Monday, August 12, 2013

Script to decrypt all encrypted tags in WebLogic config.xml

Decrypting the config.xml

The script below is enhanced from various other scripts found on the web to perform decryption of WebLogic encrypted strings. This script uses a sax parser and scans through the config.xml and decrypts all XML tags containing the word "encrypted".
All the code below is free to use and modify as you wish.

Downloads:

WLSDecryptor.py
runwlst.sh

Script Runner: runwlst.sh

#!/bin/bash
WORKDIR=$PWD
export JAVA_HOME=/usr/java/latest
if [ "$#" -lt 1 ]
then
    echo "runwlst.sh  [path to cfgfile]"
    exit
fi
export DOMAIN_DIR="$1"
if [ "$#" -eq 2 ]
then
    export CFGFILE="$2"
fi
. $DOMAIN_DIR/bin/setDomainEnv.sh
echo "Starting wlst script"
${JAVA_HOME}/bin/java weblogic.WLST $WORKDIR/WLSDecryptor.py
Run this as:  
./runwlst.sh <abs path to domain> [path to cfg file]
For example: 
./runwlst.sh /WLSDomains/dom1
or to decrypt the jdbc connection xml
./runwlst.sh /WLSDomains/dom1 /WLSDomains/dom1/config/jdbc/dbpool.xml

Where dbpool.xml is the cfg file containing the jdbc connection information.

Script: WLSDecryptor.py

from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
import os
import sys
from xml import sax
from xml.sax import xmlreader, saxutils
from xml.sax.handler import ContentHandler

class wlsCfgParser(ContentHandler):
    """this runs through the wls file looking for
    tags with string 'encrypted' in them"""
    encStr=""
    
    def __init__(self,domainDir, cfgfile):
        assert(os.path.exists(domainDir))
        if cfgfile == None:
                self.cfgfile=os.path.join(domainDir,"config","config.xml")
        else:
                self.cfgfile=cfgfile
        if os.path.exists(self.cfgfile):
            print "Decrypting :",self.cfgfile
        self.Parser = sax.make_parser()
        self.Parser.setContentHandler(self)

       
        self.decrypter = WeblogicDecrypter(domainDir)
    def parse(self):
        self.Parser.parse(open(self.cfgfile,"r"))   
    def startElement(self,name,attrs):
        if name.lower().find("encrypted") >= 0:
            self.encStr=""
   
    def endElement(self,name):
        if name.lower().find("encrypted") >= 0:
            decryptStr = self.decrypter.decrypt(self.encStr)
            # print results:
            print "Tag Name: ",name
            print "Enc Str : ",self.encStr
            print "Dec Str : ",decryptStr
           
    def characters(self,data):
        self.encStr += saxutils.escape(data)
        
class WeblogicDecrypter:
    decrypted = None
    ces = None
   
    def __init__(self, domainDir, encryptedStr=None):
        domainDirFullPath = os.path.abspath(domainDir) # get absolute path in case relative is passed
        self.ces = ClearOrEncryptedService(SerializedSystemIni.getEncryptionService(domainDirFullPath))
        if encryptedStr != None:
            self.decrypted = self.ces.decrypt(encryptedStr)
   
    def decrypt(self, encryptedStr):
        self.decrypted= self.ces.decrypt(encryptedStr)
        return self.decrypted
   
    def __str__(self):
        return self.decrypted

# wlst jython does not understand : if __name__ == '__main__':
domainDir=os.getenv("DOMAIN_DIR")
cfgfile=os.getenv("CFGFILE")
print "Domain Dir: "+str(domainDir)
if cfgfile != None:
        print "File to decr : "+str(cfgfile)
wcp = wlsCfgParser(domainDir, cfgfile)
wcp.parse()
yesno=raw_input("Do you want to decrypt a custom encrypted string? [y/n]")
if yesno != "y":
    sys.exit()
encStr = raw_input("Enter encrypted Str [Q to quit]: ")
wd40 = WeblogicDecrypter(domainDir)
while encStr.lower() != "q":
    print wd40.decrypt(encStr)
    encStr = raw_input("Enter encrypted Str [Q to quit]: ")


Notes:

This script will decrypt each encrypted string, and at the end also asks for a custom encrypted string if there is one that you wish to decrypt that was not in the config.xml or whichever xml file that was passed. 


No comments:

Post a Comment