Yep. Thanks, I stumbled upon atob and btoa as well. But alspo on File-encoding when writing and reading.
I'll post a PR on the graphman-client repo, with something that is working for me.
Take a look if this suits your needs as well.
Original Message:
Sent: Apr 24, 2024 07:34 AM
From: Raju Gurram
Subject: Graphman key import
You are correct. OpenSSL fails to read the exploded key. There's a known limitation from javascript btoa/atoa functions. We need to find alternative to them to fix this gap.
Otherwise, export-explode-implode-import works with in graphman-client.
Original Message:
Sent: Apr 22, 2024 06:29 AM
From: Michael Mueller
Subject: Graphman key import
Hi Raju .
You are right. I need to refine my concern / observation
I confirm, that with the current available versions (v1.1.00 and main branch) I can export, explode and implode and finally import a key from a source to a target gateway.
My original observation was related to a non matching json bundle before the explode and after the implode due to some customer specific customization to the graphman-client code.
Anyway, I still see an issue with the ootb versions.
The exploded version of the p12 keystore file when exploding with the "--explodeKeys" option is not readable by openssl
Hence , I wouldn't be able to provide new keystores created out of the gateways from a different source.
To prove my observation, export a key and explode it with --explodeKeys .
Then try to read the p12 file with
openssl pkcs12 -in <the p12 file> -nodes -passin pass:<your passphrase when exporting>
Please confirm my expectation, that this should work . (At least it works, if I create the p12 file from the key.json base64 encoded keys[0].p12 property, decoding it and writing it to a file by unix tools )
Regards
...Michael
Original Message:
Sent: Apr 19, 2024 02:17 AM
From: Raju Gurram
Subject: Graphman key import
@Michael Mueller,
That's correct, it might went wrong while exploding/imploding keys and their cert-chains to/from files. We've pushed few fixes to the release/v1.1.00 release branch.
Could you please verify with it once?
Thanks, Raju
Original Message:
Sent: Apr 18, 2024 11:47 PM
From: Michael Mueller
Subject: Graphman key import
Support case 33714916 created
Original Message:
Sent: Apr 18, 2024 01:14 PM
From: Michael Mueller
Subject: Graphman key import
I think the problem are the explode/implode steps using the --explodeKeys option.
Obviously the generated p12 file is not correctly decoded.
As well as the implode does not correctly encode the p12 file.
Regards
...Michael
Original Message:
Sent: Apr 18, 2024 05:39 AM
From: Michael Mueller
Subject: Graphman key import
Dear Team.
today we tried the first time to import a key into a target gateway using graphman
The procedure was looking like:
- graphman.sh export --using keyByAlias --variables.alias "key-alias" --out key.json
- graphman.sh explode --explodeKeys ...
- graphman.sh implode ...
- graphman.sh import --input key.json
We got the following response:
...
"setKeys": { "keys": [ null ], "detailedStatus": [ { "status": "ERROR", "description": "Error creating or updating SSG_KEY_ENTRY entity, Failed to build a key from the input (p12)" } ] }...
and the following messages in the ssg logs:
2024-04-18T09:44:02.804+0100 INFO 1797 com.l7tech.external.assertions.gatewaygraphql.server.resolver.mutation.BasicGraphQLMutationResolver: Error creating or updating SSG_KEY_ENTRY entity, Failed to build a key from the input (p12)
2024-04-18T09:44:02.805+0100 WARNING 1797 com.l7tech.external.assertions.gatewaygraphql.server.ServerGatewayGraphQLAssertion: Rolling back the operation-level transaction
Any idea what we might do wrong ?
source gateway : V11.0
target gateway : V11.0 CR02
graphman-client V1.1.0
schema for export : V10.1-CR03
Thanks for hints and help.
Regards
...Michael