API Gateway Extracting credentials from signing certificate does not work

book

Article ID: 220986

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The user wants to get the credentials from a signing certificate used to sign a message. This way we can apply better authorization.  
Attached are the policies to test in the community thread.
A small xml message is sent along with a POST on the svv-sign-xml policy. the message is signed with a signing certificate and forwarded to the policy svv-test-sign.
This policy extracts the certificate information from the message and should then retrieve the credentials, but it fails with this exception :-

The exception I get is this:
20210714 08:37:19.566 WARNING  4 Type not supported for variable credentials for variable signingCertificates: Unsupported credential type: X509Certificate[]. Exception caught!

To test, POST a very simple XML doc to the SvV-Sign-XML policy, which will sign the XML and send it to SvV-Test-Sign policy which should get the credentials from the signing certificate.

<?xml version="1.0" encoding="UTF-8"?>
<LEEG-BERICHT>
<ALG-GEG>
<PROC-IDENT>1303</PROC-IDENT>
<PROC-FUNC>1</PROC-FUNC>
<INFO-GEBR>XX</INFO-GEBR>
</ALG-GEG>
</LEEG-BERICHT>

They also left the question here:
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=1255&MessageKey=efb6502c-2227-4b1f-8a42-3b6121460cc6&CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=digestviewer

 

Environment

Release : 10.0

Component : API GATEWAY

Resolution

The assertion requires the var is an instance of X509Certificate, but the error message indicates that it's an array of X509Certificate "X509Certificate[]",  
the <prefix>.signingCertificates returned by verify xml element assertion should be an array, it may need to be referred like ${signingCertificates[0]},
or you can loop it with run for each item assertion.