Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 713
  • Last Modified:

(I think i need to) Create a Trust Store file with existing Keys/Secrets

Background:  
I'm testing an API my company is developing.  I'm in analytics, and not a developer but I've been known to do some light programming from time to time (flavors of VB).  ....My point is that I'm learning as I go along, so go easy on me and explain to me as if i were a child.  :)

Issue:
I've been provisioned with Consumer Key/Secret as well as a Token/Secret to use OAuth with an API.  Rather than programming something from scratch, I'm going to try to use the REST Client step in Pentaho Spoon to collect and process the responses (JSON) from the API.

Anyway,  I find myself needing (I think) to create a "Trust Store" file, which I can then point the Spoon process to.. It calls for a Trust store file location and a Trust Store password.

I've done some Googling and have since downloaded the latest Java development kit, specifically so I can use keytool.exe.  Keep in mind, i don't know Java

So my questions are:
1) Is keytool.exe indeed what I need to use to generate a "Trust store file" and accompanying password?

2) Based on what I've read, it seems to me that keytool.exe is used to *generate* keys and secrets.  Like I said, I've already got some that I need to use.  Can I use keytool.exe to create a Trust store file and incorporate my *existing* keys/secrets?
0
ducky801
Asked:
ducky801
  • 3
  • 2
1 Solution
 
mccarlIT Business Systems Analyst / Software DeveloperCommented:
To answer your questions, yes "keytool" can create trust store files (note that trust stores and key stores are the same type of file, just with different content and/or used for different purposes). And yes, keytool CAN generate keys, certificates, etc but it can also import existing ones.

HOWEVER, while I don't have experience with Pentaho, etc I would doubt that it's use of a "trust store" is for negotiating an OAuth session. The trust store would be used for the negotiation of SSL connections (which you might also need) but I have never heard of anything storing the OAuth key/secret/token info in a trust store.

To verify all of the above, can you tell me in what format you have received this consumer key/secret/token information? And also, can you point to any public available documentation that you are looking at for Pentaho where it might talk about this requirement for a trust store?   From these, I may be able to help further.
0
 
ducky801Author Commented:
mccarl -

Thanks for your post.  This helps.  One question I was asking myself yesterday which I should have posted here was "Is Oauth the same as SSL and/or do they work hand-in hand?" (The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL')

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...

Here is the documentation on the REST Client in Pentaho Spoon:
http://wiki.pentaho.com/display/EAI/Rest+Client

One other silly question:  Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
0
 
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Sorry for the delay in responding, I have been away for the weekend!

"Is Oauth the same as SSL and/or do they work hand-in hand?"
No they are quite different things. SSL is about encrypting traffic between a client and the server and for verifying that the server is who it claims to be. OAuth is about authenticating clients to servers and often via a third party service, ie. these recently slew of websites that allow you to authenticate to them via your Facebook credentials are an example of this. SSL can also authenticate the client to the server but this is done in a totally different way.

The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL'
That makes sense... The trust store basically contains a collection of 'SSL Certificates' that is the basis of how "trust" of a paricular server is established.

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...
Yes it does, as suspected these things aren't able to be used by keytool or have anything to do with trust store. As said above, we are talking two different things here.

Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
Unfortunately no, OAuth is a bit more detailed than that and this simple approach won't work. From the documentation, it doesn't seem that Pentaho Sppon has any built ability to manage the OAuth setup for you so you would have to manually make the right calls, etc to do this. Now the other issue is that while OAuth is a standard that is documented, a lot of services claim that they authicate via OAuth but the actual situation is that they have made up their own authentication that is "like" OAuth. This may or may not be the case for the service that you are attempting to communicate with, but I would suggest that you talk to the people that developed the service (or the people that provisioned your key/secret info) about exactly how the authentication needs to happen, and see if you can implement that in Pentaho.
0
 
ducky801Author Commented:
mccarl -

Thanks so much for explaining this to me.  It's all still pretty foreign, but I feel like I have 20x the knowledge about this topic than I did a week ago.  

For anybody else who comes across this post:  I was actually able go get the Pentaho Spoon REST step to work after I met with a developer.  The trick is to pass the Authorization Header in the 'headers' tab of the step.  I used a Firefox extension called RESTClient to determine the contents of the authorization header.
0
 
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Not a problem, glad that you got it working and that I could be of help! :)

The trick is to pass the Authorization Header in the 'headers' tab of the step.
This doesn't really sound like OAuth at all then, or at least not the full OAuth "conversation". It sounds like just a standard "Basic" style authorization.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now