Solved: Providing Public Key using RestAPI

krubin · ‎Oct 15, 2020

Hello,

1. I have attempted to do a "Put" of the Public Key using the Rest API.
The url is https://siteID-uat.flexnetoperations.com/flexnet/operations/api/updates/update-authorization-key (siteID) is assigned with our site
The response that I get back is "Full authentication is required to access this resource".

Was there something that I was supposed to do first in Flexnet Operations to establish credentials for the Public Key? I have not found this step in the guides.
I don't think the Public Key should be encoded first, before sent by the "Put" as shown above?

2. My public and private keys were generated using OpenSSL: (Do these steps below seem correct?)
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub

Thank you,
Ken

jberthold · ‎Oct 15, 2020

Hi @krubin ,

Q1: I've only used openssl a few times and am no expert. I'd recommend using https://cryptotools.net/rsagen to generate your public/private key pair. Simply select a 2048 Key Length and click the Generate Key Pair button and you are done.

Q2: See if you still get the red text in Postman when trying the above. You most likely will need to delete some newline chars when copy and pasting the public key from the browser UI into Postman.

Q3: Re-run the Python script with the new Private key.

Thanks,

View solution in original post

krubin · ‎Oct 15, 2020

Thank you Jim and Eric! I have a JWT also now.

View solution in original post

jberthold · ‎Oct 15, 2020

Hi @krubin ,

You are close! You just need to add Basic Authorization with your FlexNet Operations Producer Portal credentials to your request. Postman example shown below:

The Public Key you upload should be in PEM format without the Begin/End tags as shown in the example below:

Thanks,

krubin · ‎Oct 15, 2020

Hi Jim,

Thank you for the helpful reply with Authorization.

I'm almost there. I created by Private and Public keys using OpenSSL:

Question 1 -Does this look like a reasonable way to create the public and private keys?

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub

I believe that the public key is in PEM format using the above commands.

Question 2. When I copy and paste the public key into the Postman body using Raw JSON to make the Rest API request to "Put" the public key. It looks like your example, but the body of mine is highlighted in red in Postman. How can I fix this?

Revenera also sees this as a bad request. How can I fix this? You don't seem to have that issue in your illustration above.

Question 3. Assuming my public and private keys are appropriate as they are, can I run the Python program suggested to create the JWT with the private

key just as it is. I have already run this program successfully.

Thank you,

Ken

jberthold · ‎Oct 15, 2020

Hi @krubin ,

Q1: I've only used openssl a few times and am no expert. I'd recommend using https://cryptotools.net/rsagen to generate your public/private key pair. Simply select a 2048 Key Length and click the Generate Key Pair button and you are done.

Q2: See if you still get the red text in Postman when trying the above. You most likely will need to delete some newline chars when copy and pasting the public key from the browser UI into Postman.

Q3: Re-run the Python script with the new Private key.

Thanks,

ejohnson1 · ‎Oct 15, 2020

Below (and I thought I learned from you @jberthold ) is what I use with openssl. I have it in a .bat script file

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

start cmd

openssl genrsa -out CMAPIPrivate.pem 2048

cmd /k openssl rsa -inform PEM -outform DER -in CMAPIPrivate.pem -pubout -out CMAPIPublic.der

krubin · ‎Oct 15, 2020

Hi Jim,

Thank you for getting me over the hurdle for submitting the Public key as a Put Restful call! I get a 200 - ok response back.

One issue remains. I had used the https://cryptotools.net/rsagen to generate the public and private keys.

When running the Python program, it throws an exception now that

raise TypeError('Expecting a PEM-formatted key.') and could not deserialize data I guess due to the format.

I created the Private Key file by copying the private key out of the editor and removing the newlines at the end of each of the 25 lines.

Please advise.

Thank you,
Ken

krubin · ‎Oct 15, 2020

Hi Jim and EJohnson, (Sorry E.- don't know your first name yet)

I'll try to create the keys again the way that E. recommended.

Will use the Public Key as created (assuming different ) to create a public key. Can I have more than 1 registered using Rest API "Put" command? Do I need to remove one?

Will then rerun Python programs if keys are different.

Thank you,

Ken

ejohnson1 · ‎Oct 15, 2020

Hi @krubin ,

1. Take a look at the openssl command above for key generation, specifically a public key, DER format.

2. /authorize to CLS to get a Bearer Token

3. /import_access_key (with the DER key as the body, binary format) and authorize using the Bearer Token from step 1

Cheers,

Eric

ejohnson1 · ‎Oct 15, 2020

What I'm not sure. Jim might be providing Update and Insight (UAI) steps and I'm providing Cloud Monetisation API (CMAPI) steps.

Which product are you attempting to utlilize @krubin ? 🙂

krubin · ‎Oct 15, 2020

FlexNet Operations Cloud Updates and Insights Silver Subscription

ejohnson1 · ‎Oct 15, 2020

I should know by now not to question Jim.

Below is the openssl key pair generation for UAI (slightly different than CMAPI). Sorry about that:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

start cmd

openssl genrsa -out UAIPrivate.pem 2048

cmd /k openssl rsa -inform PEM -outform PEM -in UAIPrivate.pem -pubout -out UAIPublic.pem

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any white space / extra or cut off characters with the key management can cause frustration.

**Update: For UAI, the key import is tenant based (flexXXXXX), so only one key pair.

krubin · ‎Oct 15, 2020

Hi Jim and Eric,

When I used Eric's OpenSSL commands I had gotten different keys as expected. Which is fine.

However when I ran the Python program to create the JWT, I still received back - raise TypeError('Expecting a PEM-formatted key.')

Question 1. I made the 25 lines of the private key 1 line by removing the carriage returns. Do you edit the private key file differently from me?

Question2: I used the RestAPI to do a "Put" for the new Public Key. Hopefully it overwrites the old Public Key.

Regards and thanks,

Ken

jberthold · ‎Oct 15, 2020

Hi @krubin ,

I would leave the private key .PEM file as is - there is no need to edit. Please try creating the jwt with the unmodified PEM file created via openssl. The upload of the Public key is always an overwrite/replace.

Thanks,

krubin · ‎Oct 15, 2020

Thank you Jim and Eric! I have a JWT also now.