Introduction
The following article guides you through setting up your MWS and IS instances to encrypt data/decrypt data
MWS
Installing the IS certificate into the MWS truststore
- On your MWS server download a copy of InstallCert.java
- Open the file and change the line 72 to reflect your install path of MWS
- Compile the code javac InstallCert.java
- Run the code as follows:
- java -cp . InstallCert <ISHostName:httpsPortNum> <glueTrustStore.jksPassword>
- This will try to download the certificate from the IS server and install it in the MWS truststore
Setup environment variables in your CAF application
Configure your CAF application to have the following environment entries:
String store = "<MWS_HOME>/server/<server_Instance>/config/glue/glueTrustStore.jks";
String sPass = passphrase_for_file_above;
String alias = alias_of_IS_key;Write a method that takes in your data to be encrypted with the Certificate, plus the above parameters:
private static byte[] encryptData(String store, String sPass, String alias, String data) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(store);
ks.load(fis, sPass.toCharArray());
fis.close();
java.security.cert.Certificate cert = ks.getCertificate(alias);
PublicKey key = cert.getPublicKey();
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher.doFinal(data.getBytes());
}
Bind the byte[] to the input provided by the ESB WSD.
ESB
Create a service that takes in a byte[] input from above and retrieves the privateKey of the IS as well as decryption of the payload (using the following flow service to get the privateKey):pub.security.keystore:getKeyAndChain
Here is the Java code for the decryption service:
public static final void decryptData(IData pipeline) throws ServiceException {
// pipeline
IDataCursor pipelineCursor = pipeline.getCursor();
PrivateKey privateKey = (PrivateKey) IDataUtil.get(pipelineCursor, "privateKey");
byte[] encryptedData = (byte[]) IDataUtil.get(pipelineCursor, "encryptedData");
pipelineCursor.destroy();
Cipher cipher = null;
String decryptedData = null;
try {
cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
decryptedData = new String(cipher.doFinal(encryptedData));
} catch (Exception e) {
throw new ServiceException(e);
}
// pipeline
IDataCursor pipelineCursor_1 = pipeline.getCursor();
IDataUtil.put(pipelineCursor_1, "decryptedData",decryptedData);
pipelineCursor_1.destroy();
}
For details on setting up the certificates on the IS, please refer to the Administration Guide.