on 04-23-2017 11:54 PM
Dear Experts,
I am working on PI 7.3 dual stack. There is a requirement where Java Mapping will have to access the Key Store Manager and get the digital key maintained in the NWA. Please provide me any example code and the relevant jar files.
Thanks and Regards,
Rana Brata De
Hi,
Here you are:
import java.rmi.RemoteException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import com.sap.engine.interfaces.keystore.KeystoreManager;
import com.sap.security.core.server.ssf.SsfProfileKeyStore;
import com.sap.aii.mapping.api.StreamTransformationException;
private static SsfProfileKeyStore getCertProfile(String alias, String password) throws StreamTransformationException {
// get profile from keystore service of AS Java
InitialContext ctx = null;
try {
ctx = new InitialContext();
} catch (NamingException ex) {
throw new StreamTransformationException("Initial context: " + ex.getMessage(), ex);
}
KeystoreManager manager = null;
try {
manager = (KeystoreManager)ctx.lookup("keystore");
} catch (NamingException ex) {
throw new StreamTransformationException("Named object: " + ex.getMessage(), ex);
}
KeyStore keyStore = null;
try {
keyStore = manager.getKeystore("DEFAULT");
} catch (RemoteException ex) {
throw new StreamTransformationException("Default keystore: " + ex.getMessage(), ex);
}
SsfProfileKeyStore profile = null;
try {
profile = new SsfProfileKeyStore(keyStore, alias, password);
} catch (KeyStoreException ex) {
throw new StreamTransformationException("Profile: " + ex.getMessage(), ex);
}
return profile;
}
(...)
SsfProfileKeyStore profile = getCertProfile(alias, password);
PrivateKey key = (PrivateKey)profile.getPrivateKey();
X509Certificate[] chain = profile.getCertificateChain();
Regards,
Andrzej
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Andrzej,
Thanks for your reply. I could reach the Key Storage and view some of the keys i.e.
securestorage, TrustedCAs, DEFAULT, WebServiceSecurity, WebServiceSecurity_Certs. We have made a similar one in the name of our company <CompanyName> and imported a certificate in it. But we cannot see that one. Our objective is to find the certificate and as well as the private-key from mapping. Do you have any suggestion on how to proceed.
Thanks and Regards,
Rana Brata De
Finally got it working
The mapping class is executing as user Guest.
User Guest has no access to keystores and shouldn't have.
Therefore it's necessary to use the com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL) API.
ISsfProfile getSsfProfileKeyStore(String keyStoreAlias, String keyStoreEntry) throws StreamTransformationException {
KeyStoreManager managerPriviliged = null;
try {
managerPriviliged = com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(
com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL);
} catch (KeyStoreException e) {
throw new StreamTransformationException("SAPSecurityResources", e);
}
KeyStore keyStore;
try {
keyStore = managerPriviliged.getKeyStore(keyStoreAlias);
} catch (KeyStoreException e) {
throw new StreamTransformationException("managerPriviliged.getKeyStore " + keyStoreAlias, e);
}
ISsfProfile profile = null;
try {
profile = managerPriviliged.getISsfProfile(keyStore, keyStoreEntry, null);
} catch (KeyStoreException e) {
throw new StreamTransformationException("Failed to load SsfProfileKeyStore " + keyStoreAlias + " " + keyStoreEntry, e);
}
return profile;
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Otto, how are you ?
Can you please let me know how you got the library com.sap.aii.af.service.resource.SAPSecurityResources in order to execute the comand below :
managerPriviliged = com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager( com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL)
I have been searching for this library as I want to used this command in my java mapping but I searched everywhere and could not locate it.
Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I usually keep a copy of all the jar files from the server on my pc to easily search the jars.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think I use this tool or a similar on sourceforge
http://jfind.sourceforge.net/ I use jfind
https://sourceforge.net/projects/jarfinder/
The one I use can be run without gui on unix console as well.
Start searching the NWDS installation.
if not found then search the SAP PO / SAP PI installation on the server.
check the docs
Cheers
/Otto
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
https://help.sap.com/saphelp_nw74/helpdata/en/43/a52f2e63161bbfe10000000a1553f7/frameset.htm
SAPSecurityResources
//https://help.sap.com/doc/javadocs_nw75_sps06/7.5.6/en-US/PI/com/sap/aii/af/service/resource/SAPSecurityResources.html //https://help.sap.com/saphelp_nw74/helpdata/en/43/a52f2e63161bbfe10000000a1553f7/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
the tickets didn't solve the problem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
791649 - User unable to logon by ticket
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1788571 - Protection domains for PI mapping classes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
67 | |
8 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.