Skip to Content
0

KeyStore access from Java mapping

Apr 23, 2017 at 10:54 PM

522

avatar image
Former Member

Dear Experts,

I am working on PI 7.3 dual stack. There is a requirement where Java Mapping will have to access the Key Store Manager and get the digital key maintained in the NWA. Please provide me any example code and the relevant jar files.

Thanks and Regards,

Rana Brata De

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

6 Answers

Andrzej Filusz Apr 24, 2017 at 07:56 AM
2

Hi,

Here you are:

import java.rmi.RemoteException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import com.sap.engine.interfaces.keystore.KeystoreManager;
import com.sap.security.core.server.ssf.SsfProfileKeyStore;
import com.sap.aii.mapping.api.StreamTransformationException;


private static SsfProfileKeyStore getCertProfile(String alias, String password) throws StreamTransformationException {
	//	get profile from keystore service of AS Java
	InitialContext ctx = null;		
	try {
		ctx = new InitialContext();
	} catch (NamingException ex) {
		throw new StreamTransformationException("Initial context: " + ex.getMessage(), ex);
	}
	
	KeystoreManager manager = null;		
	try {		
	   manager = (KeystoreManager)ctx.lookup("keystore");
	} catch (NamingException ex) {
		throw new StreamTransformationException("Named object: " + ex.getMessage(), ex);
	}
				
	KeyStore keyStore = null;
	try {	
		keyStore = manager.getKeystore("DEFAULT");
	} catch (RemoteException ex) {
		throw new StreamTransformationException("Default keystore: " + ex.getMessage(), ex);
	}
	
	SsfProfileKeyStore profile = null;       
	try {
		profile = new SsfProfileKeyStore(keyStore, alias, password);
	} catch (KeyStoreException ex) {
		throw new StreamTransformationException("Profile: " + ex.getMessage(), ex);
	}			
			
	return profile;				
}

(...)

SsfProfileKeyStore profile = getCertProfile(alias, password);			
PrivateKey key = (PrivateKey)profile.getPrivateKey(); 			
X509Certificate[] chain = profile.getCertificateChain();

Regards,

Andrzej

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Dear Andrzej,

Thanks for your reply. I could reach the Key Storage and view some of the keys i.e.

securestorage, TrustedCAs, DEFAULT, WebServiceSecurity, WebServiceSecurity_Certs. We have made a similar one in the name of our company <CompanyName> and imported a certificate in it. But we cannot see that one. Our objective is to find the certificate and as well as the private-key from mapping. Do you have any suggestion on how to proceed.

Thanks and Regards,

Rana Brata De

0
Otto Frost Dec 20, 2017 at 01:54 PM
0

1788571 - Protection domains for PI mapping classes

Share
10 |10000 characters needed characters left characters exceeded
Otto Frost Dec 20, 2017 at 03:13 PM
0

791649 - User unable to logon by ticket

Share
10 |10000 characters needed characters left characters exceeded
Otto Frost Dec 20, 2017 at 03:14 PM
0

the tickets didn't solve the problem

Share
10 |10000 characters needed characters left characters exceeded
Otto Frost Jan 05 at 04:39 PM
0
Share
10 |10000 characters needed characters left characters exceeded
Otto Frost Jan 08 at 05:35 PM
0

Finally got it working

The mapping class is executing as user Guest.

User Guest has no access to keystores and shouldn't have.

Therefore it's necessary to use the com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL) API.

ISsfProfile getSsfProfileKeyStore(String keyStoreAlias, String keyStoreEntry) throws StreamTransformationException {

KeyStoreManager managerPriviliged = null;
try {
managerPriviliged = com.sap.aii.af.service.resource.SAPSecurityResources.getInstance().getKeyStoreManager(
com.sap.aii.security.lib.PermissionMode.SYSTEM_LEVEL);
} catch (KeyStoreException e) {
throw new StreamTransformationException("SAPSecurityResources", e);
}
KeyStore keyStore;
try {
keyStore = managerPriviliged.getKeyStore(keyStoreAlias);
} catch (KeyStoreException e) {
throw new StreamTransformationException("managerPriviliged.getKeyStore " + keyStoreAlias, e);
}
ISsfProfile profile = null;
try {
profile = managerPriviliged.getISsfProfile(keyStore, keyStoreEntry, null);
} catch (KeyStoreException e) {
throw new StreamTransformationException("Failed to load SsfProfileKeyStore " + keyStoreAlias + " " + keyStoreEntry, e);
}
return profile;
}
Share
10 |10000 characters needed characters left characters exceeded