-1

I am a newbie in JavaScript or GatewayScript. I have a requirement where I need to convert the content of a .pem (which is in DataPower under local:///cert or can be added into a crypto object) to JWK.

Could anyone help me with the starting point on how to develop a javascript to

  1. refer the crypto key object from DataPower (example crypto key object JWKCryptoCertObj)
  2. Decrypt the crypto key object (example JWKCryptoCertObj.pem)
  3. Convert the content of the key to JSON Web Key (jwk.readCertificate())

So far I have got to know that jwk.readCertificate() can help me to convert a key object to a JWK.

I have tried the below piece of code to fetch it:

var jwk = require('jwk'); var myJWK = jwk.readCertificate('cerjwk'); console.log(myJWK);

However, I get the below error in DataPower:

3:13:17 AM mpgw error 1277869681 error 0x00d30003 mpgw (PortTest): Rejected by filter; SOAP fault sent 

3:13:17 AM multistep error 1277869681 request 0x80c00009 mpgw (PortTest): request PortTest_Policy_rule_1 #2 gatewayscript: Transforming the content of INPUT. The transformation local:///jwk.js is applied. The results are stored in testop. failed: Internal Error 

3:13:17 AM gatewayscript error 1277869681 request 0x85800007 mpgw (PortTest): GatewayScript processing Error 'Error: Named certificate 'cerjwk' not found In file 'gatewayscript:///modules/jwk.js' line:428, stack:Error: Named certificate 'cerjwk' not found at Object.readCertificate (gatewayscript:///modules/jwk.js:428:18) at Object. (local:///jwk.js:5:17) at Script.execute (gatewayscript:///datapower.js:155:24) at Object. (gatewayscript:///datapower.js:582:55)' 

3:13:17 AM crypto error 1277869681 request 0x8580005c mpgw (PortTest): Named certificate 'cerjwk' not found

Could anyone help me with the issue here? Thanks in advance!!

Lenka
  • 75
  • 11
  • According to the [docs](https://www.ibm.com/support/knowledgecenter/SS9H2Y_7.5.0/com.ibm.dp.doc/jwk_js.html#jwk.readCertificate) `The obj can be a Buffer or Buffers in PEM encoded raw data`, so you just need to figure out how to read that PEM file. –  May 29 '20 at 11:02
  • @ChrisG thanks for your response. Could you please help me with a sample on how to use `jwk.readCertificate()` in javascript. I will figure out the reading of the PEM. – Lenka May 29 '20 at 11:13
  • At the top of your Node script, use `var jwk = require('jwk');` then simply call that command. This requires the `jwk` module to be installed. –  May 29 '20 at 11:15
  • @pglezen I was going through https://github.com/pglezen/dpx5cjwt which describes how to process JWT in DataPower. Could you please help me with PEM to JWK conversion in DataPower. – Lenka Jun 10 '20 at 10:19

3 Answers3

0

There is no need to convert the certificate. Just add it into a Crypto Key object and use the name (e.g. "crykey-my-key") of the object in the call, e.g.:

const jwk = require('jwk');
const myKeyJWK = jwk.readCertificate('crykey-my-key');
Anders
  • 3,198
  • 1
  • 20
  • 43
  • Great. I will try that and let you know how it goes. – Lenka Jun 16 '20 at 07:45
  • I tried this `const jwk = require('jwk'); const myJWK = jwk.readCertificate('CryptoKey'); console.log(myJWK);` However, it is throwing an error saying _GatewayScript processing Error 'Error: *Named certificate 'CryptoKey' not found* In file 'gatewayscript:///modules/pemjwk.js' line:428, stack:Error: *Named certificate 'CryptoKey' not found* at Object.readCertificate_ – Lenka Jun 17 '20 at 05:51
  • Did you create the Crypto Key object with the same name? – Anders Jun 17 '20 at 14:33
  • Actually, I created a crypto cert and referred the key there. – Lenka Jun 21 '20 at 13:43
0

It finally worked, the thing that was needed to be changed was the cert, instead of the key.

Lenka
  • 75
  • 11
0

Here is the working code:

var ctx = session.name('INPUT')|| session.createContext('INPUT');
var hm = require('header-metadata');
//var headers = hm.current;
var sm = require('service-metadata');
var uriIn=sm.getVar("var://service/URI");
var jwk = require('jwk');
var myJWK = jwk.readCertificate('qa.developer.citigroup.net');
//headers.set('X-new-header', myJWK);
//headers.set('Content-Type','application/json');
console.log(myJWK);
ctx.setVariable('yourjwk',myJWK);
session.output.write(myJWK);
Lenka
  • 75
  • 11