This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

.P12 file read in Java call out

Posted on 05-03-2018 07:19 AM
ranganathparvat
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi ,

we have a scenario that java callout reads p12 file and generates oauth signature.

question: How can i read p12 file in java callout as KVM context variable? or any other alternatives.

Thanks & Regards,

Ranganath.

0 4 1,332
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can you describe in more detail what you mean by "oauth signature"?

Can you describe where the .p12 file will be? One thing that may make your life easier is to convert the .p12 file to PEM format prior to deployment, and store the PEM content into the KVM. I've done this for various callouts and it works well. PEM is just a text format, and there is Java code available that shows how to read a PEM file and get a PrivateKey.

Such as this

    private static PrivateKey generatePrivateKey(PrivateKeyInfo info)
        throws InvalidKeySpecException, GeneralSecurityException, NoSuchAlgorithmException, IOException, PEMException
    {
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        PEMParser pr = new PEMParser(new StringReader(new String(info.keyBytes, StandardCharsets.UTF_8)));
        Object o = pr.readObject();


        if (o == null || !((o instanceof PEMKeyPair) || (o instanceof PEMEncryptedKeyPair))) {
            throw new IllegalStateException("Didn't find OpenSSL key");
        }
        KeyPair kp;
        if (o instanceof PEMEncryptedKeyPair) {
            JcePEMDecryptorProviderBuilder bcDecProvider = new JcePEMDecryptorProviderBuilder().setProvider("BC");
            char[] charArray = info.password.toCharArray();
            PEMDecryptorProvider decProv = bcDecProvider.build(charArray);
            kp = converter.getKeyPair(((PEMEncryptedKeyPair)o).decryptKeyPair(decProv));
        }
        else {
            kp = converter.getKeyPair((PEMKeyPair)o);
        }


        PrivateKey privKey = kp.getPrivate();
        return privKey;
    }

...from this file.

Are you aware of the built-in GenerateJWT policy that can accept an RSA Private key? If by "OAuth signature" you mean JWT, you can use this policy out of the box with no need to write a callout. You will need to provide the private key in .PEM format, but that's easy to do. If the key doesn't change very often, it won't be an obstacle.

Posted on --/--/---- --:-- AM
ranganathparvat
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino,

Thank you very much for your response on this.

for security reasons , we have to find solution to keep the file in secured place and read from context variable.

below is the current configuration we have.

p12 file location:

currently we are keeping p12 file in jar itself.

java code we are using to read: InputStream is = this.getClass().getResourceAsStream("/ABC.p12");


oauth1.0a custom signature as below:


oauth1.0a signature with RSA 256 using params (consumer key, key alias,keypassword, privatekey,method,charset,URI,payload)

Regards,

Ranganath P

0 Likes

Posted on --/--/---- --:-- AM
ranganathparvat
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino,

As per your suggestion, i will try below steps.

1. convert p12 file to PEM

2. upload pem to encrypted KVM

3. set the context variable in the flow

4. get the pem string as context varaible in java callout

5. again convert pem string to privatekey

6. then do further steps for oauth signature

Thanks & Regards,

Ranganath

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to ranganathparvat
Reply posted on --/--/---- --:-- AM

That sounds like a good plan to me.

0 Likes