Hi,
I see Apigee provides option to retrieve standard X 509 certificate values from virtual host.
Can something similar be done for eidas certificate as well.
Also are there any performance issues in this approach?Is it better to go for custom code to retrive such values using java callout or similar .
Regards,
Sonalee Shyam
Have you had a chance to look at https://github.com/yuriylesyuk/eidas-x509-for-psd2 git repo?
It contains Java Callout policy that processes qcStatements with PSD2 instructions of eiDAS certificate. There is a test proxy that uses the policy as well.
Yes,how do we pass the eidas certificate to Apigee at the first place through transport layer and how to access the values from virtual host?
Could you please help here
there is no documentation available specific to EIDAS as off now
Hi ylesyuk,
Thanks for the proxy..
Was testing the proxy and get below error. Do we need to add any additional jars? Can you share a zip of working sample?
==
{
"fault": {
"faultstring": "org/bouncycastle/openssl/jcajce/JcaPEMWriter",
"detail": {
"errorcode": "Internal Server Error"
}
}
}
==
Thanks.
After adding below jars it is working..
bcpkix-jdk15on-1.56.jar
bcprov-jdk15on-1.56.jar
Thankyou.
Question:
How do you format cert with new line characters? Say we receive the cert but how do you process the received cert and format it to pass it to java code?
Parsing a certificate (check curl command)
At the point you pass a certificate to a parser, it should have EOL after signature lines.
1.
That's the way how pem parser libs work. most of the times, you don't need \n after EVERY lineof the certificate. Only after *signature lines*, ie., ----- BEGIN CERT ---, ---- END CERT ----.
2.
https://www.ietf.org/rfc/rfc4648.txt"
$ curl -H 'SSL-CLIENT-CERT: -----BEGIN CERTIFICATE-----\nMIIECDCCAvCgAwIBAgIEb8KUejANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC\nREUxDzANBgNVBAgMBkhlc3NlbjESMBAGA1UEBwwJRnJhbmtmdXJ0MRUwEwYDVQQK\nDAxBdXRob3JpdHkgQ0ExCzAJBgNVBAsMAklUMSEwHwYDVQQDDBhBdXRob3JpdHkg.../9ftRm6d/DT54tCiR\nQ1q2Ca1AIXrpFAoDBAvqtQb4lyPnG6BJcwYBUg==\n-----END CERTIFICATE-----' http://$ORG-$ENV.apigee.net/eidas-parse-certificate
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |