1 Creating Credential Mapping

This topic provides the systematic instructions to create credential mapping.

Credential Store Mapping

The OBAPI system utilizes external integrations to facilitate seamless communication with various services. To establish these connections, credentials are required to authenticate and authorize access. These credentials are not hardcoded but rather initialized post-installation. They are subsequently encrypted and stored within the database, ensuring confidentiality and integrity. This subsequent section outlines the procedures and guidelines for configuring and managing these credentials within the OBAPI environment.

To utilize the credential mapping functionality, retrieve the com.ofss.digx.CredentialsStore.jar file from the designated location:

OBAPI_Installer/installables/OBAPI/BASE/25.1.0.0.0/utils/tools

Running the Credential Mapping Application

Execute the application using the following command:

java -jar com.ofss.digx.CredentialsStore.jar <csv_file> <DataBaseCredentials> <DataSeedFlag>

Command Parameters:

  1. <csv_file>

    Provide the path to your CSV file containing user credentials by replacing <csv_file> with the actual file location.

    CSV File Format Requirements

    The CSV file must adhere to the following structure:

    • Contain exactly three columns: type, username, and password
    • Include a header row with column names: type,username,password
    • Subsequent rows should contain individual credential entries, with each row representing a distinct set of credentials

    Ensure that the value in the type column is unique for each credential entry

    Table 1-1 Example CSV File

    type username password
    MERCHANT OBAPI PASSWORD111
  2. <DataBaseCredentials>

    Specify the <DataBaseCredentials> parameter as a comma-delimited string comprising the following components:

    • Database username
    • Password
    • JDBC URL (in the format jdbc:oracle:thin:@host:port/service_id)

    The expected format for <DataBaseCredentials> is: username,password,jdbc_url.

    Example: User,Password123,jdbc:oracle:thin:@host:port/service_id

    Ensure accurate input of these values to establish a successful connection to the database.

  3. <DataSeedFlag>

    To control the seeding of data into the digx_fw_credentials table, set the <DataSeedFlag> parameter to 'Y' to populate the table with the generated credentials. Alternatively, specify 'N' to simply display the credentials without persisting them to the database.

    Example command to run this

    java -jar com.ofss.digx.CredentialsStore.jar data.csv DB_USER,DB_PASSWORD,jdbc:oracle:thin:@//HOST:PORT/SERVICE_ID Y

    Upon executing this utility, you will obtain an encrypted password, which can then be utilized in conjunction with other credentials. Subsequently, these credentials will be populated into the database.

    Extensibility:

    To leverage custom credentials inserted into the system, utilize the following code snippet: 

    ICredentialStore store =
        CredentialStoreFactory.getCredentials(CredentialStoreKeys.CREDENTIAL_IPMLEMENTATION);
Credential credentials = store.getCredentials(<custom_type>);Replace <custom_type> with the desired type associated
        with the custom credentials. 
Import:           
        Import the jar implementation  "com.ofss.digx.infra:com.ofss.digx.infra.crypto.impl:$libs_digxVersion" into your gradle
        projectTo ensure proper configuration, verify that the entry in
        the digx_fw_config_all_b table has a prop_id of “credential_impl”, a category_id of
        “CredentialStore”, and a PROP_VALUE of “com.ofss.digx.infra.cred.DatabaseCredentialsStore”. Confirm that these values match
        exactly to guarantee correct functionality. 
If discrepancies are found, update the entry accordingly to reflect the specified values.

    The AES key is no longer required to be explicitly inserted, as it is dynamically generated by the system when the utility is run and stored within the keystore located at DIGX_FW_KEYSTORE.

    For any encryption operations that require the use of the AES key, utilize the SymmetricCryptographyProviderFactory class, which is available in the same JAR, instead of relying on the credential. This approach streamlines the encryption process and enhances overall security.

    SymmetricCryptographyProviderFactory.getInstance().getLatestProvider().encrypt(data);

    SymmetricCryptographyProviderFactory.getInstance().getLatestProvider().decrypt(data);