Java Code to Decrypt User Password and Fetch Security Question and Answers in OIM

OIM does not allow to Decrypt user password from User form now. So, as a workaround, we can fetch the password from Process form and Decrypt it using the below code:

package Retry_Failed;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.security.auth.login.LoginException;

import com.thortech.xl.dataaccess.tcDataBaseClient;
import com.thortech.xl.dataaccess.tcDataProvider;
import com.thortech.xl.dataaccess.tcDataSet;

import Thor.API.tcResultSet;
import Thor.API.Operations.tcFormInstanceOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;
import Thor.API.Security.XLClientSecurityAssociation;
import oracle.iam.platform.OIMClient;
import oracle.iam.provisioning.api.ProvisioningService;
import oracle.iam.provisioning.vo.Account;

public class Decrypt

{
private static OIMClient oimClient;



public static void init() throws LoginException {
String hostName = "oim_hostname";
String port = "oim_port_no";
System.out.println("Creating client....");
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String serverURL = "t3://" + hostName + ":" + port;
String username = "xelsysadm";
String password = "xelsysadm_Password";

System.setProperty("java.security.auth.login.config",
"Location of Local authwl.comf");
System.setProperty("APPSERVER_TYPE", "wls");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, serverURL);

oimClient = new OIMClient(env);
System.out.println("Logging in");

oimClient.login(username, password);
System.out.println("Log in successful");

}

public static void main(String args[]) throws Exception
{
init();
tcDataProvider dbProvider = null;
String userLogin = null;
Map<String, String> challengeQuestionAnswer = new HashMap<String, String>();
XLClientSecurityAssociation.setClientHandle(oimClient);//Needed for database client
        dbProvider = new tcDataBaseClient(); //Connection to OIM Schema
        tcDataSet dataSet = new tcDataSet(); //Stores the result set of an executed query
       
        tcDataSet dataSet_PCQ = new tcDataSet(); //Stores the result set of an executed query

        String query = "SELECT * FROM USR where USR_LOGIN in UPPER('USR_LOGIN of User to Decrypt password For')";

        dataSet.setQuery(dbProvider, query); //Set query and database provider
        dataSet.executeQuery(); //execute query and store results into dataSet object
        int records = dataSet.getTotalRowCount();
        String usr_key="";
        for(int i = 0; i < records; i++)
        {
            dataSet.goToRow(i); //move pointer to next record
            usr_key = dataSet.getString("USR_KEY");
//            String decryptPwd = tcCryptoUtil.decrypt(encPwd,"DBSecretKey");
            userLogin = dataSet.getString("USR_LOGIN");
            String userStatus = dataSet.getString("USR_STATUS");
            System.out.printf("User Login: %s\nStatus: %s\nKey: %s\n\n", userLogin, userStatus, usr_key);
//            System.out.printf("User Login: %s\nStatus: %s\nPassword: %s\n\n", userLogin, userStatus, decryptPwd); 
           
           
           
     
        }
       
//        }
        challengeQuestionAnswer = getChallengeQuesAns(usr_key);
        for (Entry<String, String> entry : challengeQuestionAnswer.entrySet()) {
System.out.println("Question : "+entry.getKey()+" Answer : "+entry.getValue());
}
long procInstKey = getProcessInstKeyOfRes("LDAP User", usr_key, new String[] { "Provisioned", "Enabled" }, oimClient, userLogin);
    String passkey = getLDAPPassword(oimClient, procInstKey);
    System.out.println("Entering into password:: " + passkey);
}


private static Map<String, String> getChallengeQuesAns(String usr_key) {
Map<String, String> challengeQuestionAnswers = new HashMap<String, String>();
try

{

tcUserOperationsIntf userOperationsIntf = (tcUserOperationsIntf) oimClient

.getService(tcUserOperationsIntf.class);

tcResultSet resultSet = userOperationsIntf

.getChallengeValuesForUser(Long.parseLong(usr_key));

if ((resultSet == null) || (resultSet.isEmpty())) {

System.out.println("ResultSet is Empty or null");

return challengeQuestionAnswers;

}

int rowCount = resultSet.getRowCount();

for (int j = 0; j < rowCount; j++) {

resultSet.goToRow(j);

String[] columnNames = resultSet.getColumnNames();

for (int i = 0; i < columnNames.length; i++) {

String question = resultSet.getStringValue("Users.Password Challenge Question.Question");

String answer = resultSet.getStringValue("Users.Password Challenge Question.Answer");

challengeQuestionAnswers.put(question, answer);

}

}

} catch (Exception e) {

e.printStackTrace();

}
return challengeQuestionAnswers;
}


public static long getProcessInstKeyOfRes(String res_Name, String userkey, String[] statusArray, OIMClient oimClient, String userLogin)
  throws Exception
{
  long longProcessInstanceKey = 0L;
  String methodName = "getProcessInstKeyOfRes():::";
 
  ProvisioningService ps = (ProvisioningService)oimClient.getService(ProvisioningService.class);
  try
  {
    System.out.println(methodName + "Entering into method:: " + methodName);
   
    List<Account> userAccount = ps.getAccountsProvisionedToUser(userkey);
    System.out.println(methodName + "size of list--->" + userAccount.size());
    System.out.println(userAccount);
   
   
    for (Account account : userAccount) {
//    System.out.println(account.getAppInstance()+"\n"+account.getAccountDescriptiveField());
//    account.get
//      if ((account.getAppInstance().toString().contains("Enterprise")) || (account.getAppInstance().toString().contains("ODSEE"))) {
    if (account.getAppInstance().toString().contains("ODSEE") && account.getAccountDescriptiveField().toString().contains(userLogin)){
        if ((Arrays.asList(statusArray).contains(account.getAccountStatus().toString())) && (account.getAccountType().toString().equalsIgnoreCase("Primary")))
        {
          System.out.println(methodName + " >>>>>> account.getAccountType() " + account.getAccountType());
          System.out.println(methodName + " >>>>>> account.getAccountStatus() " + account.getAccountStatus());
          System.out.println(methodName + " >>>>>> account.getProcessInstanceKey() " + account.getProcessInstanceKey());
          longProcessInstanceKey = Long.parseLong(account.getProcessInstanceKey().toString());
        }
      }
    }
    System.out.println(methodName + "longProcessInstanceKey --->" + longProcessInstanceKey);
  }
  catch (Exception e)
  {
    System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
    throw new Exception("ERROR");
  }
  return longProcessInstanceKey;
}



public static String getLDAPPassword(OIMClient oimClient, long procInstKey)
  throws Exception
{
  String ldapPassword = null;
  String methodName = "getLDAPPassword():::";
  String usrID = null;
  try
  {
    System.out.println(methodName + "Entering into method:: " + methodName);
    if (procInstKey > 0L)
    {
      tcFormInstanceOperationsIntf formInstanceOperationsIntf = (tcFormInstanceOperationsIntf)oimClient.getService(tcFormInstanceOperationsIntf.class);
      tcResultSet resultSet = formInstanceOperationsIntf.getProcessFormData(procInstKey);
      int rowCount = resultSet.getRowCount();
      System.out.println(methodName + "rowCount = " + rowCount);
      for (int j = 0; j < rowCount; j++)
      {
        resultSet.goToRow(j);
       
        ldapPassword = resultSet.getStringValue("UD_LDAP_USR_PASSWORD");
       
        usrID = resultSet.getStringValue("UD_LDAP_USR_USERID");
      }
    }
    System.out.println(methodName + "usrID = " + usrID);
    System.out.println(methodName + "Exiting method:: " + methodName);
  }
  catch (Exception e)
  {
    System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
    throw new Exception("ERROR");
  }
  return ldapPassword;
}


}