• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

How To Send private.key While Creating Credentials

New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Hello,

 

To create `ExecutionContext`, we need to pass the credentials. While creating credentials, I need to read all the values from AWS secrets and paramstore. Now I am confused how I have to read the and pass the private.key value and pass it while creating credentials. Because when I tried keeping the private ley value in secrets and read it, its not able to parse it. And we are not allowed to store the private.key file in our code base as per the security reason. 

 

Can you please help me understand how you guys will read and send the value for this private.key ?

 

Credentials adobeClientCredentials =
        Credentials.serviceAccountCredentialsBuilder()
            .withClientId(adobeClientId)
            .withClientSecret(adobeClientSecret)
            .withPrivateKey(adobePrivateKeyfileContents)
            .withOrganizationId(adobeOrgId)
            .withAccountId(adobeAccountId)
            .build();

I am having issue creating Credentials due to that. Need help to resolve this issue asap as we have the license on this but we are not able to use it.

 

Thanks,

Deba

 

TOPICS
How to

Views

1.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Is there a particular reason that you are building the credentials that way instead of like this...?

 

Credentials credentials = Credentials.serviceAccountCredentialsBuilder().fromFile("pdftools-api-credentials.json").build();

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

First of all we are not sure what is the best way to create credentials and we are following the documentation and API details. ALso I have couple of questions on that as well.

1- How does this going to make a difference if I change the Credential creation to what you are asking ? Because for me in both the case, we need to have private.key some where and we need to pass that in the json file. 

2- All the values inside the json needs to be hard coded and we dont want to do that. In our case due to security reason all the secrets need to be stored in AWS config. So if we are going in this route, how are we going to get those values to the JSON file. Because if I am not wrong, I have to store the json file in resorueces folder.

 

Do you guys have any client or POC or sample code to address our use case? Like all those values for key inside the json file can be read from config and also the private.key value should be from AWS not a file in the code base ?

 

Thanks,

Deba

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Ok - So in that case, you would build the credentials as you show but instead of reading the entire private key file contents, just use the text between the beginning and end lines as the private key. It appears from your variable name, that you are reading the entire file.

 

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

I have tested it storing the key with the BEGIN and END in aws secrets and passed the value while creating the Credentials but it did not like it.

{"message":"Unable to parse provided private key: {}","timestamp":1619469870573,"log.level":"ERROR","logger.name":"com.adobe.platform.operation.internal.util.PrivateKeyParser","thread.name":"http-nio-8080-exec-1","error.class":"org.bouncycastle.openssl.PEMException","error.message":"unable to convert key pair: null","error.stack":"  at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)\n  at com.adobe.platform.operation.internal.util.PrivateKeyParser.parsePrivateKey(PrivateKeyParser.java:56)\n  at com.adobe.platform.operation.internal.auth.JwtAuthenticator.<init>(JwtAuthenticator.java:71)\n  at com.adobe.platform.operation.internal.auth.AuthenticatorFactory.getAuthenticator(AuthenticatorFactory.java:21)\n  at com.adobe.platform.operation.internal.InternalExecutionContext.<init>(InternalExecutionContext.java:41)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:57)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:45)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.generatePreviewAndThumbnail(EduDocumentUploadProcessor.java:155)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.processPreviewAndThumbnail(EduDocumentUploadProcessor.java:89)\n  at com.chegg.edu.content.mgmt.service.service.EduBaseService.generateFilePath(EduBaseService.java:339)\n"}

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

I mean without BEGIN and END, only the value . Sorry typo in my previous response.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Have you tried removing the white space characters from the private key?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2021 Apr 29, 2021

Copy link to clipboard

Copied

@Joel_Geraci I have tried removing the white space from the privatekey after reading from secrets and I still see the same error. You can see from the screenshot, now after stripping the white space, its in oneline.

Can you please me if you have already sample project where you guys are doing something similar can follow as a reference ?

 

Its really a blocker now and we definitely need some to help us debugging and addressing this issue.

 

Thanks,

Deba

Screen Shot 2021-04-29 at 1.36.23 PM.png

 

  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2021 Apr 29, 2021

Copy link to clipboard

Copied

@Joel_Geraci Also I was debugging your SDK code and I see couple of issues there.
1- Its throwing a NPE and when its going to the catch block, we have the error log and also we are throwing the exception. Error log is null because we are really not printing the error message rather we are sending the exception which is not giving a clear message to the client.
I am talking about 

LOGGER.error("Unable to parse provided private key: {}", ex);

Which should have :

LOGGER.error("Unable to parse provided private key: {}", ex.getMessage());


2- In this method 

PrivateKey parsePrivateKey(String privateKey)

we have a if block where we are checking if, the BEGIN and END is there then we are converting into 

new PKCS8EncodedKeySpec(Base64.decode(privateKey));

Otherwise we are converting into

SAPrivateCrtKeySpec


So I am not clear now whether I should really send the BEGING and END so that it will go inside the if or what I ma sending is correct. If its correct then why below line is returning NULL which is causing the NullPointerException?

Object object = pemParser.readObject();

 

Please help me debug this issue because I need this to go out of my way to unblock the whole project.

 

Thanks,

Deba

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 30, 2021 Apr 30, 2021

Copy link to clipboard

Copied

I reached out to Engineering and they pointed me to this sample...

https://github.com/adobe/pdftools-node-sdk-samples/blob/master/src/createpdf/create-pdf-with-inmemor...

Let me know if that works.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 20, 2022 Mar 20, 2022

Copy link to clipboard

Copied

So the sample offered does not answer the question.  I have tried multiple different formats for the private.key as a string to be used with the .withPrivateKey() call to no avail.

 

Any further guidance here?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 15, 2022 Apr 15, 2022

Copy link to clipboard

Copied

I've done this in Node often, and on Amazon. I talk about it here, https://medium.com/adobetech/tips-and-tricks-for-working-with-adobe-pdf-embed-and-services-ce685594b.... I can say I did NOT remove any values from the key,but I did massage the data a bit. Look for the paragraph that begins: "Secondly, note that the private key value is a multiline string. It looks something like this:"

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 26, 2022 Jul 26, 2022

Copy link to clipboard

Copied

A little late to the party but I was able to solve this doing some goofy 'massaging' of the data:

                // There are better ways to do this
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace("-----BEGIN RSA PRIVATE KEY----- ", "START");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace(" -----END RSA PRIVATE KEY-----", "FINISH");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace(" ", "\n");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace("START", "-----BEGIN RSA PRIVATE KEY-----\n");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace( "FINISH", "\n-----END RSA PRIVATE KEY-----");


NOTE: that if you copied the key into AWS you likely copied in a spaces, which look like they should be `\n` characters.  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 26, 2022 Jul 26, 2022

Copy link to clipboard

Copied

LATEST

Cole25404474st03_0-1658873542703.png

The formatting here is a bit awkward so in image form

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Please post the exact name of the Adobe program you use so a Moderator may move this message to that forum

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

This one belongs in Document Services APIs 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 14, 2022 Apr 14, 2022

Copy link to clipboard

Copied

Hi,

 

Did you make it work? I also have the same issue

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources