cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OAuth 2.0 JWT Bearer Token Flow - Accessing Keystore from UDF

sendhil_kumar
Active Participant

on ‎07-06-2018 1:37 PM

0 Kudos

Hi Guys,

I am doing salesforce integration, to send JWT token to Salesforce.

There is a list of instructions provided by Salesforce to do this.

OAuth 2.0 JWT Bearer Token Flow

import org.apache.commons.codec.binary.Base64;
import java.io.*; 
import java.security.*; 
import java.text.MessageFormat;  

public class JWTExample {

  public static void main(String[] args) {

    String header = "{\"alg\":\"RS256\"}";
    String claimTemplate = "'{'\"iss\": \"{0}\", \"sub\": \"{1}\", \"aud\": \"{2}\", \"exp\": \"{3}\"'}'";

    try {
      StringBuffer token = new StringBuffer();

      //Encode the JWT Header and add it to our string to sign
      token.append(Base64.encodeBase64URLSafeString(header.getBytes("UTF-8")));

      //Separate with a period
      token.append(".");

      //Create the JWT Claims Object
      String[] claimArray = new String[4];
      claimArray[0] = "3MVG99OxTyEMCQ3gNp2PjkqeZKxnmAiG1xV4oHh9AKL_rSK.BoSVPGZHQukXnVjzRgSuQqGn75NL7yfkQcyy7";
      claimArray[1] = "my@email.com";
      claimArray[2] = "https://login.salesforce.com";
      claimArray[3] = Long.toString( ( System.currentTimeMillis()/1000 ) + 300);
      MessageFormat claims;
      claims = new MessageFormat(claimTemplate);
      String payload = claims.format(claimArray);

      //Add the encoded claims object
      token.append(Base64.encodeBase64URLSafeString(payload.getBytes("UTF-8")));

      //Load the private key from a keystore
      KeyStore keystore = KeyStore.getInstance("JKS");
      keystore.load(new FileInputStream("./path/to/keystore.jks"), "keystorepassword".toCharArray());
      PrivateKey privateKey = (PrivateKey) keystore.getKey("certalias", "privatekeypassword".toCharArray());

      //Sign the JWT Header + "." + JWT Claims Object
      Signature signature = Signature.getInstance("SHA256withRSA");
      signature.initSign(privateKey);
      signature.update(token.toString().getBytes("UTF-8"));
      String signedPayload = Base64.encodeBase64URLSafeString(signature.sign());

      //Separate with a period
      token.append(".");

      //Add the encoded signature
      token.append(signedPayload);

      System.out.println(token.toString());

    } catch (Exception e) {
        e.printStackTrace();
    }
  }
}

Can you please help me in accessing the private key stored in keystore 

     KeyStore keystore = KeyStore.getInstance("JKS");
      keystore.load(new FileInputStream("./path/to/keystore.jks"), "keystorepassword".toCharArray());
      PrivateKey privateKey = (PrivateKey) keystore.getKey("certalias", "privatekeypassword".toCharArray());

my keys are stored in /root/JXX/sec

This is the location where other keys are stored that are used for PGP encryption of messages.

Should I be storing this key in the same location or it doesn't matter?

And guide me how to access this key stored pls?

--

Thanks.


Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

sendhil_kumar
Active Participant
‎09-26-2019 4:56 PM

Hi Rajani,

Yes, able to read the Private Key.

InitialContext ctx = new InitialContext();
//mt.addInfo("1");
KeystoreManagerWrapper kmanager = (KeystoreManagerWrapper)ctx.lookup("keystore");
//mt.addInfo("2");
KeyStore keyStore = kmanager.getKeystore("TrustedCAs");
//mt.addInfo("3");
mt.addInfo(keyStore.toString());
//KeyStore keystore = KeyStore.getInstance("JKS");


//		keystore.load(new FileInputStream("./path/to/keystore.jks"), "keystorepassword".toCharArray());


		PrivateKey privateKey = (PrivateKey) keyStore.getKey("11652324", null);
		//mt.addInfo("4");
		//var5 = keystore.toString();


Signature signature = Signature.getInstance("sha256WithRSA");
//mt.addInfo("5");
signature.initSign(privateKey);
//mt.addInfo("6");
signature.update(token.toString().getBytes("UTF-8"));
//mt.addInfo("7");
String signedPayload = Base64.encodeBase64URLSafeString(signature.sign());
//mt.addInfo("8");
Show replies
Show replies
former_member733861
Explorer
‎06-11-2022 2:33 PM
0 Kudos

Hi Sendhi,

I have a similar requirement, could you please help with this - Rest Synchronous API (JWT+ Encryption(RSA 256 Public Key) + Digital Signature HMAC RSA + AES ) | SAP...

Show replies
Show replies
former_member530762
Explorer
‎09-08-2019 1:58 PM
0 Kudos

Hi,

Do you able to resolve issue?

Show replies
Show replies
Ask a Question