Extensis Logo SUPPORT | FORUMS | KNOWLEDGE BASE

RESTful API Encryption Issue?


#1

Hi Folks,

We are having trouble authenticating through the API. Initially it seemed to be sporadic or random, or both, but now wed always get a 404 InvalidCredentials error. Here’s what server.log says…

2015-05-07 09:17:09,614 DEBUG [extensis.portfolio] (http-executor-threads - 26) AssetSEI.getRSAPublicEncryptionKey invoked.
2015-05-07 09:17:09,630 DEBUG [extensis.portfolio] (http-executor-threads - 28) AssetSEI.login invoked.
2015-05-07 09:17:09,661 DEBUG [extensis.portfolio] (http-executor-threads - 28) InvalidCredentials: extensis.portfolio.util.DamEspException: InvalidCredentials

Here is the code we’re using to authenticate. Are we doing something wrong where we’re doing the encryption perhaps?

public String getSessionId() throws Exception {​
AssetSEI service = new AssetSEIServiceLocator().getAssetSEIPort();
KeySpecification ks = service.getRSAPublicEncryptionKey();
String passwd = “password”;
String epasswd = encryptPasswordForKeySpec(ks, passwd);
​ ​String sessionId = service.login(“java_user”, epasswd);
​ ​return sessionId;
​}

public static String encryptPasswordForKeySpec(KeySpecification ksd,String password) throws Exception {
	RSAPublicKeySpec keySpec = new RSAPublicKeySpec(new BigInteger(
    ksd.getModulusBase16(), 16), new BigInteger(ksd.getExponent()));
	KeyFactory keyFactory = KeyFactory.getInstance("RSA");
	PublicKey pk = keyFactory.generatePublic(keySpec);
	return Base64.encodeBytes(encrypt(pk, password.getBytes()));
}

private static byte[] encrypt(PublicKey pk, byte[] src) {
	try {
		Cipher cipher = Cipher.getInstance("RSA");
		cipher.init(Cipher.ENCRYPT_MODE, pk);
		return cipher.doFinal(src);
	} catch (Exception e) {
		throw new RuntimeException("error encrypting cipher data: ", e);
	}
}

Thanks in advance!!
Charles


#2

Perhaps a better question, now that we’ve investigated further is, what base64 Java encryption method does Portfolio want to see? The one we used was from an online example, which, as it turns out, was custom - not one of the OOTB (so to speak) Java ones.

Thanks,
Charles


#3

Hi Charles,

I’m sorry to hear you’re having trouble using the API.

To answer your more recent question, we use RSA encryption.

We looked at your code, and it looks fine - in fact, it looks like our example code that we post and maintain here:
doc.extensis.com/api/portfolio-s … ogout.html

I am intrigued that you say the problem was sporadic, which would indicate the problem is not due to encryption. Is that still the case, or did that change with some corresponding change to your code?

And just to triple check, are you 100% certain that you have a Portfolio user on that server with credentials “java_user” and “password”?

Finally, you might want to copy and paste here the relevant part of the server log when running your code, including where it is retrieving the public key.

If we can’t any traction from those methods, we can talk about doing a WebEx with you and collaborating on troubleshooting the issue.

Thanks in advance,
-Loren


#4

Hi Loren,

We got it working. The change we made is in the Cipher.getInstance(“RSA/ECB/PKCS1Padding”).

The original value passed in was just “RSA”. When our Java developer changed it to “RSA/ECB/PKCS1Padding” that’s what got it working.

public static String encryptPasswordForKeySpec(KeySpecification ksd,
        String password) throws Exception {
    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(new BigInteger(
            ksd.getModulusBase16(), 16), new BigInteger(ksd.getExponent()));
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    PublicKey pk = keyFactory.generatePublic(keySpec);
    return Base64.encodeBytes(encrypt(pk, password.getBytes()));
}

//the actual encryption called from the above method
private static byte[] encrypt(PublicKey pk, byte[] src) {
try {
Cipher cipher = Cipher.getInstance(“RSA/ECB/PKCS1Padding”);//This is what we changed
cipher.init(Cipher.ENCRYPT_MODE, pk);
return cipher.doFinal(src);
} catch (Exception e) {
throw new RuntimeException("error encrypting cipher data: ", e);
}
}


#5

Hi Charles,

Thanks for the update, I’m really glad to hear you got it sorted out!

We’ll check our example code to see if we need to update the Cipher type.

Cheers,
-Loren