def _encrypt_attribute(self, folder_name, model_nodes, key):
        """
        Encrypt a specific attribute that was flagged as password type.
        If the attribute value uses a variable, encrypt the variable and replace the value,
        otherwise replace the value in the dictionary with the encrypted value.
        :param folder_name: text describing the folder location, used for logging
        :param model_nodes: the dictionary containing the attribute
        :param key: the key of the model attribute
        """
        _method_name = '_encrypt_attribute'

        value = model_nodes[key]
        variable_names = variable_helper.get_variable_names(value)
        if len(variable_names) == 0:
            if not EncryptionUtils.isEncryptedString(value):
                encrypted_value = EncryptionUtils.encryptString(value, String(self.passphrase).toCharArray())
                model_nodes[key] = encrypted_value
                self._logger.fine('WLSDPLY-04103', folder_name, key,
                                  class_name=self._class_name, method_name=_method_name)
                self.model_changes += 1
            else:
                self._logger.fine('WLSDPLY-04104', folder_name, key,
                                  class_name=self._class_name, method_name=_method_name)
        elif len(variable_names) == 1:
            self._encrypt_variable_value(folder_name, key, variable_names[0])
        else:
            self._logger.warning('WLSDPLY-04105', folder_name, key, len(variable_names), variable_names,
                                 class_name=self._class_name, method_name=_method_name)
    def _encrypt_variable_value(self, folder_name, field_name, var_name):
        """
        Encrypt the variable value, and replace it in the variable set.
        :param folder_name: text describing the folder location, used for logging
        :param field_name: the attribute name
        :param var_name: the variable name
        :return: the number of variable changes
        """
        _method_name = '_encrypt_variable_value'

        # if variables file was not specified, don't try to encrypt
        if self.variables is None:
            return

        # Do not encrypt already encrypted to match model encryption: Don't encrypt encrypted value
        if var_name in self.variables:
            var_value = self.variables[var_name]
            if len(var_value) > 0:

                # don't encrypt an already encrypted variable. Matches logic in model
                if EncryptionUtils.isEncryptedString(var_value):
                    self._logger.fine('WLSDPLY-04109', folder_name, field_name, var_name)
                    return

                encrypted_value = EncryptionUtils.encryptString(var_value, String(self.passphrase).toCharArray())
                self.variables[var_name] = encrypted_value
                self.variable_changes += 1
                self._logger.fine('WLSDPLY-04106', folder_name, field_name, var_name,
                                  class_name=self._class_name, method_name=_method_name)
        else:
            ex = exception_helper.create_encryption_exception('WLSDPLY-04107', var_name, field_name, folder_name)
            self._logger.throwing(ex, class_name=self._class_name, method_name=_method_name)
            raise ex
def get_wlst_attribute_name(attribute_info, attribute_value, wlst_mode):
    """
    Returns the corrected WLST attribute name for the specified parameters.
    The "Encrypted" suffix is removed from online dual-password attributes for use with unencrypted values.
    :param attribute_info: the attribute information to be checked
    :param attribute_value: the vaue to be checked for encryption
    :param wlst_mode: the offline or online type to be checked
    :return: the corrected value, or None if no correction was required
    """
    if _is_dual_password(attribute_info) and (wlst_mode == WlstModes.ONLINE) \
            and not EncryptionUtils.isEncryptedString(attribute_value):
        return _get_non_encrypted_wlst_name(attribute_info)
    return None
def _search_and_replace_passwords(passphrase, dict_name, model_dict, variables):
    """
    Search the model file for password fields and replace the value with its encrypted value.
    :param passphrase: the encryption passphrase to use
    :param dict_name: the name of the model element represented by the dictionary
    :param model_dict: the model dictionary to search
    :param variables: the variables to use with the model
    :return: the number of changes to the model dictionary, the number of changes to the variables
    """
    _method_name = '_search_and_replace_passwords'

    model_changes = 0
    variable_changes = 0
    if model_dict is None or len(model_dict) == 0:
        return model_changes, variable_changes

    for key in model_dict:
        value = model_dict[key]
        if isinstance(value, dict):
            _model_changes, _variable_changes = _search_and_replace_passwords(passphrase, key, value, variables)
            model_changes += _model_changes
            variable_changes += _variable_changes
        elif type(value) is str and key in _password_field_names:
            variable_names = variable_helper.get_variable_names(value)
            if len(variable_names) == 0:
                if not EncryptionUtils.isEncryptedString(value):
                    encrypted_value = EncryptionUtils.encryptString(value, String(passphrase).toCharArray())
                    model_dict[key] = encrypted_value
                    _logger.fine('WLSDPLY-04103', dict_name, key, class_name=_class_name, method_name=_method_name)
                    model_changes += 1
                else:
                    _logger.fine('WLSDPLY-04104', dict_name, key, class_name=_class_name, method_name=_method_name)
            elif len(variable_names) == 1:
                _variable_changes = _encrypt_variable_value(passphrase, dict_name, key, variable_names[0], variables)
                variable_changes += _variable_changes
            else:
                _logger.warning('WLSDPLY-04105', dict_name, key, len(variable_names), variable_names,
                                class_name=_class_name, method_name=_method_name)
    return model_changes, variable_changes