Layer7 API Management

 View Only
  • 1.  Private key in context variable

    Posted Nov 16, 2023 01:01 PM

    Hi All,

    I'm on a Software Gateway 10.1 CR03 on premisse.

    Ineed to put a private key from the PK Store into a context variable and encode it to Base64. I tried lookup certificate by name and then base64 encode with encode/decode data properties, but the base64 is invalid. The keychain I use is ones that I created with the gateway itself for dev. I get the following error after using this in a custom assertion: Warning 398 STERR:javasecurity.spec.InvalidKeySpecExeption: java.security.InvalidKeyExeption: IOExeption " DER input, integer tag error.

    Help is very much appreciated.

    Thanks,

    WJ



  • 2.  RE: Private key in context variable

    Broadcom Employee
    Posted Nov 16, 2023 01:18 PM

    Are you sure you need to base64 encode it first.  I believe the certificate is already in base64/PEM format when you pull it from the PK store.  By encoding it, your custom assertion is assuming that it is a DER (binary) certificate that you encoded.

    EIther that, or your custom asserting is requires a DER/binary cert that has been base64 encoded.  In such case you may need to to extract the certificate DER then encode it.  I believe this page is relevant: https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/11-0/reference/context-variables/certificate-attributes-context-variables.html; specifically the $ { <prefix> .der} variable.

    I hope this helps, I haven't done this myself, but I hope I am on the right track.




  • 3.  RE: Private key in context variable

    Posted Nov 16, 2023 01:28 PM

    Thank you very much Joseph. When I return to requester the private key it is not encoded. I'd like to follow your suggestions and try it tomorrow (i'm in europe). 

    Thanks again,

    WJ




  • 4.  RE: Private key in context variable

    Broadcom Employee
    Posted Nov 16, 2023 03:32 PM

    Hi Willard,

      I'm very curious as to why you need a private key as a context variable. This is a highly unusual requirement. Private keys should rarely be exposed.

    Cheers!

    JayMac



    ------------------------------
    Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
    ------------------------------



  • 5.  RE: Private key in context variable

    Posted Nov 17, 2023 02:02 AM

    Hello Jay, I know but I only need it for a custom assertion that signs REST JSON messages. Like the built in XML one.

    thanks,

    Willard




  • 6.  RE: Private key in context variable

    Posted Nov 20, 2023 06:26 AM
    Edited by David Vinell Nov 20, 2023 06:26 AM

    .