Skip to content

Instantly share code, notes, and snippets.

@dzmitry-savitski

dzmitry-savitski/cyberark.groovy

Created March 26, 2025 17:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dzmitry-savitski/3dcda83b470b7ceaf1efaabd6d66ce4f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dzmitry-savitski/3dcda83b470b7ceaf1efaabd6d66ce4f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. dzmitry-savitski created this gist Mar 26, 2025.
    54 changes: 54 additions & 0 deletions cyberark.groovy
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,54 @@
    import javax.net.ssl.*
    import java.security.KeyStore
    import java.io.*
    import java.net.URL

    // --- Configuration ---
    def apiUrl = "https://<pvwa-url>/AIMWebService/api/Accounts"
    def appId = "MyAppID"
    def safe = "MySafe"
    def objectName = "MyAccount"

    def pkcs12Path = "/path/to/client.p12"
    def pkcs12Password = "your_cert_password"

    // --- Load client certificate into KeyStore ---
    KeyStore keyStore = KeyStore.getInstance("PKCS12")
    keyStore.load(new FileInputStream(pkcs12Path), pkcs12Password.toCharArray())

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509")
    kmf.init(keyStore, pkcs12Password.toCharArray())

    SSLContext sslContext = SSLContext.getInstance("TLS")
    sslContext.init(kmf.getKeyManagers(), null, new SecureRandom())

    // --- Build the full request URL with query params ---
    def query = "AppID=${URLEncoder.encode(appId, 'UTF-8')}" +
    "&Safe=${URLEncoder.encode(safe, 'UTF-8')}" +
    "&Object=${URLEncoder.encode(objectName, 'UTF-8')}"

    def fullUrl = new URL("${apiUrl}?${query}")
    def connection = (HttpsURLConnection) fullUrl.openConnection()

    // --- Apply SSL context (with client cert) ---
    connection.setSSLSocketFactory(sslContext.getSocketFactory())

    // Optional: disable hostname verification (only for testing!)
    connection.setHostnameVerifier({ hostname, session -> true })

    connection.setRequestMethod("GET")
    connection.setRequestProperty("Accept", "application/json")

    // --- Read the response ---
    def responseCode = connection.responseCode
    if (responseCode == 200) {
    def reader = new BufferedReader(new InputStreamReader(connection.getInputStream()))
    def response = reader.lines().join("\n")
    println "🔐 Response from CyberArk:"
    println response
    } else {
    def errorReader = new BufferedReader(new InputStreamReader(connection.getErrorStream()))
    def errorMsg = errorReader.lines().join("\n")
    println "❌ Request failed with code ${responseCode}"
    println errorMsg
    }