WebLogic Password Decryption

In a previous blog post (WebLogic Encryption and Domains), I talked about how we can store the Salt files inside a Maven Project and be able to generate encrypted passwords that will be used on the server.

We can use that same project, and the code from this resource to allow the same project to decrypt passwords. This has been necessary when a password appears to get out of sync with another environment, and we can decrypt the password to verify what it was set to.

http://jagadesh4java.blogspot.com/2012/07/weblogic-password-decrypt.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import weblogic.security.internal.SerializedSystemIni;
import weblogic.security.internal.ServerAuthenticate;
import weblogic.security.internal.encryption.ClearOrEncryptedService;
import weblogic.security.internal.encryption.EncryptionService;

public class Decrypt {
    static EncryptionService es = null;
    static ClearOrEncryptedService ces = null;

    public static void main(String args[]) {
        String s = null;
        if (args.length == 0) {
            s = ServerAuthenticate.promptValue("Password to decrypt: ", false);
        } else if (args.length == 1) {
            s = args[0];
        } else {
            System.err.println("Usage: java Decrypt [ password ]");
        }
        es = SerializedSystemIni.getExistingEncryptionService();
        if (es == null) {
            System.err.println("Unable to initialize encryption service");
            return;
        }
        ces = new ClearOrEncryptedService(es);
        if (s != null) {
            System.out.println("\nDecrypted Password is:" + ces.decrypt(s));
        }
    }
}

We can then add a profile for decrypt and add one for encrypt (which will be activated by default):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<profiles>
   <profile>
       <id>encrypt</id>
       <activation>
           <activeByDefault>true</activeByDefault>
        </activation>
       <properties>
           <security.name>Encryption</security.name>
           <security.class>weblogic.security.Encrypt</security.class>
       </properties>
   </profile>
   <profile>
       <id>decrypt</id>
       <properties>
           <security.name>Decryption</security.name>
           <security.class>com.foo.Decrypt</security.class>
       </properties>
   </profile>
</profiles>

And now we can just run a command of “mvn exec:exec -Pdecrypt” and we will be prompted to enter an encrypted password. I decrypted password will be returned to the console.

Share and Enjoy