Tanul Tanul - 2 months ago 14
Java Question

Issue with decryption of Weblogic Credentials

I've created a config and key file using this command

java weblogic.Admin -username test_user -password test_user -userconfigfile C:\temp\testingconfig.config -userkeyfile C:\temp\testingkey.key STOREUSERCONFIG


The config and key are

weblogic.management.username=

{3DES}1VR2QW0Yj3XHj/iEr+z9Mve3mJi0RSCw3J62m1rb063xLAHPTwXcS6X+VRC6tI8xsHriNfYtsB0\=

weblogic.management.password=

{3DES}ALU/yO2Zi4Z7SkVj1qJDvckmy7Y1DpDc7654xPIeg2zaj5On6yxa6xB0L4Xf0oS0d/9vtLFkgps\=


When I'm trying to decrypt these credentials using config and key with my java code, I'm getting some other encrypted value:

Password=
[C@3ba08dab


Username=
{AES}OLU4ELDpdXulGpd4abYvYbN7i/ngvXbBFZ+/UyYk89I=


The java code I've written is

UsernameAndPassword file = UserConfigFileManager
.getUsernameAndPassword(<Path to config file>,
<Path to key file>",weblogic.management");


So how to get decrypted credentials within java code as test_user/test_user using config and key.

Kindly help..

Answer

For resolving the issue, we need to follow these steps:

  • Have latest version of weblogic. Newer verseions are working using AES security algorithm.
  • For receiving the string value of username/password, we can do:
    • file.getUsername().toString/file.getPassword().toString
    • file.getUsername()/file.getPassword()
    • new String(file.getUsername())/new String(file.getPassword())

Out of all the three we've to follow the third one. Doesn't know the exact reason. But creating string object and then fetching value through it gives us the correct result. The exact value we've received in the three cases were.

  1. First Case:- Username/password= Some Encrypted Value
  2. Second Case:-

    • Username:- Correct Value
    • Password:- null
  3. Third Case:

    • Username:- Correct Value
    • Password:- Correct Value