Customization Points
For each solution element whose usage involves the use of parameters, provide a 2nd-level section with a table that describes all of the available parameters. This can be used for API methods, XML elements, JSP tags, etc. Use the following template for the table(s):
WTKeyStore.java API: public WTKeyStore (final String product_root)
Parameter
Default Value
Possible Values
Req?
Description
product_root
None
String
Yes
A String that is the fully qualified path to the home location, either <Windchill> or <adapater_home>
WTKeyStore.java API: public String get(final String key)
Parameter
Default Value
Possible Values
Req?
Description
key
None
String
Yes
A String that is the key used to retrieve a value from the Java keystore
WTKeyStore.java API: public put(final String key, final String value)
Parameter
Default Value
Possible Values
Req?
Description
key
None
String
Yes
A String that is the key used to retrieve a value from the Java keystore
value
None
String
Yes
A String that is the value to place in the Java keystore
WTKeyStore.java API: public String remove(final String key)
Parameter
Default Value
Possible Values
Req?
Description
key
None
String
Yes
A String that is the key for a value to remove from the Java keystore
WTKeyStoreUtil.java API: public static String decryptProperty(final String property_value, final String product_root)
Parameter
Default Value
Possible Values
Req?
Description
property_value
None
String
Yes
A String that is a value which may need decryption
product_root
None
String
Yes
A String that is the fully qualified path to the home location, either <Windchill> or <adapater_home>
WTKeyStoreUtil.java API: public static String decryptProperty(final String property_name, final String property_value, final String product_root) )
Parameter
Default Value
Possible Values
Req?
Description
property_name
None
String
Yes
A String that is a property name
property_value
None
String
Yes
A String that is a value which may need decryption
product_root
None
String
Yes
A String that is the fully qualified path to the home location, either <Windchill> or <adapater_home>
WTKeyStoreUtil.java API: private static String getEncryptionPropertiesRegExList(final String product_root)
Parameter
Default Value
Possible Values
Req?
Description
product_root
None
String
Yes
A String that is the fully qualified path to the home location, either <Windchill> or <adapater_home>
EncryptPasswords.xml API: run Ant -f EncryptPasswords.xml -projecthelp to see the full list of available commands and usage.
Parameter
Default Value
Possible Values
Req?
Description
wt.home
env.WT_HOME
env.wt_home
../../../.
The value defaults to environment variable WT_HOME, then wt_home, and finally the canonical path ../../../.
String
No
A String that is the fully qualified path to the home location, either <wt_home> or <adapater_home>.
Limitations
The properties that are encrypted need to be accessible from the server side as the encryption mechanism relies on a location that is not web accessible from a client for security purposes. There is minimal performance overhead for encrypting and decrypting a property. However, it should be noted that the underlying implementation of the Java keystore relies on a singleton pattern and access to the keystore is synchronized.
Sample Code
Creating a Java keystore for Windchill to encrypt values:
try
{
WTKeyStore keyStore = new
WTKeyStore(WTProperties.getLocalProperties(). getProperty("wt.home"));

}catch(IOException e){
logger.error("Could not load keystore", e);
}
Encrypting a value in the keystore:
String value = “encrypted.wt.pom.dbPassword”;
String property = “wt.pom.dbPassword”;
try
{
WTKeyStore keyStore = new
WTKeyStore(WTProperties.getLocalProperties(). getProperty("wt.home"));

// encrypt property value
keyStore.put(property, value);

} catch (IOException ioe) {
logger.error("Error creating keystore: ", ioe);
} catch (NullPointerException npe) {
logger.error("Could not add the encrypted value to the keystore: ", npe);
}
Decrypting a property:
String product_root = WTProperties.getLocalProperties(). getProperty(“wt.home”);
String value = “encrypted.wt.pom.dbPassword”;
String property = “wt.pom.dbPassword”;
// decrypt encrypted values
value = WTKeyStoreUtil.decryptProperty(property, value, product_root);

/* value can now be used as normal as it will contain the decrypted value */
Additionally, a secondary means can be used to decrypt a value:
String value = “encrypted.wt.pom.dbPassword”;
try
{
WTKeyStore keyStore = new
WTKeyStore(WTProperties.getLocalProperties(). getProperty("wt.home"));

// decrypt encrypted values
String ks_value = keyStore.get(value);
if(ks_value != null)
{
value = ks_value;
}
}catch(IOException e){
logger.error("Could not load keystore", e);
}
Adding a new regular expression for encrypting dynamic properties:
/* This code currently exists in WTKeystoreUtil.java. except where
* where denoted “NEW”
*/
private static final String NEW_REGULAR_EXPRESSION = “<your regular
expression goes here>”; // NEW


private static List<String> getEncryptionPropertiesRegExList(final
String product_root) {
List<String> propertiesList = new ArrayList<String>();

if(isCompletePropertiesListFile(product_root)) {
/*
* add a hardcoded list of dynamic properties that will
* utilize regular expressions to determine what to encrypt
* for dynamic property names.
*/
propertiesList.add(WT_FEDERATION_DEFAULTAUTHORIZATION);
propertiesList.add(NEW_REGULAR_EXPRESSION); // NEW

logger.debug("Full property list found, returning regex
list of size=" + propertiesList.size());
} else {
logger.debug("Full property list not found, return empty
regex list");
}
return propertiesList;
}
This will add a new regular expression for matching property name patterns. Again, care must be taken when creating a regular expression. See Procedure – Encrypting Dynamic .xconf Managed Single-Valued Properties section in Procedure – Encrypting Static .xconf Managed Single-Valued Properties topic.
Examples of Usage in Windchill Code
wt.dataservice.DSPropertiesServer.java
This Java class works with DSProperties.java to decrypt property values that appear encrypted. This class uses reflection to ensure that the DSPropertiesServer exists on the server and not the client side.
com.ptc.wvs.server.cadagent.Inifile.java
This Java class implements a means to decrypt properties that are not .xconf file managed properties.
com.ptc.windchill.keystore.WTKeyStoreUtilWVS.java
This Java class implements a means to encrypt properties that are not .xconf file managed properties.
com.ptc.windchill.keystore.WTKeyStoreUtil.java
This Java class implements a means to encrypt dynamic properties that are.xconf file managed properties.
Was this helpful?