Procedure – Encrypting Non-.xconf Managed Properties
New properties that are non-.xconf managed and contain can be encrypted using Windchill’s encryption mechanism. However, you must create a means to encrypt the password as well as decrypt it.
Encrypting a Property Value
1. You must create a means to encrypt your property value. This can be done through a Java class that can be invoked through a main() method and through modifying <Windchill>/bin/adminTools/sip/EncryptPasswords.xml.
a. <Windchill>/bin/adminTools/sip/EncryptPasswords.xml contains ANT targets, encryptWVSWorkerAgent and encryptWVSCADAgent, that encrypt property values that are not xconf managed. These targets can be examined for an example on how to do this. You must create a new target that accepts parameters that invokes a Java class to do the encryption.
b. The Java class that is invoked uses the parameters, a property and value, and encrypts them using the Windchill encryption mechanism. This Java class must also contain logic to property encrypt the file where this property is stored as well as placing the correct value in the Java keystore. The WTKeyStoreUtilWVS.java class contains code that is invoked by the encryptWCSWorkerAgent and encryptWCSCADAgent targets which can be examined for an example on the logic used to encrypt a file where the property value is stored.
This encrypts the property value. However, for the value to be used properly by code that relies on the value, the code must be updated to decrypt the value prior to use. For out-of-the-box properties, Windchill decrypts properties at the appropriate interface locations.
|
|
Any code that relies on this value must be updated to properly decrypt it.
|
Decrypting a Property Value
All code that extends Windchill base classes which retrieve property values must be updated if they overwrite methods that return property values. For custom code that obtain and use property values you can decrypt an encrypted value by using the following:
com.ptc.windchill.keystore.WTKeyStoreUtil provides an API to obtain the decrypted value of a property value if it is encrypted (see the Javadoc for complete details). The API is public static String decryptProperty(String property_name, String property_value, String product_root)
Where property_name is the property name for which you want to decrypt a value for, property_value is the value that may currently be encrypted and product_root is the fully qualified path to <Windchill> (or <adapater_home> for adapter installations).
A code example for the usage of this API is as follows:
final String encrypted_value = “encrypted.wt.pom.dbPassword”;
final String property = “wt.pom.dbPassword”;
final String PATH = “D:\ptc\Windchill\”;
String decrypted = com.ptc.windchill.keystore.WTKeyStoreUtil.decryptProperty(property,encrypted_value, PATH);
The string decrypted now contains the decrypted value and can be used properly elsewhere in the code where it is relied on.
