ex, class_name=_class_name, method_name=_method_name) raise ex return variable_changes
def encrypt_one_password(passphrase, text): """ Encrypt the text provided using the specified passphrase. :param passphrase: the password to use for encryption :param text: the text to encrypt :return: the encrypted text :raises EncryptionException if an error occurs """ return EncryptionUtils.encryptString(text, passphrase.toCharArray())
def testMultipleModelsDirectAndVariables(self): copy2(self._src_model_file_w_variables, self._target_model_test1) copy2(self._src_model_file_wo_variables_for_multi, self._target_model_test2) copy2(self._src_variable_file, self._target_variables_test3) args = list() args.append( 'encrypt') # dummy arg for args[0] to get arg padding right args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH) args.append(self._oracle_home) args.append(CommandLineArgUtil.MODEL_FILE_SWITCH) args.append(self._target_model_test1 + ',' + self._target_model_test2) args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH) args.append(self._target_variables_test3) args.append(CommandLineArgUtil.PASSPHRASE_SWITCH) args.append(self._passphrase) exit_code = encrypt._process_request(args) self.assertEquals(exit_code, 0) model2 = FileToPython(self._target_model_test1).parse() model3 = FileToPython(self._target_model_test2).parse() variables = variables_helper.load_variables( self._target_variables_test3) passphrase_array = String(self._passphrase).toCharArray() admin_pass = model2['domainInfo']['AdminPassword'] self.assertNotEquals(admin_pass.startswith('{AES}'), True) admin_pass = variables['admin.password'] self.assertEquals(admin_pass.startswith('{AES}'), True) _decrypted_admin_pass = EncryptionUtils.decryptString( admin_pass, passphrase_array) self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password) admin_pass = model3['domainInfo']['AdminPassword'] self.assertEquals(admin_pass.startswith('{AES}'), True) _decrypted_admin_pass = EncryptionUtils.decryptString( admin_pass, passphrase_array) self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password_second) return
def get_wlst_attribute_name(attribute_info, attribute_value, wlst_mode): """ Returns the corrected WLST attribute name for the specified parameters. The "Encrypted" suffix is removed from online dual-password attributes for use with unencrypted values. :param attribute_info: the attribute information to be checked :param attribute_value: the vaue to be checked for encryption :param wlst_mode: the offline or online type to be checked :return: the corrected value, or None if no correction was required """ if _is_dual_password(attribute_info) and (wlst_mode == WlstModes.ONLINE) \ and not EncryptionUtils.isEncryptedString(attribute_value): return _get_non_encrypted_wlst_name(attribute_info) return None
def encrypt_file(clear_text, password, outputfile): try: pwd = String(password) x = EncryptionUtils.encryptString(clear_text, pwd.toCharArray()) encrypted_text = String(x) fh = open(outputfile, "w") fh.write(str(encrypted_text)) fh.close() System.exit(0) except EncryptionException, e: # Catch the exact exception to get the real cause trace("SEVERE", "Error in encrypting file: %s" % e.getCause()) System.exit(-1)
def _search_and_replace_passwords(passphrase, dict_name, model_dict, variables): """ Search the model file for password fields and replace the value with its encrypted value. :param passphrase: the encryption passphrase to use :param dict_name: the name of the model element represented by the dictionary :param model_dict: the model dictionary to search :param variables: the variables to use with the model :return: the number of changes to the model dictionary, the number of changes to the variables """ _method_name = '_search_and_replace_passwords' model_changes = 0 variable_changes = 0 if model_dict is None or len(model_dict) == 0: return model_changes, variable_changes for key in model_dict: value = model_dict[key] if isinstance(value, dict): _model_changes, _variable_changes = _search_and_replace_passwords(passphrase, key, value, variables) model_changes += _model_changes variable_changes += _variable_changes elif type(value) is str and key in _password_field_names: variable_names = variable_helper.get_variable_names(value) if len(variable_names) == 0: if not EncryptionUtils.isEncryptedString(value): encrypted_value = EncryptionUtils.encryptString(value, String(passphrase).toCharArray()) model_dict[key] = encrypted_value _logger.fine('WLSDPLY-04103', dict_name, key, class_name=_class_name, method_name=_method_name) model_changes += 1 else: _logger.fine('WLSDPLY-04104', dict_name, key, class_name=_class_name, method_name=_method_name) elif len(variable_names) == 1: _variable_changes = _encrypt_variable_value(passphrase, dict_name, key, variable_names[0], variables) variable_changes += _variable_changes else: _logger.warning('WLSDPLY-04105', dict_name, key, len(variable_names), variable_names, class_name=_class_name, method_name=_method_name) return model_changes, variable_changes
def encrypt_file(clear_text, password, outputfile): try: pwd = String(password) x = EncryptionUtils.encryptString(clear_text, pwd.toCharArray()) encrypted_text = String(x) fh = open(outputfile, "w") fh.write(str(encrypted_text)) fh.close() System.exit(0) except: exc_type, exc_obj, exc_tb = sys.exc_info() eeString = traceback.format_exception(exc_type, exc_obj, exc_tb) print eeString System.exit(-1)
def _encrypt_variable_value(self, folder_name, field_name, var_name): """ Encrypt the variable value, and replace it in the variable set. :param folder_name: text describing the folder location, used for logging :param field_name: the attribute name :param var_name: the variable name :return: the number of variable changes """ _method_name = '_encrypt_variable_value' # if variables file was not specified, don't try to encrypt if self.variables is None: return # this variable may have been encrypted for another attribute if var_name in self.variables_changed: return if var_name in self.variables: var_value = self.variables[var_name] if len(var_value) > 0: encrypted_value = EncryptionUtils.encryptString( var_value, String(self.passphrase).toCharArray()) self.variables[var_name] = encrypted_value self.variables_changed.append(var_name) self._logger.fine('WLSDPLY-04106', folder_name, field_name, var_name, class_name=self._class_name, method_name=_method_name) else: ex = exception_helper.create_encryption_exception( 'WLSDPLY-04107', var_name, field_name, folder_name) self._logger.throwing(ex, class_name=self._class_name, method_name=_method_name) raise ex