This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to use custom certificates as pem file in iloveapis2015-jwt-jwe-jws github sample under java call out policy

Posted on 12-14-2016 03:23 PM
peeyush_rahariy
New Member
Reply posted on --/--/---- --:-- AM

I have tried out the github sample for generating and verifying the JWT token in Apigee Edge.

On that github sample, there is a policy "JWT-Create-RS256", which actually works in creating and verifying JWT's.

There are 2 properties mentioned in that java call out policy:

<Property name="pemfile">public-private-keypair1.pem</Property>

<Property name="private-key-password">deecee123</Property>

I would like to know, how apigee gets public-private-keypair1.pem ? This is included a resource file in sample from github(jwt_signed\callout\src\main\resources\resources), however, it is not included in the apiproxy folder.

Say for instance, if I want to use my own certificates for creating and validating JWT's, how can I upload them to the proxy?

Complete content of that policy are:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="JWT-Create-RS256">
    <DisplayName>JWT-Create-RS256</DisplayName>
    <Properties>
        <Property name="algorithm">RS256</Property>
        <!-- pemfile and private-key-password used only for algorithm = RS256 -->
        <Property name="pemfile">public-private-keypair1.pem</Property>
        <Property name="private-key-password">deecee123</Property>
        <!-- standard claims -->
        <Property name="subject">{apiproxy.name}</Property>
        <Property name="issuer">http://dinochiesa.net</Property>
        <Property name="audience">Optional-String-or-URI</Property>
        <Property name="expiresIn">3600</Property>
        <!-- in seconds -->
        <!-- custom claims -->
        <Property name="claim_primarylanguage">English</Property>
        <Property name="claim_shoesize">8.5</Property>
        <Property name="claim_motto">Iloveapis</Property>
    </Properties>
    <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
    <ResourceURL>java://jwt-signed-edge-callout.jar</ResourceURL>
</JavaCallout>
Solved Solved
1 3 690
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Hi Peeyush,

The PEM files in that example are actually bundled into the JAR file.

If you wish to bundle your own PEM files in this way, you will need to rebuild the JAR file.

This is described in the readme for the callout:

You can also specify the PEM as a named file resource that is bundled in the jar itself. To do this, you need to recompile the jar with your desired pemfile contained within it.

For more information, check the Readme and look for the section with the header "Generate a JWT using RS256 - specify PEM file as resource in JAR"

It should be pretty easy to rebuild the JAR if you can just run a maven command (mvn clean install).

If you do this, you will want to remove the existing PEM files from the JAR, as they are useful only for the examples given, and they should not be used in your own production deployment of the JWT policy.

Does this make sense?

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Hi Peeyush,

The PEM files in that example are actually bundled into the JAR file.

If you wish to bundle your own PEM files in this way, you will need to rebuild the JAR file.

This is described in the readme for the callout:

You can also specify the PEM as a named file resource that is bundled in the jar itself. To do this, you need to recompile the jar with your desired pemfile contained within it.

For more information, check the Readme and look for the section with the header "Generate a JWT using RS256 - specify PEM file as resource in JAR"

It should be pretty easy to rebuild the JAR if you can just run a maven command (mvn clean install).

If you do this, you will want to remove the existing PEM files from the JAR, as they are useful only for the examples given, and they should not be used in your own production deployment of the JWT policy.

Does this make sense?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
architecture-te
New Member
Reply posted on --/--/---- --:-- AM

It's a shame to rebuild JAR file for a certicate modification. Especially when there is a certificate different for each environment ..

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to architecture-te
Reply posted on --/--/---- --:-- AM

You do not need to do so.

You can specify the configuration like so: 

<JavaCallout name="JWT-Parse-RS256">
    <Properties>
        <Property name="algorithm">RS256</Property>
        <Property name="certificate">
      -----BEGIN CERTIFICATE-----
      MIIC4jCCAcqgAwIBAgIQ.....aKLWSqMhozdhXsIIKvJQ==
      -----END CERTIFICATE-----
        </Property>
     ...

This is documented in the README. Search the page text for "certificate".

Jump to Solution
0 Likes