Synchronize Data Encryption
Note: Failure to synchronize data when encryption values change will cause outages and unexpected behavior in Oracle Utilities Work and Asset Management.
Note: Oracle Utilities Work and Asset Management should be shut down while running this process.
If at any time the encryption values change the values that are encrypted using the old value must be updated to reflect the new settings. A new utility com.splwg.shared.common.ChangeCryptographyKey is provided to synchronize data changes. The following keys are updated using this utility:
• Database Passwords used in Feature configurations such as Database Update features.
• Message Sender and Receiver Passwords (depending on Sender and Receiver type)
• Reporting tool integration passwords
• Multi-Purpose Listener passwords (for selected products)
• Email Adapter configuration.
• Web Services Passwords (legacy only)
• Security Hashes on user records
The following process is to be used:
• Logon to the machine you have made the changes upon as the product administrator.
• If you have not already done so, use the splenviron utility to set the environment variables for the product environment.
• Execute the following command:
perl <SPLEBASE>/run_java_standalone.plx com.splwg.shared.common.ChangeCryptographyKey[-t|-l|-h|-p] [old-settings]
where options are:
-t | Test Mode (no commit of changes) |
-l | Convert Legacy/OUAF System key |
-h | Convert User hashes only |
-p | Convert encrypted passwords only |
[old settings] | List of old settings as per below (other above options should not be used with these settings) |
-Dcom.oracle.ouaf.system.old;.keystore.file=<oldfile> -Dcom.oracle.ouaf.system.old.keystore.passwordFileName=<oldpassfile> -Dcom.oacle.ouaf.system.old.keystore.type=<oldtype> -Dcom.oacle.ouaf.system.old.keystore.alias=<oldalias> -Dcom.oacle.ouaf.system.old.keystore.padding=<oldpadding> -Dcom.oracle.ouaf.system.old.keystore.mode=<oldmode>
Where:
<oldfile> | Original Key Store file |
<oldpassfile> | Original Password Store file |
<oldtype> | Original Key store type |
<oldalias> | Original alias |
<oldpadding> | Original Padding |
<oldmode> | Original Mode |
Note: Only specify the values that have been changed.
Note: This command must be run once for each alias.
After running ChangeCryptographyKey, you must run $SPLEBASE/bin/invokeDBUpdatePatch.sh to reset the database patching credentials as follows:
• If you have not already done so, use the splenviron.sh utility to set the environment variables for the product environment.
• Run the command with the –b option to go into interactive mode and reply to the prompts. Use the –h option to get help.
$SPLEBASE/bin/invokeDBUpdatePatch.sh -b