cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

KeyStore access from Java mapping

former_member200339
Participant

on ‎04-23-2017 11:54 PM

0 Kudos

Dear Experts,

I am working on PI 7.3 dual stack. There is a requirement where Java Mapping will have to access the Key Store Manager and get the digital key maintained in the NWA. Please provide me any example code and the relevant jar files.

Thanks and Regards,

Rana Brata De

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (9)

Answers (9)

Andrzej_Filusz
Contributor
‎04-24-2017 8:56 AM

Hi,

Here you are:

import java.rmi.RemoteException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import com.sap.engine.interfaces.keystore.KeystoreManager;
import com.sap.security.core.server.ssf.SsfProfileKeyStore;
import com.sap.aii.mapping.api.StreamTransformationException;


private static SsfProfileKeyStore getCertProfile(String alias, String password) throws StreamTransformationException {
	//	get profile from keystore service of AS Java
	InitialContext ctx = null;		
	try {
		ctx = new InitialContext();
	} catch (NamingException ex) {
		throw new StreamTransformationException("Initial context: " + ex.getMessage(), ex);
	}
	
	KeystoreManager manager = null;		
	try {		
	   manager = (KeystoreManager)ctx.lookup("keystore");
	} catch (NamingException ex) {
		throw new StreamTransformationException("Named object: " + ex.getMessage(), ex);
	}
				
	KeyStore keyStore = null;
	try {	
		keyStore = manager.getKeystore("DEFAULT");
	} catch (RemoteException ex) {
		throw new StreamTransformationException("Default keystore: " + ex.getMessage(), ex);
	}
	
	SsfProfileKeyStore profile = null;       
	try {
		profile = new SsfProfileKeyStore(keyStore, alias, password);
	} catch (KeyStoreException ex) {
		throw new StreamTransformationException("Profile: " + ex.getMessage(), ex);
	}			
			
	return profile;				
}

(...)

SsfProfileKeyStore profile = getCertProfile(alias, password);			
PrivateKey key = (PrivateKey)profile.getPrivateKey(); 			
X509Certificate[] chain = profile.getCertificateChain();

Regards,

Andrzej

Show replies
Show replies
former_member200339
Participant
‎04-25-2017 4:13 PM
0 Kudos

Dear Andrzej,

Thanks for your reply. I could reach the Key Storage and view some of the keys i.e.

securestorage, TrustedCAs, DEFAULT, WebServiceSecurity, WebServiceSecurity_Certs. We have made a similar one in the name of our company <CompanyName> and imported a certificate in it. But we cannot see that one. Our objective is to find the certificate and as well as the private-key from mapping. Do you have any suggestion on how to proceed.

Thanks and Regards,

Rana Brata De

otto_frost4
Participant
‎01-08-2018 5:35 PM

Finally got it working

The mapping class is executing as user Guest.

User Guest has no access to keystores and shouldn't have.

Therefore it's necessary to use the com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL) API.

ISsfProfile getSsfProfileKeyStore(String keyStoreAlias, String keyStoreEntry) throws StreamTransformationException {

KeyStoreManager managerPriviliged = null;
try {
managerPriviliged = com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(
com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL);
} catch (KeyStoreException e) {
throw new StreamTransformationException("SAPSecurityResources", e);
}
KeyStore keyStore;
try {
keyStore = managerPriviliged.getKeyStore(keyStoreAlias);
} catch (KeyStoreException e) {
throw new StreamTransformationException("managerPriviliged.getKeyStore " + keyStoreAlias, e);
}
ISsfProfile profile = null;
try {
profile = managerPriviliged.getISsfProfile(keyStore, keyStoreEntry, null);
} catch (KeyStoreException e) {
throw new StreamTransformationException("Failed to load SsfProfileKeyStore " + keyStoreAlias + " " + keyStoreEntry, e);
}
return profile;
}
Show replies
Show replies
former_member276938
Member
‎04-11-2019 3:18 PM
0 Kudos

Hi Otto, how are you ?

Can you please let me know how you got the library com.sap.aii.af.service.resource.SAPSecurityResources in order to execute the comand below :

managerPriviliged = com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager( com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL)

I have been searching for this library as I want to used this command in my java mapping but I searched everywhere and could not locate it.

Thank you.

otto_frost4
Participant
‎04-11-2019 8:46 PM
0 Kudos

https://help.sap.com/doc/2f39047ed6b141cb83658041d2d4e029/7.5.14/en-US/PI/com/sap/aii/af/service/res...

SAPSecurityResources

Show replies
Show replies
otto_frost4
Participant
‎04-11-2019 8:42 PM
0 Kudos

I usually keep a copy of all the jar files from the server on my pc to easily search the jars.

Show replies
Show replies
otto_frost4
Participant
‎04-11-2019 8:35 PM
0 Kudos

I think I use this tool or a similar on sourceforge

http://jfind.sourceforge.net/ I use jfind

https://sourceforge.net/projects/jarfinder/

The one I use can be run without gui on unix console as well.

Start searching the NWDS installation.

if not found then search the SAP PO / SAP PI installation on the server.

http://help.sap.com/javadocs

check the docs

Cheers

/Otto

Show replies
Show replies
otto_frost4
Participant
‎01-05-2018 4:39 PM
0 Kudos

https://help.sap.com/saphelp_nw74/helpdata/en/43/a52f2e63161bbfe10000000a1553f7/frameset.htm

SAPSecurityResources

//https://help.sap.com/doc/javadocs_nw75_sps06/7.5.6/en-US/PI/com/sap/aii/af/service/resource/SAPSecurityResources.html //https://help.sap.com/saphelp_nw74/helpdata/en/43/a52f2e63161bbfe10000000a1553f7/frameset.htm

Show replies
Show replies
otto_frost4
Participant
‎12-20-2017 3:14 PM
0 Kudos

the tickets didn't solve the problem

Show replies
Show replies
otto_frost4
Participant
‎12-20-2017 3:13 PM
0 Kudos

791649 - User unable to logon by ticket

Show replies
Show replies
otto_frost4
Participant
‎12-20-2017 1:54 PM
0 Kudos

1788571 - Protection domains for PI mapping classes

Show replies
Show replies
Ask a Question