cloud-sdk-js icon indicating copy to clipboard operation
cloud-sdk-js copied to clipboard

Published 20 hours ago verified publisher icon SAP

JKS format is not supported by Cloud SDK (http-agent.js)

Open ElectronicWizzard opened this issue 6 months ago • 2 comments

Describe the Bug

Hallo,

I am using the BTP UCL Generic SPII for establishing connectivity between S/4HANA Public Cloud and BTP. The Generic SPII creates destinations of type JKS which is not supported currently. The error messages says the certificate needs to be converted, however its setup automatically and the request would be to support JKS as well. There was already a request https://github.com/SAP/cloud-sdk-js/issues/4440 by the UCL/SPII, but it seems only PEM was implemented by not JKS.

BR Christian

Steps to Reproduce

Use the UCL Generic SPII to establish connectivity using Formation between S/4HANA Public Cloud and BTP e.g. for SAP_COM_0008 Communication Scenario(Business Partner) and clientCertificateAuthentication. Try to use CAP with the latest Cloud Connectivity SDK to call the Business Partner API.

Expected Behavior

Support of JKS keystore as created by the UCL Generic SPII

Screenshots

Image

Used Versions

Node v22.13.1 "@sap-cloud-sdk/connectivity": "^4.0.2", "@sap-cloud-sdk/http-client": "^3.26.4", "@sap-cloud-sdk/resilience": "^3.26.4",

  • For CAP users, CAP version: >=7

Code Examples

No response

Log File

No response

Affected Development Phase

Getting Started

Impact

Blocked

Timeline

No response

Additional Context

No response

ElectronicWizzard avatar May 19 '25 13:05 ElectronicWizzard

Hi @ElectronicWizzard, a workaround for this is implied in the error message; you can convert the automatically generated certificates with the described tool and/or a library of your choice.

I've forwarded your feature request to our PO, and we've created a ticket to review when/if we're going to support this format.

tomfrenken avatar Jun 26 '25 11:06 tomfrenken

@tomfrenken As you have written, this is a workround which we used for internal testing. For the Productive Usage we can not ask the customers to change the automatically via UCL/SPII created communication setup artifacts before using our solution.

ElectronicWizzard avatar Jun 26 '25 11:06 ElectronicWizzard

@ElectronicWizzard We have now implemented the JKS support. Can you check our canary release and make sure it works for you?

emincihangeri avatar Dec 01 '25 13:12 emincihangeri

@emincihangeri Great news and happy to test, however I do not see that its included in the latest version (Pull request still open)

@ElectronicWizzard We have now implemented the JKS support. Can you check our canary release and make sure it works for you?

ElectronicWizzard avatar Dec 03 '25 08:12 ElectronicWizzard

@ElectronicWizzard Sorry for the confusion. The exact version is 4.2.1-20251203103450.0 (the canary version). It is not yet reflected on the latest version.

emincihangeri avatar Dec 03 '25 10:12 emincihangeri

@ElectronicWizzard Sorry for the confusion. The exact version is 4.2.1-20251203103450.0 (the canary version). It is not yet reflected on the latest version.

I have tested this now. The error message I receive in the log now is:

2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR Error reading Business Partners: Error: Error during request to remote service: Keystore password is required for JKS format 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at run (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/utils/client.js:233:31) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at process.processTicksAndRejections (node:internal/process/task_queues:105:5) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async RemoteService.on_handler (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/Service.js:273:20) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async next (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:61:17) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async RemoteService.handle (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:59:10) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async RemoteService.handle (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/Service.js:295:12) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async ApplicationService. (/home/vcap/app/srv/services.js:58:24) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async next (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:61:17) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async ApplicationService.handle (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:59:10) { 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR statusCode: 502, 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR reason: Error: Error during request to remote service: Keystore password is required for JKS format 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at getKeyStoreOptions (/home/vcap/app/node_modules/@sap-cloud-sdk/http-client/node_modules/@sap-cloud-sdk/connectivity/dist/http-agent/http-agent.js:129:23) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at getAgentConfig (/home/vcap/app/node_modules/@sap-cloud-sdk/http-client/node_modules/@sap-cloud-sdk/connectivity/dist/http-agent/http-agent.js:66:12) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at buildDestinationHttpRequestConfig (/home/vcap/app/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:299:53) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at buildHttpRequest (/home/vcap/app/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:74:12) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at process.processTicksAndRejections (node:internal/process/task_queues:105:5) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async /home/vcap/app/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:90:42 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async run (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/utils/client.js:222:16) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async RemoteService.on_handler (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/Service.js:273:20) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async next (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:61:17) 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR at async RemoteService.handle (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:59:10) { 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR request: { 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR method: 'GET', 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR url: '/sap/opu/odata/sap/API_BUSINESS_PARTNER/A_BusinessPartner?$select=BusinessPartner,BusinessPartnerFullName,Customer&$orderby=BusinessPartner&$inlinecount=allpages&$top=51', 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR headers: [Object] 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR }, 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR correlationId: '339af7bc-dab4-4fd7-61ae-6dd69539f027' 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR } 2025-12-03T12:41:55.80+0000 [APP/PROC/WEB/0] ERR }

According to the destination the password is maintained there:

Image

ElectronicWizzard avatar Dec 03 '25 12:12 ElectronicWizzard