| Author |
Message
|
| jinie |
 Posted: Wed Jul 10, 2013 11:38 am Post subject: Execution group keystore, how to access ? |
 |
|
Novice
Joined: 10 Jul 2013
Posts: 13
|
I've created and configured a keystore according to
http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r1m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Fab60250_.htm
Now I'm trying to access the keystore from a static java function called from ESQL, and i initially thought something like this would work:
| Code: |
public static KeyStore loadKeystore(){
KeyStore store = null;
try{
store = KeyStore.getInstance("JKS");
store.load(null,null);
}catch(Exception e){
throw new RuntimeException(e);
}
return store;
}
|
but the keystore is null after loading it.
How do i access an execution group keystore ? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Jul 10, 2013 11:57 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Well, you can access the
static java.lang.String EG_COMIBMJVMMANAGER_KEYSTOREFILE_PROPERTY
If this constant is supplied to ExecutionGroupProxy.getRuntimeProperty(), the value returned is the keystoreFile property of the execution group's JVM.
static java.lang.String EG_COMIBMJVMMANAGER_KEYSTOREPASS_PROPERTY
If this constant is supplied to ExecutionGroupProxy.getRuntimeProperty(), the value returned is the keystorePass property of the execution group's JVM.
properties of an ExecutionGroupProxy object.
I'm not otherwise sure you can directly access the loaded keystore object.
Mind you, those are v9 constants that may not (and do not appear to be) defined for 6.1.
Presumably you're not actually using 6.1, presumably you're really using v7 or v8.
Why are you trying to use the EG's internal keystore for application level processing, anyway? |
|
| Back to top |
|
|
| jinie |
| Posted: Wed Jul 10, 2013 12:39 pm Post subject: |
|
|
Novice
Joined: 10 Jul 2013
Posts: 13
|
| mqjeff wrote: |
Mind you, those are v9 constants that may not (and do not appear to be) defined for 6.1.
Presumably you're not actually using 6.1, presumably you're really using v7 or v8.
Why are you trying to use the EG's internal keystore for application level processing, anyway? |
I'm using version v7, but somehow the documentation link slipped while i was trying to convice the forums to let me post it 
As for using the EG's internal keystore.
Originally this solution was supposed to use SOAP Request nodes for one-way requests, but due to misuse of WS-Addressing on the receiver part, that is not an option, so i'm coding WS-Addressing and WS-Security (signature only) by hand.
We already have the infrastructure in place to deploy EG keystores across different environments, so i though i'd reuse it.
Your answer however makes me think i should just set a couple of properties and read the keystore name/password from those. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jul 10, 2013 12:45 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Using the EG level keystore and password is more secure, and accessing those properties through the CMP/MBAPI/IBAPI and getting the local instance of the BrokerProxy or EGProxy and then accessing the adminstered properties is a better idea for this case.
Fixing the endpoint to properly use WS_Addressing is a better idea, but it's not an ideal world. |
|
| Back to top |
|
|
| jinie |
| Posted: Wed Jul 17, 2013 12:11 am Post subject: |
|
|
Novice
Joined: 10 Jul 2013
Posts: 13
|
| mqjeff wrote: |
Using the EG level keystore and password is more secure, and accessing those properties through the CMP/MBAPI/IBAPI and getting the local instance of the BrokerProxy or EGProxy and then accessing the adminstered properties is a better idea for this case.
Fixing the endpoint to properly use WS_Addressing is a better idea, but it's not an ideal world. |
I've been trying to get the above working, but I'm not having much luck with it.
I don't suppose you could point me in the right direction on how to get the "current" execution group proxy ?
Or is it only through explicit configuration, as in hardcoding the parameters ?
EDIT: And 90 seconds after submitting this post i find ExecutionGroupProxy.getLocalInstance(). ignore the above question |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jul 17, 2013 12:22 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Code: |
ExecutionGroupProxy myEG = ExecutionGroupProxy.getLocalInstance();
String mykeyStoreFile = myEg.getRuntimeProperty(EG_COMIBMJVMMANAGER_KEYSTOREFILE_PROPERTY); |
|
|
| Back to top |
|
|
| jinie |
| Posted: Thu Jul 18, 2013 3:19 am Post subject: |
|
|
Novice
Joined: 10 Jul 2013
Posts: 13
|
| mqjeff wrote: |
| Code: |
ExecutionGroupProxy myEG = ExecutionGroupProxy.getLocalInstance();
String mykeyStoreFile = myEg.getRuntimeProperty(EG_COMIBMJVMMANAGER_KEYSTOREFILE_PROPERTY); |
|
Thank you for your fast reply.
Next problem, when i fetch the keystorePass property, it is returned as "*******", which of course doesn't sit well with KeyStore.load().
How do i extract the execution group keystore password in clear text, or binary data, for feeding into keystore.load() ? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jul 18, 2013 5:15 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
...
if getting the keystorePass property returns you an invalid password, then... uhhhhh...
It should have worked. Maybe. |
|
| Back to top |
|
|
|
|
