Solved

(I think i need to) Create a Trust Store file with existing Keys/Secrets

Posted on 2014-04-03
5
624 Views
Last Modified: 2014-04-12
Background:  
I'm testing an API my company is developing.  I'm in analytics, and not a developer but I've been known to do some light programming from time to time (flavors of VB).  ....My point is that I'm learning as I go along, so go easy on me and explain to me as if i were a child.  :)

Issue:
I've been provisioned with Consumer Key/Secret as well as a Token/Secret to use OAuth with an API.  Rather than programming something from scratch, I'm going to try to use the REST Client step in Pentaho Spoon to collect and process the responses (JSON) from the API.

Anyway,  I find myself needing (I think) to create a "Trust Store" file, which I can then point the Spoon process to.. It calls for a Trust store file location and a Trust Store password.

I've done some Googling and have since downloaded the latest Java development kit, specifically so I can use keytool.exe.  Keep in mind, i don't know Java

So my questions are:
1) Is keytool.exe indeed what I need to use to generate a "Trust store file" and accompanying password?

2) Based on what I've read, it seems to me that keytool.exe is used to *generate* keys and secrets.  Like I said, I've already got some that I need to use.  Can I use keytool.exe to create a Trust store file and incorporate my *existing* keys/secrets?
0
Comment
Question by:ducky801
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 36

Expert Comment

by:mccarl
ID: 39976973
To answer your questions, yes "keytool" can create trust store files (note that trust stores and key stores are the same type of file, just with different content and/or used for different purposes). And yes, keytool CAN generate keys, certificates, etc but it can also import existing ones.

HOWEVER, while I don't have experience with Pentaho, etc I would doubt that it's use of a "trust store" is for negotiating an OAuth session. The trust store would be used for the negotiation of SSL connections (which you might also need) but I have never heard of anything storing the OAuth key/secret/token info in a trust store.

To verify all of the above, can you tell me in what format you have received this consumer key/secret/token information? And also, can you point to any public available documentation that you are looking at for Pentaho where it might talk about this requirement for a trust store?   From these, I may be able to help further.
0
 
LVL 5

Author Comment

by:ducky801
ID: 39978479
mccarl -

Thanks for your post.  This helps.  One question I was asking myself yesterday which I should have posted here was "Is Oauth the same as SSL and/or do they work hand-in hand?" (The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL')

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...

Here is the documentation on the REST Client in Pentaho Spoon:
http://wiki.pentaho.com/display/EAI/Rest+Client

One other silly question:  Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
0
 
LVL 36

Accepted Solution

by:
mccarl earned 500 total points
ID: 39987506
Sorry for the delay in responding, I have been away for the weekend!

"Is Oauth the same as SSL and/or do they work hand-in hand?"
No they are quite different things. SSL is about encrypting traffic between a client and the server and for verifying that the server is who it claims to be. OAuth is about authenticating clients to servers and often via a third party service, ie. these recently slew of websites that allow you to authenticate to them via your Facebook credentials are an example of this. SSL can also authenticate the client to the server but this is done in a totally different way.

The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL'
That makes sense... The trust store basically contains a collection of 'SSL Certificates' that is the basis of how "trust" of a paricular server is established.

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...
Yes it does, as suspected these things aren't able to be used by keytool or have anything to do with trust store. As said above, we are talking two different things here.

Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
Unfortunately no, OAuth is a bit more detailed than that and this simple approach won't work. From the documentation, it doesn't seem that Pentaho Sppon has any built ability to manage the OAuth setup for you so you would have to manually make the right calls, etc to do this. Now the other issue is that while OAuth is a standard that is documented, a lot of services claim that they authicate via OAuth but the actual situation is that they have made up their own authentication that is "like" OAuth. This may or may not be the case for the service that you are attempting to communicate with, but I would suggest that you talk to the people that developed the service (or the people that provisioned your key/secret info) about exactly how the authentication needs to happen, and see if you can implement that in Pentaho.
0
 
LVL 5

Author Closing Comment

by:ducky801
ID: 39988940
mccarl -

Thanks so much for explaining this to me.  It's all still pretty foreign, but I feel like I have 20x the knowledge about this topic than I did a week ago.  

For anybody else who comes across this post:  I was actually able go get the Pentaho Spoon REST step to work after I met with a developer.  The trick is to pass the Authorization Header in the 'headers' tab of the step.  I used a Firefox extension called RESTClient to determine the contents of the authorization header.
0
 
LVL 36

Expert Comment

by:mccarl
ID: 39996983
Not a problem, glad that you got it working and that I could be of help! :)

The trick is to pass the Authorization Header in the 'headers' tab of the step.
This doesn't really sound like OAuth at all then, or at least not the full OAuth "conversation". It sounds like just a standard "Basic" style authorization.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question