Solved

(I think i need to) Create a Trust Store file with existing Keys/Secrets

Posted on 2014-04-03
5
521 Views
Last Modified: 2014-04-12
Background:  
I'm testing an API my company is developing.  I'm in analytics, and not a developer but I've been known to do some light programming from time to time (flavors of VB).  ....My point is that I'm learning as I go along, so go easy on me and explain to me as if i were a child.  :)

Issue:
I've been provisioned with Consumer Key/Secret as well as a Token/Secret to use OAuth with an API.  Rather than programming something from scratch, I'm going to try to use the REST Client step in Pentaho Spoon to collect and process the responses (JSON) from the API.

Anyway,  I find myself needing (I think) to create a "Trust Store" file, which I can then point the Spoon process to.. It calls for a Trust store file location and a Trust Store password.

I've done some Googling and have since downloaded the latest Java development kit, specifically so I can use keytool.exe.  Keep in mind, i don't know Java

So my questions are:
1) Is keytool.exe indeed what I need to use to generate a "Trust store file" and accompanying password?

2) Based on what I've read, it seems to me that keytool.exe is used to *generate* keys and secrets.  Like I said, I've already got some that I need to use.  Can I use keytool.exe to create a Trust store file and incorporate my *existing* keys/secrets?
0
Comment
Question by:ducky801
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:mccarl
Comment Utility
To answer your questions, yes "keytool" can create trust store files (note that trust stores and key stores are the same type of file, just with different content and/or used for different purposes). And yes, keytool CAN generate keys, certificates, etc but it can also import existing ones.

HOWEVER, while I don't have experience with Pentaho, etc I would doubt that it's use of a "trust store" is for negotiating an OAuth session. The trust store would be used for the negotiation of SSL connections (which you might also need) but I have never heard of anything storing the OAuth key/secret/token info in a trust store.

To verify all of the above, can you tell me in what format you have received this consumer key/secret/token information? And also, can you point to any public available documentation that you are looking at for Pentaho where it might talk about this requirement for a trust store?   From these, I may be able to help further.
0
 
LVL 5

Author Comment

by:ducky801
Comment Utility
mccarl -

Thanks for your post.  This helps.  One question I was asking myself yesterday which I should have posted here was "Is Oauth the same as SSL and/or do they work hand-in hand?" (The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL')

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...

Here is the documentation on the REST Client in Pentaho Spoon:
http://wiki.pentaho.com/display/EAI/Rest+Client

One other silly question:  Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
Comment Utility
Sorry for the delay in responding, I have been away for the weekend!

"Is Oauth the same as SSL and/or do they work hand-in hand?"
No they are quite different things. SSL is about encrypting traffic between a client and the server and for verifying that the server is who it claims to be. OAuth is about authenticating clients to servers and often via a third party service, ie. these recently slew of websites that allow you to authenticate to them via your Facebook credentials are an example of this. SSL can also authenticate the client to the server but this is done in a totally different way.

The Pentaho tab that calls for the 'trust store' file is on a menu called 'SSL'
That makes sense... The trust store basically contains a collection of 'SSL Certificates' that is the basis of how "trust" of a paricular server is established.

The format of they keys/secrets seem to be Hexadecimal where the Key is 32 chars in length and the Secret is 16.  Not sure if this answers your question...
Yes it does, as suspected these things aren't able to be used by keytool or have anything to do with trust store. As said above, we are talking two different things here.

Can I just concatenate they key/secret into my URL with parameters for the API to take care of the authentication piece?
Unfortunately no, OAuth is a bit more detailed than that and this simple approach won't work. From the documentation, it doesn't seem that Pentaho Sppon has any built ability to manage the OAuth setup for you so you would have to manually make the right calls, etc to do this. Now the other issue is that while OAuth is a standard that is documented, a lot of services claim that they authicate via OAuth but the actual situation is that they have made up their own authentication that is "like" OAuth. This may or may not be the case for the service that you are attempting to communicate with, but I would suggest that you talk to the people that developed the service (or the people that provisioned your key/secret info) about exactly how the authentication needs to happen, and see if you can implement that in Pentaho.
0
 
LVL 5

Author Closing Comment

by:ducky801
Comment Utility
mccarl -

Thanks so much for explaining this to me.  It's all still pretty foreign, but I feel like I have 20x the knowledge about this topic than I did a week ago.  

For anybody else who comes across this post:  I was actually able go get the Pentaho Spoon REST step to work after I met with a developer.  The trick is to pass the Authorization Header in the 'headers' tab of the step.  I used a Firefox extension called RESTClient to determine the contents of the authorization header.
0
 
LVL 35

Expert Comment

by:mccarl
Comment Utility
Not a problem, glad that you got it working and that I could be of help! :)

The trick is to pass the Authorization Header in the 'headers' tab of the step.
This doesn't really sound like OAuth at all then, or at least not the full OAuth "conversation". It sounds like just a standard "Basic" style authorization.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Exchange and Third Party application. 8 59
mergeTwo  challenge 13 71
factorial example challenge 10 61
wordappend challenge 8 83
For customizing the look of your lightweight component and making it look lucid like it was made of glass. Or: how to make your component more Apple-ish ;) This tip assumes your component to be of rectangular shape and completely opaque. (COD…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now