Solution
To ensure a standard practice, properties which require encryption should ideally be xconf managed, using xconfmanager set commands, if able. This ensures an easier process to encrypt the property. However, there may be design considerations or architecture issues which prevent the property from being xconf managed, such as the file not strictly containing key/value pairs or the xconf framework not being present in the classpath that can influence whether that is feasible.
Use Windchill’s encryption mechanism to provide a secure means to store sensitive property value information.
Prerequisite Knowledge
To apply this documentation, you need to have an understanding of the following:
Basic development using Java
Optionally Windchill xconf framework
Solution Elements
Element
Type
Description
WTKeyStore
Java Class
An interface and API to the secure location for encrypted values. This class can be used to encrypt and decrypt the values. See the Javadoc for the API’s.
This class contains the primary API to encrypt a property value and a secondary means to decrypt a value.
WTKeyStoreUtil
Java Class
An interface and API that provides helper methods to obtain the validProperties.list properties and decrypted values. See the Javadoc for the API’s.
This class contains the primary API used to determine if a property value is encrypted and decrypt it accordingly.
validProperties.list
List File
The <Windchill>/bin/adminTools/sip/validProperties.list file is a list of Windchill xconf managed properties which can be encrypted.
Each property is contained on a separate line as is the fully name of the .xconf managed property.
This file is how Windchill’s xconf framework determines what properties should be encrypted. New .xconf managed properties can be added on a new line in the file by specifying the new property name.
validIEProperties.list
List File
The <Windchill>/bin/adminTools/sip/validIEProperties.list file is a list of Windchill xconf managed properties which can be encrypted specific to the use of out-of-process InfoEngine adapters installed on a host separate from Windchill.
This file should only contain properties necessary for out-of-process IE adapters on a separate host.
EncryptPasswords.xml
XML File
The <Windchill>/bin/adminTools/sip/EncryptPasswords.xml is an xml file containing ANT tasks that provide administrative utilities for managing encrypted passwords and the securing mechanism.
This file can be used as a guide to see how to encrypt non-.xconf managed properties. You can examine the encryptWVSWorkerAgent and encryptWVSCADAgent targets. These targets rely on WTKeyStoreUtil methods to encrypt properties that are not xconf managed but still rely on securing the property values using Windchills encryption mechanism.
WTKeyStoreUtilWVS
Java Class
An interface and API that provides methods to encrypt WVS CAD and Worker configuration passwords.
This class contains code that can be used as an example on how to encrypt non-.xconf managed properties.
There are two variations of the problem:
1. You want to encrypt and decrypt .xconf managed property values.
2. You want to encrypt and decrypt non-.xconf manager property values.
Each of these uses the encryption and decryption mechanism for various properties. The difference is that if a property is a single valued managed .xconf property the xconf framework can be used to set an encrypted value for that property. If the property is not managed by .xconf files then a secondary means to encrypt the property needs to be coded.
In both situations, code needs to specifically decrypt the property prior to its use otherwise the value will likely result in errors and/or failures as the value is encrypted.
War dies hilfreich?