CredentialResolver.class - What happens?

William50 · ‎12-09-2023

Edit: If i use "-- None --" or "[Custom Vault Name]", i'm getting "credential validated", wut?!

Hi there,

After i followed these steps to activate and setup external credential vault (in first instance, based on a local host file), i made some minor change on .java file, and compile to .class.

However, when i test credential (xpto_user2) seems to be fine, but in wrapper.log appears me that:

2023/12/09 11:14:44 | Error while resolving credential id/type[xpto_user2/windows]

This is my actual .java file:

package com.snc.discovery;

import java.util.*;
import java.io.*;
import java.util.logging.FileHandler;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;

/**
 * Basic implementation of a CredentialResolver that uses a properties file.
 */

public class CredentialResolver {

    private final static Logger LOGGER = Logger.getLogger(CredentialResolver.class.getName());

    private static String ENV_VAR = "CREDENTIAL_RESOLVER_FILE";
    //private static String DEFAULT_PROP_FILE_PATH = "C:\\dummycredentials.properties";
    private static String DEFAULT_PROP_FILE_PATH = "D:\\Desktop\\ServiceNowTest\\dummycredentials.properties";

    // These are the permissible names of arguments passed INTO the resolve()
    // method.

    // the string identifier as configured on the ServiceNow instance...
    public static final String ARG_ID = "id";

    // a dotted-form string IPv4 address (like "10.22.231.12") of the target
    // system...
    public static final String ARG_IP = "ip";

    // the string type (ssh, snmp, etc.) of credential as configured on the
    // instance...
    public static final String ARG_TYPE = "type";

    // the string MID server making the request, as configured on the
    // instance...
    public static final String ARG_MID = "mid";

    // These are the permissible names of values returned FROM the resolve()
    // method.

    // the string user name for the credential, if needed...
    public static final String VAL_USER = "user";

    // the string password for the credential, if needed...
    public static final String VAL_PSWD = "pswd";

    // the string pass phrase for the credential if needed:
    public static final String VAL_PASSPHRASE = "passphrase";

    // the string private key for the credential, if needed...
    public static final String VAL_PKEY = "pkey";

    // the string authentication protocol for the credential, if needed...
    public static final String VAL_AUTHPROTO = "authprotocol";

    // the string authentication key for the credential, if needed...
    public static final String VAL_AUTHKEY = "authkey";

    // the string privacy protocol for the credential, if needed...
    public static final String VAL_PRIVPROTO = "privprotocol";

    // the string privacy key for the credential, if needed...
    public static final String VAL_PRIVKEY = "privkey";


    private Properties fProps;

    public CredentialResolver() {
        FileHandler handler;

        //Init Logger
        try {
            handler = new FileHandler("logs/ExternalCredential_log.txt", 50000, 1, true);
            handler.setFormatter(new SimpleFormatter());
            handler.setLevel(Level.ALL);
            LOGGER.addHandler(handler);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void loadProps() {
        if(fProps == null)
            fProps = new Properties();

        try {
            String propFilePath = System.getenv(ENV_VAR);
            if(propFilePath == null) {

                LOGGER.warning("Environment var " + ENV_VAR + " not found. Using default file: " + DEFAULT_PROP_FILE_PATH);
                propFilePath = DEFAULT_PROP_FILE_PATH;
            }

            File propFile = new File(propFilePath);
            if(!propFile.exists() || !propFile.canRead()) {
                LOGGER.severe("Can't open " + propFile.getAbsolutePath());
            }
            else {
                InputStream propsIn = new FileInputStream(propFile);
                fProps.load(propsIn);
                LOGGER.info("Loaded properties from " + propFile.getAbsolutePath());
            }
            //fProps.load(CredentialResolver.class.getClassLoader().getResourceAsStream("dummycredentials.properties"));
        } catch (IOException e) {
            LOGGER.severe("Problem loading credentials file:");
            e.printStackTrace();
        }
    }

    /**
     * Resolve a credential.
     */
    public Map resolve(Map args) {
        loadProps();
        String id = (String) args.get(ARG_ID);
        String type = (String) args.get(ARG_TYPE);
        String keyPrefix = id+"."+type+".";

        // the resolved credential is returned in a HashMap...
        var result = new HashMap();
        result.put(VAL_USER, fProps.get(keyPrefix + VAL_USER));
        result.put(VAL_PSWD, fProps.get(keyPrefix + VAL_PSWD));
        result.put(VAL_PKEY, fProps.get(keyPrefix + VAL_PKEY));
        result.put(VAL_PASSPHRASE, fProps.get(keyPrefix + VAL_PASSPHRASE));
        result.put(VAL_AUTHPROTO, fProps.get(keyPrefix + VAL_AUTHPROTO));
        result.put(VAL_AUTHKEY, fProps.get(keyPrefix + VAL_AUTHKEY));
        result.put(VAL_PRIVPROTO, fProps.get(keyPrefix + VAL_PRIVPROTO));
        result.put(VAL_PRIVKEY, fProps.get(keyPrefix + VAL_PRIVKEY));

        LOGGER.info("Credential found for ID - " + id + ", Type - " + type);

        return result;
    }


    /**
     * Return the API version supported by this class.
     */
    public String getVersion() {
        return "1.0";
    }

    public static void main(String[] args) {
        CredentialResolver obj = new CredentialResolver();
        obj.loadProps();

        LOGGER.info("I spy the following credentials: ");
        for(Object key: obj.fProps.keySet()) {
            LOGGER.info("Credential found key - " + key + ", value - " + obj.fProps.get(key));
        }
    }
}

Then, i create a .class from from that java and put it on "C:\ServiceNow\API\Java\com\snc\discovery" named "CredentialResolver.class". Then, i create .jar and put as mid server jar on ServiceNow instance (Utah Patch 7b).

1) How can is possible to retrieve me that error, when i dont have any of this sentence on my code?

2) How can is possible, in my second host where i have mid server installed getting these error?

Will Hallam · ‎12-11-2023

Regarding the error message, that's from the parent call within the MID code which is invoking the resolve() method from your custom class, which is why that phrase doesn't appear in any of your code.

I'm not sure why you're seeing a success when you test the cred but an error in the MID log, however that example code does not seem to have much in the way of error checking so it is sending back some result payload even if the cred lookup fails. I would add some more LOGGER calls in your code to spell out what values are (or aren't) being pulled from the properties file.

The second error you mention appears to indicate a problem with generating the path to the properties file, as if there's an environment variable defined which is overriding the default you have in your .java file. In this case as well, some additional LOGGER calls which spell out where the values of propFilePath and propFile are coming from.

Fabian Kunzke · ‎12-15-2023

Cannot add any comment on the credentialresolver part.

The credential check could be positive, if the mid-server service account is able to authenticate against the host. This is/has been a common issue. To validate this, deactivate the "use service account" credential on the instance.

Regards

Fabian

gcmalcato · ‎01-09-2024

Actually, i solved the previous issue with java file. But now, and because we've using .properties file to input password, i cant put a ssh private key (openssh) in correct way.

You know what the correct way to put this key?

gcmalcato · ‎01-09-2024

Hey Will,

Im solving this issue on java file, but, theres one missing info that i cant get: What is the correct way to put a ssh private key (openssh) in the .properties file? I can't get the syntax/format right