If you already had to upgrade your weblogic server or if you have a deployment where you automatically create your complete weblogic domain for every release, you must understand how the encrypted weblogic passwords (in the Weblogig config.xml) and how the hashed EmbeddedLdap passwords in the DefaultAuthenticatorInit.ldift file can be created, if you do not want to store them there in clear text and if you do not want to create the passwords via the Weblogic-Console. The following little helper script can be your friend. For the password encryption you need a folder with the „security“ subfolder, where the domain specific salt file „SerializedSystemInfo.dat“ is located. And you need the weblogic client jar files.

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import org.apache.commons.codec.binary.Base64;
import weblogic.security.internal.SerializedSystemIni;
import weblogic.security.internal.encryption.ClearOrEncryptedService;
import weblogic.security.internal.encryption.EncryptionService;

public class WeblogicPasswordEncryptor {

	public static String encryptPasswordForDomain(String domain, String password) {
		EncryptionService domainService = SerializedSystemIni
				.getEncryptionService(domain);
		ClearOrEncryptedService encService = new ClearOrEncryptedService(
				domainService);
		return new String(encService.encrypt(password));
	}

	public static String decryptPasswordForDomain(String domain,
			String encryptedPassword) {
		EncryptionService domainService = SerializedSystemIni
				.getEncryptionService(domain);
		ClearOrEncryptedService encService = new ClearOrEncryptedService(
				domainService);
		return encService.decrypt(encryptedPassword);
	}

	public static String hashPasswordForEmbeddedLdap(String password) {
		MessageDigest md;
		try {
			md = MessageDigest.getInstance("SHA-1");
			md.update(password.getBytes());
			byte[] salt = generateSalt(4);
			md.update(salt);
			byte[] digest = md.digest();
			byte[] full = new byte[digest.length + salt.length];
			System.arraycopy(digest, 0, full, 0, digest.length);
			System.arraycopy(salt, 0, full, digest.length, salt.length);
			return "{ssha}" + new String(Base64.encodeBase64(full));
		} catch (NoSuchAlgorithmException e) {
			throw new UnsupportedOperationException(
					"could not find hashing algorithm", e);
		}
	}

	private static byte[] generateSalt(int numBytes) {
		byte[] salt = new byte[numBytes];
		new Random().nextBytes(salt);
		return salt;
	}

}

(The hashing algorithm can also be found in com.octetstring.vde.util.PasswordEncrypter)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *