Layer7 API Management

Expand all | Collapse all

How to get private keys from CA API Gateway when custom assertion is invoked

Jump to Best Answer
  • 1.  How to get private keys from CA API Gateway when custom assertion is invoked

    Posted 07-16-2018 11:17 AM

    I am creating a custom assertion and I need to access a private key resource when my assertion's onRequest method is invoked.  I have the key's alias as a member variable.  Is there a way I can use the ServiceFinder or some other API I'm not seeing to get access to the private keys in CA API Gateway (am using 9.2).

     

    Thanks,

    Rob



  • 2.  Re: How to get private keys from CA API Gateway when custom assertion is invoked
    Best Answer

    Broadcom Employee
    Posted 03-11-2019 09:28 PM

    Hi Robert, 

     

    I appreciate this is older query, but we are going through backlog of older questions, in attempt to give them meaningful answers, in case of latter similar requests - sorry the reply probably did not get to you in useful timeframe. 

     

    The private key isn't directly exposed in the Gateway, however you can indirectly use it to sign documents in custom assertion via the following : 

     

    Using the SignerServices Object - CA API Gateway - 9.4 - CA Technologies Documentation 

     

    Using ServiceFinder, you can find "SignerServices" and then the "Signer" via the lookup keyId. 

     

    The "Signer" there is direct wrapper for the private key (the variable is private so you can't directly access it).  But you can then use it to create a signature via the "signer.createSignature()" method.

     

     ServiceFinder serviceFinder = (ServiceFinder) customPolicyContext.getContext().get("serviceFinder");   SignerServices signerServices= serviceFinder.lookupService(SignerServices.class);   Signer signer = signerServices.createSigner(keyId);   try {     byte[] signature = signer.createSignature(hashAlgorithm, dataToSign);   } catch (NoSuchAlgorithmException e) {       // process error.   } catch (InvalidKeyException e) {       // process error.   } catch (SignatureException e) {       // process error.   } catch (IOException e) {       // process error.   }

     

    Hope that helps.

     

    Cheers - Mark