Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support more keystore types - PEM #4440

Closed
DobrinTs opened this issue Jan 26, 2024 · 2 comments
Closed

Support more keystore types - PEM #4440

DobrinTs opened this issue Jan 26, 2024 · 2 comments
Assignees
@marikaner
Labels
feature request Requests for new functionality

Comments

@DobrinTs
Copy link

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
I am part of the SAP BTP's Unified customer landscape integrations team. In short our service allows customer's to automate their connectivity between a BTP account and their SuccessFactors/S4Hana tenant. For some authentications however we still do not have automatisation but we have provided customers with a documentation of how they can setup the connectivity manually, e.g. https://help.sap.com/docs/btp/sap-business-technology-platform/using-mutual-transport-layer-security-mtls?version=Cloud#loioe90cafcd92a54d1cba7d7fa049f674fa. In this page we describe mTLS authentication to SuccessFactors and we have documented it with PEM type keystore from Destination service.

A client of ours followed that but then tried to consume the destination through a JavaScript application developed with Cloud SDK and got the error "The format of the provided certificate 'SF_Integration.pem' is not supported. Supported formats are: p12, pfx."

I was able to find this in your implementation at

cloud-sdk-js/packages/connectivity/src/http-agent/http-agent.ts

Line 205 in 4cd9019

const supportedCertificateFormats = ['p12', 'pfx'];
. Is it possible to allow further keystore types like PEM and JKS or if not the atleast provide a better error message for PEM type similar to how you have done this for JKS keystores -

cloud-sdk-js/packages/connectivity/src/http-agent/http-agent.ts

Line 235 in 4cd9019

? "You can convert Java Keystores (.jks, .keystore) into PKCS#12 keystores using the JVM's keytool CLI: keytool -importkeystore -srckeystore your-keystore.jks -destkeystore your-keystore.p12 -deststoretype pkcs12"

Describe the solution you'd like
Support for PEM type keystore

Describe alternatives you've considered
Clear error message with conversion instructions like with JKS

Impact / Priority

We will take steps to update our documentation with instructions for P12, as well as the existing ones for PEM, but it would be great for customers if they could use PEM directly, because even if they use P12 they will still need to extract the certificate from it in PEM format to then be able to allowlist it in their SuccessFactors tenant.

Additional context
Add any other context or screenshots about the feature request here.
@DobrinTs DobrinTs added the feature request Requests for new functionality label Jan 26, 2024
@mr-flannery mr-flannery self-assigned this Jan 26, 2024
@mr-flannery
Copy link
Contributor

Hi @DobrinTs , we've discussed this and put it into our backlog. We're planning to work on it soon.

@mr-flannery mr-flannery removed their assignment Jan 29, 2024
@marikaner
Copy link
Contributor

Hey @DobrinTs, this feature has been implemented here and will be released with the next version of SAP Cloud SDK for JS. Feel free to try out the latest canary version until then.

@marikaner marikaner self-assigned this Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marikaner marikaner

Labels
feature request Requests for new functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marikaner @mr-flannery @DobrinTs @jjtang1985