How To Send private.key While Creating Credentials

First of all we are not sure what is the best way to create credentials and we are following the documentation and API details. ALso I have couple of questions on that as well.

1- How does this going to make a difference if I change the Credential creation to what you are asking ? Because for me in both the case, we need to have private.key some where and we need to pass that in the json file. 

2- All the values inside the json needs to be hard coded and we dont want to do that. In our case due to security reason all the secrets need to be stored in AWS config. So if we are going in this route, how are we going to get those values to the JSON file. Because if I am not wrong, I have to store the json file in resorueces folder.

Do you guys have any client or POC or sample code to address our use case? Like all those values for key inside the json file can be read from config and also the private.key value should be from AWS not a file in the code base ?

Thanks,

Deba

Ok - So in that case, you would build the credentials as you show but instead of reading the entire private key file contents, just use the text between the beginning and end lines as the private key. It appears from your variable name, that you are reading the entire file.

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

I have tested it storing the key with the BEGIN and END in aws secrets and passed the value while creating the Credentials but it did not like it.

{"message":"Unable to parse provided private key: {}","timestamp":1619469870573,"log.level":"ERROR","logger.name":"com.adobe.platform.operation.internal.util.PrivateKeyParser","thread.name":"http-nio-8080-exec-1","error.class":"org.bouncycastle.openssl.PEMException","error.message":"unable to convert key pair: null","error.stack":"  at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)\n  at com.adobe.platform.operation.internal.util.PrivateKeyParser.parsePrivateKey(PrivateKeyParser.java:56)\n  at com.adobe.platform.operation.internal.auth.JwtAuthenticator.<init>(JwtAuthenticator.java:71)\n  at com.adobe.platform.operation.internal.auth.AuthenticatorFactory.getAuthenticator(AuthenticatorFactory.java:21)\n  at com.adobe.platform.operation.internal.InternalExecutionContext.<init>(InternalExecutionContext.java:41)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:57)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:45)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.generatePreviewAndThumbnail(EduDocumentUploadProcessor.java:155)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.processPreviewAndThumbnail(EduDocumentUploadProcessor.java:89)\n  at com.chegg.edu.content.mgmt.service.service.EduBaseService.generateFilePath(EduBaseService.java:339)\n"}

I mean without BEGIN and END, only the value . Sorry typo in my previous response.

Have you tried removing the white space characters from the private key?

@Joel Geraci I have tried removing the white space from the privatekey after reading from secrets and I still see the same error. You can see from the screenshot, now after stripping the white space, its in oneline.

Can you please me if you have already sample project where you guys are doing something similar can follow as a reference ?

Its really a blocker now and we definitely need some to help us debugging and addressing this issue.

Thanks,

Deba

@Joel Geraci Also I was debugging your SDK code and I see couple of issues there.
1- Its throwing a NPE and when its going to the catch block, we have the error log and also we are throwing the exception. Error log is null because we are really not printing the error message rather we are sending the exception which is not giving a clear message to the client.
I am talking about 

LOGGER.error("Unable to parse provided private key: {}", ex);

Which should have :

LOGGER.error("Unable to parse provided private key: {}", ex.getMessage());

2- In this method 

PrivateKey parsePrivateKey(String privateKey)

we have a if block where we are checking if, the BEGIN and END is there then we are converting into 

new PKCS8EncodedKeySpec(Base64.decode(privateKey));

Otherwise we are converting into

SAPrivateCrtKeySpec

So I am not clear now whether I should really send the BEGING and END so that it will go inside the if or what I ma sending is correct. If its correct then why below line is returning NULL which is causing the NullPointerException?

Object object = pemParser.readObject();

Please help me debug this issue because I need this to go out of my way to unblock the whole project.

Thanks,

Deba

I reached out to Engineering and they pointed me to this sample...

https://github.com/adobe/pdftools-node-sdk-samples/blob/master/src/createpdf/create-pdf-with-inmemor...

Let me know if that works.

So the sample offered does not answer the question.  I have tried multiple different formats for the private.key as a string to be used with the .withPrivateKey() call to no avail.

Any further guidance here?

I've done this in Node often, and on Amazon. I talk about it here, https://medium.com/adobetech/tips-and-tricks-for-working-with-adobe-pdf-embed-and-services-ce685594b.... I can say I did NOT remove any values from the key,but I did massage the data a bit. Look for the paragraph that begins: "Secondly, note that the private key value is a multiline string. It looks something like this:"

A little late to the party but I was able to solve this doing some goofy 'massaging' of the data:

                // There are better ways to do this
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace("-----BEGIN RSA PRIVATE KEY----- ", "START");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace(" -----END RSA PRIVATE KEY-----", "FINISH");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace(" ", "\n");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace("START", "-----BEGIN RSA PRIVATE KEY-----\n");
                adobeSecret.PrivateKey = adobeSecret.PrivateKey.Replace( "FINISH", "\n-----END RSA PRIVATE KEY-----");