Hi,

We have BTP  scenario, where we get Destinations list from Destination Service calling its API from Groovy script
It was done in accordance with Consuming the Destination Service and was working pretty well before.
But now it's not possible anymore, as there is no "clientsecret" in the environment variables.
There we have now "certificate", "key", "verificationkey".

We are trying to use the code below to apply that certificate and key to the request to get the token:
     def services = new JsonSlurper().parseText(System.getenv("VCAP_SERVICES"));
     switch (services.destination[0].credentials."credential-type".toString()){
        case 'x509': 
            String clientid           = services.destination[0].credentials.clientid.toString();
            String certificate        = services.destination[0].credentials.certificate.toString().replaceAll("\\n", "\n");
            String privateKeyContent  = services.destination[0].credentials.key.toString().replaceAll("\\n", "").replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "");
            String publicKeyContent   = services.destination[0].credentials.verificationkey.toString().replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");
            String xsuaaURL           = services.destination[0].credentials.certurl.toString() + '/oauth/token?grant_type=client_credentials';

            CertificateFactory cf = CertificateFactory.getInstance("X.509");

            KeyStore sslKey = KeyStore.getInstance(KeyStore.getDefaultType());
            sslKey.load(null, null);
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PKCS8EncodedKeySpec privateKeyBytes = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
            sslKey.setKeyEntry("Key", kf.generatePrivate(privateKeyBytes), null, null); 

            KeyStore sslCert = KeyStore.getInstance(KeyStore.getDefaultType());
            sslCert.load(null, null);
            sslCert.setCertificateEntry("Host", cf.generateCertificate(new ByteArrayInputStream(certificate.bytes)));

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(sslKey, "");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(sslCert);

            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(keyManagerFactory.getKeyManagers(), trustManagerFactory, new java.security.SecureRandom());

            Request = new URL(xsuaaURL).openConnection() as HttpURLConnection;
            Request.SSLSocketFactory = sc.socketFactory;

 

It fails at the line:
sslKey.setKeyEntry("Key", kf.generatePrivate(privateKeyBytes), null, null); 
with message:
An internal server error occured: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence@ line 58 in script1.groovy.

Could anyone please advise with working code example, or the explanation how to overcome such error?

SAP Integration Suite