        

***********************************************************************************
* Description: Python script to decrypt priviate key password in WebLogic keystore
* Date: 02:54 PM EST, 09/20/2021                         
***********************************************************************************

		 
<1> When generating a CSR for WebLogic certificate renewal, priviate key passphrase is needed. Somehow, when one empolyee left without well documenting the password, this info will be missed.
     |
     |__ o. If go to WebLogic Console => Environment => Admin Server => SSL, within identity section, the private key passphrase is there, but not readable. 
     
	
                         
	
	
	
	
	
<2> To find this enctyped password in dots, we need to open $DOMAIN_HOME/config/config.xml, and search below tag:
     |
     |__ o. {AES}Jna41ftOhAB4cn93m6gdVPCyC8Ta79jG0q/r1IjYnzA=
     |
     |__ o. The value in between is the encrypted private key passphrase.




	 
<3> After getting the string, then use below Python script to decrypt the passphrase:
     |
     |__ o. $DOMAIN_HOME/bin/wlst decryptPassword.py $DOMAIN_HOME {AES}Jna41ftOhAB4cn93m6gdVPCyC8Ta79jG0q/r1IjYnzA=
	 
	 
                     #=======================================================================================
                     # This Script decrypt WebLogic passwords
                     #
                     # Usage: 
                     #      wlst decryptPassword.py  
                     #
                     # Author: Rafael Arana
                     #
                     #=======================================================================================
                     import os
                     import weblogic.security.internal.SerializedSystemIni
                     import weblogic.security.internal.encryption.ClearOrEncryptedService
                     
                     def decrypt(domainHomeName, encryptedPwd):
                         domainHomeAbsolutePath = os.path.abspath(domainHomeName)
                         encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
                         ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
                         clear = ces.decrypt(encryptedPwd)
                         print "RESULT:" + clear
                     
                     try:
                         if len(sys.argv) == 3:
                             decrypt(sys.argv[1], sys.argv[2])
                         else:
                     		print "INVALID ARGUMENTS"
                     		print " Usage: java weblogic.WLST decryptPassword.py  "
                     		print " Example:"
                     		print "	java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
                     except:
                         print "Unexpected error: ", sys.exc_info()[0]
                         dumpStack()
                         raise
Your Comments