Merge branch 'wdt-856' into 'develop-4.0'

Update new and existing entries in DefaultAuthenticatorInit.ldift; use correct encryption for PasswordDigestEnabled

See merge request weblogic-cloud/weblogic-deploy-tooling!1653

Author: robertpatrick

core/src/main/python/wlsdeploy/aliases/model_constants.py

@@ -212,6 +212,7 @@
 PARTITION_SYSTEM_FILE = 'SystemFileSystem'
 PARTITION_USER_FILE = 'UserFileSystem'
 PARTITION_WORK_MANAGER = 'PartitionWorkManager'
+PASSWORD_DIGEST_ENABLED = 'PasswordDigestEnabled'
 PASSWORD_VALIDATOR = 'PasswordValidator'
 PATH = 'Path'
 PATH_SERVICE = 'PathService'

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -808,15 +808,17 @@ def __create_mbeans_used_by_topology_mbeans(self, topology_folder_list):
 
     def __create_security_folder(self):
         """
-        Create the the security objects if any. The security information
+        Create the security objects if any. The security information
         from the model will be writing to the DefaultAuthenticatorInit.ldift file
         :raises: CreateException: if an error occurs
         """
         _method_name = '__create_security_folder'
         self.logger.entering(class_name=self.__class_name, method_name=_method_name)
         security_folder = dictionary_utils.get_dictionary_element(self._topology, SECURITY)
         if security_folder is not None:
-            helper = DefaultAuthenticatorHelper(self.model_context, self.aliases, ExceptionType.CREATE)
+            using_password_digests = self.security_provider_creator.is_default_authenticator_password_digest_enabled()
+            helper = DefaultAuthenticatorHelper(self.model_context, self.aliases, ExceptionType.CREATE,
+                                                using_password_digests)
             helper.create_default_init_file(security_folder)
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
 

core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py

@@ -6,6 +6,10 @@
 from oracle.weblogic.deploy.exception import BundleAwareException
 
 from wlsdeploy.aliases.location_context import LocationContext
+from wlsdeploy.aliases.model_constants import AUTHENTICATION_PROVIDER
+from wlsdeploy.aliases.model_constants import DEFAULT_AUTHENTICATOR
+from wlsdeploy.aliases.model_constants import DEFAULT_REALM
+from wlsdeploy.aliases.model_constants import PASSWORD_DIGEST_ENABLED
 from wlsdeploy.aliases.model_constants import REALM
 from wlsdeploy.aliases.model_constants import SECURITY_CONFIGURATION
 from wlsdeploy.aliases.validation_codes import ValidationCodes
@@ -326,3 +330,48 @@ def _is_default_adjudicator_configuration(self, model_nodes):
 
     def is_adjudicator_changeable(self):
         return self._wls_helper.is_weblogic_version_or_above('12.2.1.4')
+
+    def is_default_authenticator_password_digest_enabled(self):
+        _method_name = 'is_default_authenticator_password_digest_enabled'
+        self.logger.entering(class_name=self.__class_name, method_name=_method_name)
+
+        is_password_digest_enabled = False
+        if self._topology:
+            security_configuration = dictionary_utils.get_dictionary_element(self._topology, SECURITY_CONFIGURATION)
+            realm = dictionary_utils.get_dictionary_element(security_configuration, REALM)
+            realm_name = self.__get_default_realm_name()
+            realm = dictionary_utils.get_dictionary_element(realm, realm_name)
+            authenticators = dictionary_utils.get_dictionary_element(realm, AUTHENTICATION_PROVIDER)
+            for atn_name, atn_dict in authenticators.iteritems():
+                if DEFAULT_AUTHENTICATOR in atn_dict:
+                    default_authenticator = atn_dict[DEFAULT_AUTHENTICATOR]
+                    is_password_digest_enabled = \
+                        dictionary_utils.get_boolean_element(default_authenticator, PASSWORD_DIGEST_ENABLED)
+                    break
+
+        self.logger.exiting(class_name=self.__class_name, method_name=_method_name, result=is_password_digest_enabled)
+        return is_password_digest_enabled
+
+    def __get_default_realm_name(self):
+        _method_name = '__get_default_realm_name'
+        self.logger.entering(class_name=self.__class_name, method_name=_method_name)
+
+        location = LocationContext()
+        name_token = self.aliases.get_name_token(location)
+        location.add_name_token(name_token, self.model_context.get_domain_name())
+        security_configuration_wlst_path = self.aliases.get_wlst_attributes_path(location)
+
+        pwd = self.wlst_helper.get_pwd()
+
+        self.wlst_helper.cd(security_configuration_wlst_path)
+        security_configuration = self.wlst_helper.lsa()
+        default_realm_wlst_name = self.aliases.get_wlst_attribute_name(location, DEFAULT_REALM)
+        if default_realm_wlst_name in security_configuration:
+            default_realm_name = security_configuration[DEFAULT_REALM]
+        else:
+            default_realm_name = 'myrealm'
+
+        self.wlst_helper.cd(pwd)
+
+        self.logger.exiting(class_name=self.__class_name, method_name=_method_name, result=default_realm_name)
+        return default_realm_name