Layer7 API Management

I am creating a custom assertion and I need to access a private key resource when my assertion's onRequest method is invoked.  I have the key's alias as a member variable.  Is there a way I can use the ServiceFinder or some other API I'm not seeing to get access to the private keys in CA API Gateway (am using 9.2).

Thanks,

Rob

Hi Robert, 

I appreciate this is older query, but we are going through backlog of older questions, in attempt to give them meaningful answers, in case of latter similar requests - sorry the reply probably did not get to you in useful timeframe. 

The private key isn't directly exposed in the Gateway, however you can indirectly use it to sign documents in custom assertion via the following : 

Using the SignerServices Object - CA API Gateway - 9.4 - CA Technologies Documentation 

Using ServiceFinder, you can find "SignerServices" and then the "Signer" via the lookup keyId. 

The "Signer" there is direct wrapper for the private key (the variable is private so you can't directly access it).  But you can then use it to create a signature via the "signer.createSignature()" method.

 ServiceFinder serviceFinder = (ServiceFinder) customPolicyContext.getContext().get("serviceFinder");   SignerServices signerServices= serviceFinder.lookupService(SignerServices.class);   Signer signer = signerServices.createSigner(keyId);   try {     byte[] signature = signer.createSignature(hashAlgorithm, dataToSign);   } catch (NoSuchAlgorithmException e) {       // process error.   } catch (InvalidKeyException e) {       // process error.   } catch (SignatureException e) {       // process error.   } catch (IOException e) {       // process error.   }

Hope that helps.

Cheers - Mark