SA-26525

Summary

User is facing an issue while trying to encrypt the passwords in prconfig, prbootstrap and Business Intelligence Exchange (BIX) files.
When user tries to generate a keyring file by following the instructions provided in the PDN artcile for command line execution, user is facing an error:

https://pdn.pega.com/how-encrypt-passwords-properties-and-blobs

Error Messages

com.pega.pegarules.pub.database.DatabaseException: Database-General Problem encountered when getting connection for database pegarules 1005 72000 ORA-01005: null password given; logon denied

From: (unknown)
Caused by SQL Problems.
Problem #1, SQLState 72000, Error code 1005: java.sql.SQLException: ORA-01005: null password given; logon denied

at com.pega.pegarules.data.internal.access.ExceptionInformation.createExceptionDueToDBFailure(ExceptionInformation.java:262)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getConnectionFromDatabaseName(ConnectionManagerImpl.java:856)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getConnection(ConnectionManagerImpl.java:1187)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getConnection(ConnectionManagerImpl.java:1129)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getConnection(ConnectionManagerImpl.java:343)
at com.pega.pegarules.data.internal.access.DatabaseInformationMapImpl.lookupDBInfo(DatabaseInformationMapImpl.java:325)
at com.pega.pegarules.data.internal.access.DatabaseInformationMapImpl.get(DatabaseInformationMapImpl.java:268)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getDefaultSchema(ConnectionManagerImpl.java:2611)
at com.pega.pegarules.data.internal.access.ConnectionManagerImpl.getBaseTableSchema(ConnectionManagerImpl.java:2602)

Steps to Reproduce

1. Create a keyring file.
2. Remove the password from prconfig.xml.
3. Run BIX extract through command line.

Root Cause

Additional settings which are required to communicate the use of a keyring file were not done, due to which password is not being read from the keyring file.

Resolution

In addition to the things that are specified in the PDN articles mentioned below, include the below line, along with the existing JVM arguments in the BIX XML file.

• https://pdn.pega.com/how-encrypt-database-passwords-using-jce-keyring-file
• https://pdn.pega.com/how-encrypt-passwords-properties-and-blobs

Line:
<jvmarg value="-Dpegarules.keyring=<relative path of the prconfig file> "/>
For example: config/pegarules.keyring

If the name of keyring file is different from the default name of pegarules, include below setting in prconfig.xml file.

<env name="identification/KeyringPrefix" value="<name of the file without extension>" />
For example: pegarules

Encryption of BIX password, can be done in the same step where the password in prconfig.xml is encrypted, however there will be a difference in the arguments. Use the below command to encrypt passwords in prconfig.xml and BIX:

java -Xms512m -Xmx768m -classpath "<Path to prbootstrap.jar>;<Path to prbootstrap-api.jar>;<Path to prdbcp.jar>;<Path to ojdbc6.jar>;<Path to jsr94-1.0.jar>;%CLASSPATH%" -Dcom.pega.pegarules.bootstrap.properties.url=config\prbootstrap.properties -Dpegarules.config=config\prconfig.xml -Dpegarules.logging.configuration=config\prlogging.xml -Dcom.pega.pegarules.bootstrap.ignorejndi=true com.pega.pegarules.pub.PegaRULES com.pega.pegarules.exec.internal.util.crypto.KeyringImpl .\config\pegarules.keyring .\config\prconfig.xml <Path to PegaRULES deployment directory / Pega Media> bix