Create a JAR file to resolve credentials

Create a JAR file to resolve credential identifiers sent from the MID Server into actual credentials from the repository.

About this task

Make sure to include all the credential elements that the instance expects, such as the private key.

To create a JAR file to resolve credentials:

Procedure

  1. Use this sample Java file as a template:
    package com.snc.discovery;
     
    import java.util.*;
    import java.io.*;
     
    /**
     * Basic implementation of a CredentialResolver that uses a properties file.
     */
    
    public class CredentialResolver {
     
        private static String ENV_VAR = "CREDENTIAL_RESOLVER_FILE";
        private static String DEFAULT_PROP_FILE_PATH = "C:\\dummycredentials.properties";
     
        // These are the permissible names of arguments passed INTO the resolve()
        // method.
     
        // the string identifier as configured on the ServiceNow instance...
        public static final String ARG_ID = "id";
     
        // a dotted-form string IPv4 address (like "10.22.231.12") of the target
        // system...
        public static final String ARG_IP = "ip";
     
        // the string type (ssh, snmp, etc.) of credential as configured on the
        // instance...
        public static final String ARG_TYPE = "type";
     
        // the string MID server making the request, as configured on the
        // instance...
        public static final String ARG_MID = "mid";
     
        // These are the permissible names of values returned FROM the resolve()
        // method.
     
        // the string user name for the credential, if needed...
        public static final String VAL_USER = "user";
     
        // the string password for the credential, if needed...
        public static final String VAL_PSWD = "pswd";
     
        // the string pass phrase for the credential if needed:
        public static final String VAL_PASSPHRASE = "passphrase";
     
        // the string private key for the credential, if needed...
        public static final String VAL_PKEY = "pkey";
     
        // the string authentication protocol for the credential, if needed...
        public static final String VAL_AUTHPROTO = "authprotocol";
     
        // the string authentication key for the credential, if needed...
        public static final String VAL_AUTHKEY = "authkey";
     
        // the string privacy protocol for the credential, if needed...
        public static final String VAL_PRIVPROTO = "privprotocol";
     
        // the string privacy key for the credential, if needed...
        public static final String VAL_PRIVKEY = "privkey";
     
     
        private Properties fProps;
     
        public CredentialResolver() {
        }
     
        private void loadProps() {
            if(fProps == null)
                fProps = new Properties();
     
            try {
                String propFilePath = System.getenv(ENV_VAR);
                if(propFilePath == null) {
                    System.err.println("Environment var "+ENV_VAR+" not found. Using default file: "+DEFAULT_PROP_FILE_PATH);
                    propFilePath = DEFAULT_PROP_FILE_PATH;
                }
     
                File propFile = new File(propFilePath);
                if(!propFile.exists() || !propFile.canRead()) {
                    System.err.println("Can't open "+propFile.getAbsolutePath());
                }
                else {
                    InputStream propsIn = new FileInputStream(propFile);
                    fProps.load(propsIn);
                }
                //fProps.load(CredentialResolver.class.getClassLoader().getResourceAsStream("dummycredentials.properties"));
            } catch (IOException e) {
                System.err.println("Problem loading credentials file:");
                e.printStackTrace();
            }
        }
     
        /**
         * Resolve a credential.
         */
        public Map resolve(Map args) {
            loadProps();
            String id = (String) args.get(ARG_ID);
            String type = (String) args.get(ARG_TYPE);
            String keyPrefix = id+"."+type+".";
     
            if(id.equalsIgnoreCase("misbehave"))
                throw new RuntimeException("I've been a baaaaaaaaad CredentialResolver!");
     
            // the resolved credential is returned in a HashMap...
            Map result = new HashMap();
            result.put(VAL_USER, fProps.get(keyPrefix + VAL_USER));
            result.put(VAL_PSWD, fProps.get(keyPrefix + VAL_PSWD));
            result.put(VAL_PKEY, fProps.get(keyPrefix + VAL_PKEY));
            result.put(VAL_PASSPHRASE, fProps.get(keyPrefix + VAL_PASSPHRASE));
            result.put(VAL_AUTHPROTO, fProps.get(keyPrefix + VAL_AUTHPROTO));
            result.put(VAL_AUTHKEY, fProps.get(keyPrefix + VAL_AUTHKEY));
            result.put(VAL_PRIVPROTO, fProps.get(keyPrefix + VAL_PRIVPROTO));
            result.put(VAL_PRIVKEY, fProps.get(keyPrefix + VAL_PRIVKEY));
     
            System.err.println("Resolving credential id/type["+id+"/"+type+"] -> "+result.get(VAL_USER)+"/"+result.get(VAL_PSWD)+"/"+result.get(VAL_PASSPHRASE)+"/"+result.get(VAL_PKEY)+"/"+result.get(VAL_AUTHPROTO)+"/"+result.get(VAL_AUTHKEY)+"/"+result.get(VAL_PRIVPROTO)+"/"+result.get(VAL_PRIVKEY));
     
            return result;
        }
     
     
        /**
         * Return the API version supported by this class.
         */
        public String getVersion() {
            return "1.0";
        }
     
        public static void main(String[] args) {
            CredentialResolver obj = new CredentialResolver();
            obj.loadProps();
     
            System.err.println("I spy the following credentials: ");
            for(Object key: obj.fProps.keySet()) {
                System.err.println(key+": "+obj.fProps.get(key));
            }
     
        }
    }
  2. Create a properties file to store the external credentials for the script. Use the sample below to add the necessary credentials.
    #dummycredentials.properties
    #set the environment variable CREDENTIAL_RESOLVER_FILE to the fully qualified path to this file (including file name)
    #If the environment variable isn't set, it defaults to C:/Mid Servers/Credentials/dummycredentials.properties
    #CREDENTIAL_ID.TYPE.user=
    #CREDENTIAL_ID.TYPE.pswd=
    #CREDENTIAL_ID.TYPE.pkey=
    #CREDENTIAL_ID.TYPE.passphrase=
    #CREDENTIAL_ID.snmpv3.authprotocol=
    #CREDENTIAL_ID.snmpv3.authkey=
    #CREDENTIAL_ID.snmpv3.privprotocol=
    #CREDENTIAL_ID.snmpv3.privkey=
    
    #CREDENTIAL_ID is the value in the "Credential ID" field on the instance.
    #TYPE is one of 
    #ssh_password
    #ssh_private_key
    #snmp
    #snmpv3
    #vmware
    #windows
    #mssql
    #cim
    
    PublicSnmp.snmp.pswd=public
    TestingSnmp.snmp.pswd=Muffins
    
    ExampleDomain.windows.user=EXAMPLEDOMAIN\\administrator
    ExampleDomain.windows.pswd=Password1
    
    ExampleLinux.ssh_password.user=root
    ExampleLinux.ssh_password.pswd=Rootpass123
    
    #For VMWare on 10.0.103.14
    ExampleVMWare.vmware.user=administrator
    ExampleVMWare.vmware.pswd=vmpass123##$#@
    
    #### Examples ######
    # No Authorization with no Privileges
    User1.snmpv3.user=user1 
    
    # Md5 Authorization with no Privileges
    User2.snmpv3.user=user2
    User2.snmpv3.authprotocol=md5
    User2.snmpv3.authkey=1234567890abcdef
    
    # Sha Authorization with no Privileges
    User3.snmpv3.user=user3
    User3.snmpv3.authprotocol=sha
    User3.snmpv3.authkey=1234567890abcdef
    
    # Authorization with Privileges
    User4.snmpv3.user=user4
    User4.snmpv3.authprotocol=md5
    User4.snmpv3.authkey=1234567890abcdef
    User4.snmpv3.privprotocol=aes_128
    User4.snmpv3.privkey=1234567890abcdef