Solved

(I think i need to) Create a Trust Store file with existing Keys/Secrets

Posted on 2014-04-03
5
600 Views
Last Modified: 2014-04-12
Background:  
I'm testing an API my company is developing.  I'm in analytics, and not a developer but I've been known to do some light programming from time to time (flavors of VB).  ....My point is that I'm learning as I go along, so go easy on me and explain to me as if i were a child.  :)

Issue:
I've been provisioned with Consumer Key/Secret as well as a Token/Secret to use OAuth with an API.  Rather than programming something from scratch, I'm going to try to use the REST Client step in Pentaho Spoon to collect and process the responses (JSON) from the API.

Anyway,  I find myself needing (I think) to create a "Trust Store" file, which I can then point the Spoon process to.. It calls for a Trust store file location and a Trust Store password.

I've done some Googling and have since downloaded the latest Java development kit, specifically so I can use keytool.exe.  Keep in mind, i don't know Java

So my questions are:
1) Is keytool.exe indeed what I need to use to generate a "Trust store file" and accompanying password?

2) Based on what I've read, it seems to me that keytool.exe is used to *generate* keys and secrets.  Like I said, I've already got some that I need to use.  Can I use keytool.exe to create a Trust store file and incorporate my *existing* keys/secrets?
0
Comment
Question by:ducky801
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:mccarl
ID: 39976973
To answer your questions, yes "keytool" can create trust store files (note that trust stores and key stores are the same type of file, just with different content and/or used for different purposes). And yes, keytool CAN generate keys, certificates, etc but it can also import existing ones.

HOWEVER, while I don't have experience with Pentaho, etc I would doubt that it's use of a "trust store" is for negotiating an OAuth session. The trust store would be used for the negotiation of SSL connections (which you might also need) but I have never heard of anything storing the OAuth key/secret/token info in a trust store.

To verify all of the above, can you tell me in what format you have received this consumer key/secret/token information? And also, can you point to any public available documentation that you are looking at for Pentaho where it might talk about this requirement for a trust store?   From these, I may be able to help further.
0
 
LVL 5

Author Comment

by:ducky801
ID: 39978479
mccarl -

Thanks for your post.  This helps.  One question I was asking myself yesterday which I should have posted here was "Is Oauth the same as SSL and/or do they work hand-in hand?" (The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL')

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...

Here is the documentation on the REST Client in Pentaho Spoon:
http://wiki.pentaho.com/display/EAI/Rest+Client

One other silly question:  Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39987506
Sorry for the delay in responding, I have been away for the weekend!

"Is Oauth the same as SSL and/or do they work hand-in hand?"
No they are quite different things. SSL is about encrypting traffic between a client and the server and for verifying that the server is who it claims to be. OAuth is about authenticating clients to servers and often via a third party service, ie. these recently slew of websites that allow you to authenticate to them via your Facebook credentials are an example of this. SSL can also authenticate the client to the server but this is done in a totally different way.

The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL'
That makes sense... The trust store basically contains a collection of 'SSL Certificates' that is the basis of how "trust" of a paricular server is established.

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...
Yes it does, as suspected these things aren't able to be used by keytool or have anything to do with trust store. As said above, we are talking two different things here.

Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
Unfortunately no, OAuth is a bit more detailed than that and this simple approach won't work. From the documentation, it doesn't seem that Pentaho Sppon has any built ability to manage the OAuth setup for you so you would have to manually make the right calls, etc to do this. Now the other issue is that while OAuth is a standard that is documented, a lot of services claim that they authicate via OAuth but the actual situation is that they have made up their own authentication that is "like" OAuth. This may or may not be the case for the service that you are attempting to communicate with, but I would suggest that you talk to the people that developed the service (or the people that provisioned your key/secret info) about exactly how the authentication needs to happen, and see if you can implement that in Pentaho.
0
 
LVL 5

Author Closing Comment

by:ducky801
ID: 39988940
mccarl -

Thanks so much for explaining this to me.  It's all still pretty foreign, but I feel like I have 20x the knowledge about this topic than I did a week ago.  

For anybody else who comes across this post:  I was actually able go get the Pentaho Spoon REST step to work after I met with a developer.  The trick is to pass the Authorization Header in the 'headers' tab of the step.  I used a Firefox extension called RESTClient to determine the contents of the authorization header.
0
 
LVL 35

Expert Comment

by:mccarl
ID: 39996983
Not a problem, glad that you got it working and that I could be of help! :)

The trick is to pass the Authorization Header in the 'headers' tab of the step.
This doesn't really sound like OAuth at all then, or at least not the full OAuth "conversation". It sounds like just a standard "Basic" style authorization.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does initial implicit objects  are set up in JSP? 7 41
junit initializtion error 2 22
Selenium findElement(By.classname  identifier 15 37
Java regex 5 22
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question