How To Send private.key While Creating Credentials

New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Hello,

 

To create `ExecutionContext`, we need to pass the credentials. While creating credentials, I need to read all the values from AWS secrets and paramstore. Now I am confused how I have to read the and pass the private.key value and pass it while creating credentials. Because when I tried keeping the private ley value in secrets and read it, its not able to parse it. And we are not allowed to store the private.key file in our code base as per the security reason. 

 

Can you please help me understand how you guys will read and send the value for this private.key ?

 

Credentials adobeClientCredentials =
        Credentials.serviceAccountCredentialsBuilder()
            .withClientId(adobeClientId)
            .withClientSecret(adobeClientSecret)
            .withPrivateKey(adobePrivateKeyfileContents)
            .withOrganizationId(adobeOrgId)
            .withAccountId(adobeAccountId)
            .build();

I am having issue creating Credentials due to that. Need help to resolve this issue asap as we have the license on this but we are not able to use it.

 

Thanks,

Deba

 

TOPICS
How to

Views

129

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Is there a particular reason that you are building the credentials that way instead of like this...?

 

Credentials credentials = Credentials.serviceAccountCredentialsBuilder().fromFile("pdftools-api-credentials.json").build();

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

First of all we are not sure what is the best way to create credentials and we are following the documentation and API details. ALso I have couple of questions on that as well.

1- How does this going to make a difference if I change the Credential creation to what you are asking ? Because for me in both the case, we need to have private.key some where and we need to pass that in the json file. 

2- All the values inside the json needs to be hard coded and we dont want to do that. In our case due to security reason all the secrets need to be stored in AWS config. So if we are going in this route, how are we going to get those values to the JSON file. Because if I am not wrong, I have to store the json file in resorueces folder.

 

Do you guys have any client or POC or sample code to address our use case? Like all those values for key inside the json file can be read from config and also the private.key value should be from AWS not a file in the code base ?

 

Thanks,

Deba

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Ok - So in that case, you would build the credentials as you show but instead of reading the entire private key file contents, just use the text between the beginning and end lines as the private key. It appears from your variable name, that you are reading the entire file.

 

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

I have tested it storing the key with the BEGIN and END in aws secrets and passed the value while creating the Credentials but it did not like it.

{"message":"Unable to parse provided private key: {}","timestamp":1619469870573,"log.level":"ERROR","logger.name":"com.adobe.platform.operation.internal.util.PrivateKeyParser","thread.name":"http-nio-8080-exec-1","error.class":"org.bouncycastle.openssl.PEMException","error.message":"unable to convert key pair: null","error.stack":"  at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)\n  at com.adobe.platform.operation.internal.util.PrivateKeyParser.parsePrivateKey(PrivateKeyParser.java:56)\n  at com.adobe.platform.operation.internal.auth.JwtAuthenticator.<init>(JwtAuthenticator.java:71)\n  at com.adobe.platform.operation.internal.auth.AuthenticatorFactory.getAuthenticator(AuthenticatorFactory.java:21)\n  at com.adobe.platform.operation.internal.InternalExecutionContext.<init>(InternalExecutionContext.java:41)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:57)\n  at com.adobe.platform.operation.ExecutionContext.create(ExecutionContext.java:45)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.generatePreviewAndThumbnail(EduDocumentUploadProcessor.java:155)\n  at com.chegg.edu.content.mgmt.service.service.EduDocumentUploadProcessor.processPreviewAndThumbnail(EduDocumentUploadProcessor.java:89)\n  at com.chegg.edu.content.mgmt.service.service.EduBaseService.generateFilePath(EduBaseService.java:339)\n"}

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

I mean without BEGIN and END, only the value . Sorry typo in my previous response.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Have you tried removing the white space characters from the private key?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2021 Apr 29, 2021

Copy link to clipboard

Copied

@Joel_Geraci I have tried removing the white space from the privatekey after reading from secrets and I still see the same error. You can see from the screenshot, now after stripping the white space, its in oneline.

Can you please me if you have already sample project where you guys are doing something similar can follow as a reference ?

 

Its really a blocker now and we definitely need some to help us debugging and addressing this issue.

 

Thanks,

Deba

Screen Shot 2021-04-29 at 1.36.23 PM.png

  

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 29, 2021 Apr 29, 2021

Copy link to clipboard

Copied

@Joel_Geraci Also I was debugging your SDK code and I see couple of issues there.
1- Its throwing a NPE and when its going to the catch block, we have the error log and also we are throwing the exception. Error log is null because we are really not printing the error message rather we are sending the exception which is not giving a clear message to the client.
I am talking about 

LOGGER.error("Unable to parse provided private key: {}", ex);

Which should have :

LOGGER.error("Unable to parse provided private key: {}", ex.getMessage());


2- In this method 

PrivateKey parsePrivateKey(String privateKey)

we have a if block where we are checking if, the BEGIN and END is there then we are converting into 

new PKCS8EncodedKeySpec(Base64.decode(privateKey));

Otherwise we are converting into

SAPrivateCrtKeySpec


So I am not clear now whether I should really send the BEGING and END so that it will go inside the if or what I ma sending is correct. If its correct then why below line is returning NULL which is causing the NullPointerException?

Object object = pemParser.readObject();

 

Please help me debug this issue because I need this to go out of my way to unblock the whole project.

 

Thanks,

Deba

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 30, 2021 Apr 30, 2021

Copy link to clipboard

Copied

LATEST

I reached out to Engineering and they pointed me to this sample...

https://github.com/adobe/pdftools-node-sdk-samples/blob/master/src/createpdf/create-pdf-with-inmemor...

Let me know if that works.

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

Please post the exact name of the Adobe program you use so a Moderator may move this message to that forum

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 26, 2021 Apr 26, 2021

Copy link to clipboard

Copied

This one belongs in Document Services APIs 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines