This appendix provides a reference to the Oracle Stream Analytics security utilities, including cssconfig, encryptMSAConfig, and GrabCert, which are all utilities for generating security configuration files, encrypting cleartext passwords, and generating a trust keystore.
This appendix includes the following sections:
Except where otherwise noted, the commands are located in /Oracle/Middleware/my_oep/oep/bin.
Note:
The GrabSert, passgen, and secgen command-line utilities are deprecated. Configuration Wizard and Oracle Stream Analytics Visualizer perform the passgen and secgen tasks for you.
Use the cssconfig command-line utility to generate a security configuration file (security.xml) that uses a password policy.
cssconfig.cmd (Windows)
cssconfig.sh (UNIX)
The Unix version of this utility starts with the #!/bin/ksh directive. On most Unix systems, this forces the Korn Shell program to be used when using the utility. If the ksh program is not present in the bin directory or if the shell language used cannot properly execute the utility, run the utility as shown below:
$PATH_TO_KSH_BIN/ksh -c cssconfig.sh
where PATH_TO_KSH_BIN is the fully qualified path to the ksh program.
Syntax
cssconfig -p propertyfile [-c configfile] -i inputkeyfile [-d]
Table C-1 encryptMSAConfig Arguments
| Option | Description | Default Value |
|---|---|---|
|
|
Required. A file that contains security configuration properties provided by the user to define the required configuration. Configure SSL Manually. |
|
|
configfile |
Optional. The name of the generated file. This property is optional. |
|
|
|
The fully qualified name of the input key file used to generate the security configuration file. Set this option to the |
|
|
|
Use the |
Use the encryptMSAConfig encryption command-line utility to encrypt cleartext passwords.
You can use encryptMSAConfig to encrypt the server config.xml and security.xml files, and the application configuration credential.
Note:
This tool is not available on Oracle WebLogic Server.
encryptMSAConfig.cmd (Windows)
encryptMSAConfig.sh (UNIX)
Cleartext passwords are specified by the <password> element, in XML files. Examples of XML files that can contain the <password> elements include:
config.xml
security-config.xml
Component configuration files
Syntax
encryptMSAConfig directory XML_file aesinternal.dat_file
Table C-2 encryptMSAConfig Arguments
| Option | Description |
|---|---|
|
|
The name of the directory that contains the XML file with the cleartext |
|
XML_file |
The name of the XML file. |
|
|
The location of the |
|
|
Use the Omit the |
For example:
pwd C:\Oracle\Middleware\my_oep\user_projects\domains\oep_domain\defaultserver C:\Oracle\Middleware\my_oep\oep\bin\encryptMSAConfig.cmd . config\config.xml .aesinternal.dat
After you run the command, the value of the password element in XML_file is encrypted.
Use the GrabCert command-line utility to generate a trust keystore that includes the certificate from an existing trust keystore.
The GrabCert utility is located in the /Oracle/Middleware/my_oep/oep/utils/security/wlevsgrabcert.jar file.
Syntax
java GrabCert host:secureport [-alias=alias] [-noinput] [truststorepath]
Table C-3 GrabCert Arguments
| Option | Description | Default Value |
|---|---|---|
|
|
The host name of the Oracle Stream Analytics server from which to copy the certificate. |
|
|
|
The SSL port on For more information, see Configure SSL Manually. |
9003 |
|
|
The alias for the certificate in the trust keystore. |
|
|
|
Use the Omit the |
|
|
|
The full pathname of the generated trust keystore file on |
|
Examples
For example:
java GrabCert ariel:9003 -alias=ariel evstrust.jks
For other examples, see Configure SSL in a Multiserver Domain for Visualizer.
Use the passhash command-line utility to encrypt a password to use in the atnstore.txt file.
Note:
This tool is not available on Oracle WebLogic Server.
The commands vary depending on operating system:
passgen.cmd (Windows)
passgen.sh (UNIX)
Note:
To get command-line help for this tool, use -help instead of -h.
Syntax
passhash [pasword]
The password parameter is a plain text string. The command output is a hashed encrypted string using the MD5/SHA encryption algorithm.
./passhash.sh
Password ("quit" to end): 4444
{SHA-1}+wQ3QDREP82FCrpDYspXM8SAlaMCx0o=
Password ("quit" to end): quit
Use the policygen command-line utility to convert an entitlement file to an XACML LDIFT file or to an XACML file.
Syntax
policygen [-h] policygen [-s] [-l] | -s] [-x] [entitlementInputFile] [xacmlOutputFile]
Table C-4 policygen Arguments
| Option | Description |
|---|---|
-h |
Print command help to the console. |
-s |
Generate a standard XACML policy inside an XACML LDIFT file or in an XACML file. When no -l or -s is specified, an XACML LDIFT file is generated. When no -s option is specified, an XACML policy file is generated. |
-l |
|
-x |
Generate an XACML policy file. |
|
entitlementInputFile |
The name and location of the input entitlement XML file. |
|
xacmlOutputFile |
The name and location of the output XACML file. |
Examples
The following example generates an XACML policy file:
./policygen.sh -l entitlementinputfile.xml xacmloutputfile.xml
Use the encrypttool command-line utility to encrypt and decrypt files.
This command uses an EncryptedStreamFactory object for encryption and decryption. The encryption result is a binary encrypted file. All content in the input file is encrypted using the AES/DES encryption algorithm.
Syntax
encrypttool [-h] encrypttool [-encrypt] [-decrypt] [-password password] [-algorithm algorithm] [inputfilename] [outputfilename]
Table C-5 encrypttool Arguments
| Option | Description |
|---|---|
-encrypt |
Encrypt the input file and save the encryption results to the encrypted output file. |
-decrypt |
Decrypt the input file and save the decryption results to the unencrypted output file. |
-password |
The password that is required to encrypt or decrypt a file. If you do not provide the password, the system prompts you for it. |
-algorithm |
The encryption or decryption algorithm to use for the operation. The legal values are AES and DES. DES is the default. |
|
inputfilename |
The location and name of the input file to be encrypted or decrypted. |
|
outputfilename |
The name and location of the output file in which to save the encryption or decryption results. If you do not specify an output file, the results are printed to the console. |
Examples
The following example uses the mypassword password to encrypt the textToEncrypt file with the AES encryption algorithm and saves the results to the encryptedText file.
encrypttool -encrypt -password mypassword -algorithm AES textToEncrypt encryptedText