Skip to Content

Introduction

CPI Keystore Monitor allows a tenant administrator to manage the tenant keystore and its entries. A keystore contains entries uniquely identified by an alias where each entry has its own lifecycle. Renewal of an entry is important task to be done before expiry, else it will lead to message failure for productive scenarios using specific certificates/key-pairs entries. The tenant administrator can be notified for those entries which are about to expire, so that he can take in-time actions for renewal of the same.

Within keystore monitor, expired keys and certificates are highlighted showing expiration date. In addition, an Integration Flow can be modeled to get notifications via mail for entries reaching their expiry. This document provides steps to model a scenario triggered via scheduler which looks across all entries of the tenant keystore and sends a mail with information about those entries reaching their expiry.

Scenario Description

Cloud Integration provides various REST APIs with technical protocol as Open Data Protocol (OData) with which you can access data. These APIs can be consumed via https://<tmnUrl>/api/v1 where <tmn> is the address of the tenant management node. Here we will use API for accessing keystore entries via https://<tmnUrl>/api/v1/KeystoreEntries .Overall scenario looks as below:

Create an integration flow with Start Timer Event. Using Request-Reply step call OData APIs to fetch details of the tenant keystore entries via OData receiver channel. Fetch Alias Name and ValidNotAfter for entity KeystoreEntries. Below find the configuration of OData Receiver channel:

Make sure the Page Size field value is null since entries in a keystore are not so many in numbers.

The response of the OData call will be a file containing all keystore entries with their Alias & Validity date. Now add a General Splitter step to split using XPath /KeystoreEntries/KeystoreEntry and pass split entries to a Local Integration Process.

In Local Integration Process, define a Content Modifier and store the values of keystore entry Alias and Validity Time in a header.

Additionally, add a message containing Alias & Validity Time information about keystore entry in body of Content Modifier. This message will be send via mail notification. You can choose to customize this information as per your need.

Now add a script to fetch Validity Time from header and compare with current date. Output of script shall be number of days left for Keystore entry to expire. You can find a sample code below:

     def map = message.getHeaders();

     String getCertExpirydate = map.get(“CertExpiryDate”);

     Date CertExpirydate = new SimpleDateFormat(“yyyy-MM-dd“).parse(getCertExpirydate);

     Date dateNow = new Date(System.currentTimeMillis());

     long dateDiff = CertExpirydate.getTime() – dateNow.getTime();

     def daysToExpire = TimeUnit.DAYS.convert(dateDiff, TimeUnit.MILLISECONDS);

     message.setHeader(“daysToExpire”, daysToExpire);

Add a router step to route those entries whose expiry is in less than defined number of days (e.g. daysToExpire < 4) and send an email to specific participants informing them about the expiry.

To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Toni Cunill

    Hello
    Thanks a lot for your blog. it’s perfect.
    I have created the package, deploy.. and everything is green.. But I don’t receive any email with the alert…
    How can I verify in which part is not working properly?

    (0) 
  2. Toni Cunill

    Hello Amar

    Thanks for you helping.
    I have obtained the error in Content Modifier

    Error Details
    org.apache.camel.CamelExecutionException: Exception occurred during execution on the exchange: Exchange[ID-vsa5107462-40927-1541369381630-22-5], cause: org.apache.camel.language.simple.types.SimpleParserException: expected symbol functionEnd but was eol

    What does it mean?. any idea?
    Thanks

    (0) 
    1. Kumar Amar
      Post author

       

      Hello Toni

      Seems some issue with conversion. Can you recheck Header configuration in Content Modifier step and you are using right Type for Header defined as well as body is correct.

       

      Thanks

      Amar

      (0) 
  3. Toni Cunill

    Hello Amar,

    Now, I have problems with script:

    Error Details
    javax.script.ScriptException: org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed: script__Script.groovy: 5: unable to resolve class SimpleDateFormat @ line 5, column 28. Date CertExpirydate = new SimpleDateFormat(���yyyy-MM-dd���).parse(getCertExpirydate)
    Somehting is wrong
    Thanks
    (0) 
    1. Kumar Amar
      Post author

      Hello Toni

      Kindly confirm if you copied the script code from above blog and pasted it. If this is the case, copy/paste sometime changes format for special characters and they are no more recognized during runtime when corresponding jars are created.

      Kindly write that specific line of code and recheck.

       

      Thanks

      Amar

       

      (0) 
  4. Toni Cunill

    Hello Amar,

     

    No I have obtained an other error, in my script:

    javax.script.ScriptException: groovy.lang.MissingPropertyException: No such property: message for class: new__Script, cause: groovy.lang.MissingPropertyException: No such property: message for class: new__Script

     

    What does it means?

    Thanks

    Best regards

    (0) 

Leave a Reply