12 Steps to Create Credential Mapping

Credential Store Mapping

The OBDX system utilizes external integrations to facilitate seamless communication with various services. To establish these connections, credentials are required to authenticate and authorize access. These credentials are not hardcoded but rather initialized post-installation. They are subsequently encrypted and stored within the database, ensuring confidentiality and integrity. This subsequent section outlines the procedures and guidelines for configuring and managing these credentials within the OBDX environment.

To utilize the credential mapping functionality, retrieve the com.ofss.digx.CredentialsStore.jar file from the designated location:

OBDX_Installer/installables/OBDX/BASE/25.1.0.0.0/utils/tools

Running the Credential Mapping Application

Execute the application using the following command:

java -jar com.ofss.digx.CredentialsStore.jar <csv_file> <DataBaseCredentials> <DataSeedFlag>

Command Parameters:

  1. <csv_file>

    Provide the path to your CSV file containing user credentials by replacing <csv_file> with the actual file location.

    CSV File Format Requirements

    The CSV file must adhere to the following structure:

    • Contain exactly three columns: type, username, and password
    • Include a header row with column names: type,username,password
    • Subsequent rows should contain individual credential entries, with each row representing a distinct set of credentials
    • Ensure that the value in the type column is unique for each credential entry

    Example CSV File

    Table 12-1 WAR deployments

    type username password
    MERCHANT OBDX PASSWORD111
  2. <DataBaseCredentials>

    Specify the <DataBaseCredentials> parameter as a comma-delimited string comprising the following components:

    • Database username
    • Password
    • JDBC URL (in the format jdbc:oracle:thin:@host:port/service_id)

    The expected format for <DataBaseCredentials> is: username,password,jdbc_url.

    Example: User,Password123,jdbc:oracle:thin:@host:port/service_id

    Ensure accurate input of these values to establish a successful connection to the database.

  3. <DataSeedFlag>

    To control the seeding of data into the digx_fw_credentials table, set the <DataSeedFlag> parameter to 'Y' to populate the table with the generated credentials. Alternatively, specify 'N' to simply display the credentials without persisting them to the database.

    Example command to run this

    java -jar com.ofss.digx.CredentialsStore.jar data.csv DB_USER,DB_PASSWORD,jdbc:oracle:thin:@//HOST:PORT/SERVICE_ID Y

    Upon executing this utility, you will obtain an encrypted password, which can then be utilized in conjunction with other credentials. Subsequently, these credentials will be populated into the database.

Extensibility:

To leverage custom credentials inserted into the system, utilize the following code snippet:

ICredentialStore
                store = CredentialStoreFactory.getCredentials(CredentialStoreKeys.CREDENTIAL_IPMLEMENTATION);
Credential credentials = store.getCredentials(<custom_type>);

Replace <custom_type> with the desired type associated with the custom credentials.

Import:

Import the jar implementation 

com.ofss.digx.infra:com.ofss.digx.infra.crypto.impl:$libs_digxVersion

into your gradle project

To ensure proper configuration, verify that the entry in the digx_fw_config_all_b table has a prop_id of credential_impl, a category_id of CredentialStore, and a PROP_VALUE of com.ofss.digx.infra.cred.DatabaseCredentialsStore. Confirm that these values match exactly to guarantee correct functionality. If discrepancies are found, update the entry accordingly to reflect the specified values.

The AES key is no longer required to be explicitly inserted, as it is dynamically generated by the system when the utility is run and stored within the keystore located at DIGX_FW_KEYSTORE.

For any encryption operations that require the use of the AES key, utilize the SymmetricCryptographyProviderFactory class, which is available in the same JAR, instead of relying on the credential. This approach streamlines the encryption process and enhances overall security.

SymmetricCryptographyProviderFactory.getInstance().getLatestProvider().encrypt(data);
SymmetricCryptographyProviderFactory.getInstance().getLatestProvider().decrypt(data);