Solved

(I think i need to) Create a Trust Store file with existing Keys/Secrets

Posted on 2014-04-03
5
558 Views
Last Modified: 2014-04-12
Background:  
I'm testing an API my company is developing.  I'm in analytics, and not a developer but I've been known to do some light programming from time to time (flavors of VB).  ....My point is that I'm learning as I go along, so go easy on me and explain to me as if i were a child.  :)

Issue:
I've been provisioned with Consumer Key/Secret as well as a Token/Secret to use OAuth with an API.  Rather than programming something from scratch, I'm going to try to use the REST Client step in Pentaho Spoon to collect and process the responses (JSON) from the API.

Anyway,  I find myself needing (I think) to create a "Trust Store" file, which I can then point the Spoon process to.. It calls for a Trust store file location and a Trust Store password.

I've done some Googling and have since downloaded the latest Java development kit, specifically so I can use keytool.exe.  Keep in mind, i don't know Java

So my questions are:
1) Is keytool.exe indeed what I need to use to generate a "Trust store file" and accompanying password?

2) Based on what I've read, it seems to me that keytool.exe is used to *generate* keys and secrets.  Like I said, I've already got some that I need to use.  Can I use keytool.exe to create a Trust store file and incorporate my *existing* keys/secrets?
0
Comment
Question by:ducky801
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:mccarl
ID: 39976973
To answer your questions, yes "keytool" can create trust store files (note that trust stores and key stores are the same type of file, just with different content and/or used for different purposes). And yes, keytool CAN generate keys, certificates, etc but it can also import existing ones.

HOWEVER, while I don't have experience with Pentaho, etc I would doubt that it's use of a "trust store" is for negotiating an OAuth session. The trust store would be used for the negotiation of SSL connections (which you might also need) but I have never heard of anything storing the OAuth key/secret/token info in a trust store.

To verify all of the above, can you tell me in what format you have received this consumer key/secret/token information? And also, can you point to any public available documentation that you are looking at for Pentaho where it might talk about this requirement for a trust store?   From these, I may be able to help further.
0
 
LVL 5

Author Comment

by:ducky801
ID: 39978479
mccarl -

Thanks for your post.  This helps.  One question I was asking myself yesterday which I should have posted here was "Is Oauth the same as SSL and/or do they work hand-in hand?" (The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL')

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...

Here is the documentation on the REST Client in Pentaho Spoon:
http://wiki.pentaho.com/display/EAI/Rest+Client

One other silly question:  Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39987506
Sorry for the delay in responding, I have been away for the weekend!

"Is Oauth the same as SSL and/or do they work hand-in hand?"
No they are quite different things. SSL is about encrypting traffic between a client and the server and for verifying that the server is who it claims to be. OAuth is about authenticating clients to servers and often via a third party service, ie. these recently slew of websites that allow you to authenticate to them via your Facebook credentials are an example of this. SSL can also authenticate the client to the server but this is done in a totally different way.

The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL'
That makes sense... The trust store basically contains a collection of 'SSL Certificates' that is the basis of how "trust" of a paricular server is established.

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...
Yes it does, as suspected these things aren't able to be used by keytool or have anything to do with trust store. As said above, we are talking two different things here.

Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
Unfortunately no, OAuth is a bit more detailed than that and this simple approach won't work. From the documentation, it doesn't seem that Pentaho Sppon has any built ability to manage the OAuth setup for you so you would have to manually make the right calls, etc to do this. Now the other issue is that while OAuth is a standard that is documented, a lot of services claim that they authicate via OAuth but the actual situation is that they have made up their own authentication that is "like" OAuth. This may or may not be the case for the service that you are attempting to communicate with, but I would suggest that you talk to the people that developed the service (or the people that provisioned your key/secret info) about exactly how the authentication needs to happen, and see if you can implement that in Pentaho.
0
 
LVL 5

Author Closing Comment

by:ducky801
ID: 39988940
mccarl -

Thanks so much for explaining this to me.  It's all still pretty foreign, but I feel like I have 20x the knowledge about this topic than I did a week ago.  

For anybody else who comes across this post:  I was actually able go get the Pentaho Spoon REST step to work after I met with a developer.  The trick is to pass the Authorization Header in the 'headers' tab of the step.  I used a Firefox extension called RESTClient to determine the contents of the authorization header.
0
 
LVL 35

Expert Comment

by:mccarl
ID: 39996983
Not a problem, glad that you got it working and that I could be of help! :)

The trick is to pass the Authorization Header in the 'headers' tab of the step.
This doesn't really sound like OAuth at all then, or at least not the full OAuth "conversation". It sounds like just a standard "Basic" style authorization.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question