Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added documentation for newly supported auth types and working with keys #15665

Merged
merged 2 commits into from
Aug 27, 2024
Merged

Added documentation for newly supported auth types and working with keys #15665

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7307871
Added documentation for newly supported auth types and working with k…
victor-chaparro Aug 21, 2024
384bcc4
Merge branch 'master' into engagement/rest-documentation
victor-chaparro Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 32 additions & 6 deletions prime-router/docs/onboarding-users/transport/rest.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,15 @@ For authentication, you need to do both step a and step b.
<ol type="a">
<li>Generate the "Credential in JSON format" for authentication</li>

Currently, RESTTransport uses the one of the three options:
Currently, RESTTransport uses the one of the following options:

i) UserPass,
ii) UserApiKey with JKS, or
ii) UserApiKey with JKS
iii) UserApiKey with two-legged credential type to authenticate and obtain Bearer token from STLT.
User can use **primeCLI** command with credential-create option to generate the "Credential in JSON format" as given below.
iv) UserJks
User can use the **primeCLI** command with credential-create option to generate the "Credential in JSON format" as given below.

- With STLT's credential username and password given to us by STLT, user needs to run the following command to generate the UserPass credential type object:
- With STLT's credential username and password given to us by the STLT, user needs to run the following command to generate the UserPass credential type object:

Command:
./prime credential-create --type UserPass --user <username> --pass <password>
Expand Down Expand Up @@ -118,9 +119,9 @@ The receiver's RESTTransport includes the following fields:
}"
type: "REST"

c) See UserApiKey+Tow-legged RESTTransport setting Example below:
c) See UserApiKey+Two-legged RESTTransport setting Example below:

FLEXION--ETOR-SERVICE-RECEIVER uses UserApiKey + Tow-legged authentication type:
FLEXION--ETOR-SERVICE-RECEIVER uses UserApiKey + Two-legged authentication type:
================================================================================
transport: !<REST>
reportUrl: "https://sample.net/v1/etor/orders"
Expand All @@ -139,6 +140,31 @@ The receiver's RESTTransport includes the following fields:
sourceLabName: "CDC PRIME REPORTSTREAM"
type: "REST"

d) See UserApiKey without OAuth RESTTransport setting Example below:

FLEXION--ETOR-SERVICE-RECEIVER uses UserApiKey
================================================================================
transport: !<REST>
reportUrl: "https://sample.net/v1/etor/orders"
authType: "apiKey"
tlsKeystore: null
headers:
Content-Type: "elims/json"
type: "REST"

e) See JKS without OAuth RESTTransport setting Example below:

CA-DPH--FULL-ELR-REST-JKS uses UserJKS
================================================================================
transport: !<REST>
reportUrl: "https://sample.net/v1/etor/orders"
authType: "jks"
tlsKeystore: "jks"
tlsKeystore: "CA-DPH--FULL-ELR-REST-JKS"
headers:
Content-Type: "text/plain"
type: "REST"

## 4. Final Step is to test/check the receiver's REST transport is connected successfully
Now that you have completed/created REST Transport setting please do the following:
- Create PR - which includes the receiver's setting code
Expand Down
66 changes: 66 additions & 0 deletions prime-router/docs/onboarding-users/transport/working-with-keys.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
### Working with Keys

#### Introduction
Each STLT has a unique configuration for server authentication. This documentation provides examples of how we've configured keys to successfully authenticate with different STLTs.

### Public/Private Key Pair
Most STLTs use public/private key pairs for authentication. Here's how to generate and configure these keys:

1. **Generate a PEM file:**
This command creates a PEM file containing both a private and public key:
```bash
openssl genrsa -out my_rsa_private_key.pem 2048
```

2. **Extract the Public Key:**
To extract the public key from the PEM file and share it with the STLT, run the following command:
```bash
ssh-keygen -y -f my_rsa_private_key.pem > my_rsa_public_key.pub
```

3. **Convert PEM to PPK:**
The PEM file needs to be converted into a PPK file and stored in Azure for ReportStream authentication. Use this command to convert the file:
```bash
puttygen my_rsa_private_key.pem -o my_rsa_private_key.ppk
```
4. **Create ReportStream Credential:**
Use the primeCLI create-credential command to store the ppk file in JSON to be able to store it in Azure so that ReportStream can use it.
```bash
./prime create-credential --type UserPpk --ppk-file /Users/vic/Downloads/texas/tx_rsa_private_key.ppk
```

### STLT generates Public/Private key pair
Sometimes a STLT will generate and public private key pair and send them to ReportStream to authenticate. The format in which they are sent can differ from STLT to STLT.
Some STLTs will send a PFX file and that file will need to be converted to JKS so that ReportStream can use it.

1. **Convert PFX to JKS:**
This command creates a PEM file containing both a private and public key:
```bash
keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS
```
2. **Create ReportStream Credential:**
Use the primeCLI create-credential command to store the jks file in JSON to be able to store it in Azure so that ReportStream can use it.
```bash
./prime credential-create --type UserJks --jks-use <IF APPLICABLE> --jks-file-pass <IF APPLICABLE> --jks-file <PATH to JKS File>
```

### Importing STLTs Self-Signed Certificate to ReportStream

As of the time this document was written, the process for importing self-signed certificates into ReportStream involves adding the certificate to ReportStream's Docker container.

1. **Add the Certificate:**
Place the certificate in the following directory:
```
prime-reportstream/prime-router/certs/
```

2. **Update the Dockerfile:**
Add the certificate to the `prime-reportstream/prime-router/Dockerfile.dev` by including the following line:
```bash
COPY ./certs/CDC-G2-S1.crt $JAVA_HOME/conf/security
RUN cd $JAVA_HOME/conf/security \
&& $JAVA_HOME/bin/keytool -cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias <ALIAS> -file <PATH TO CERT>
```



Loading