Groovy CyberArk example

cyberark.groovy

import javax.net.ssl.*
import java.security.KeyStore
import java.io.*
import java.net.URL

// --- Configuration ---
def apiUrl = "https://<pvwa-url>/AIMWebService/api/Accounts"
def appId = "MyAppID"
def safe = "MySafe"
def objectName = "MyAccount"

def pkcs12Path = "/path/to/client.p12"
def pkcs12Password = "your_cert_password"

// --- Load client certificate into KeyStore ---
KeyStore keyStore = KeyStore.getInstance("PKCS12")
keyStore.load(new FileInputStream(pkcs12Path), pkcs12Password.toCharArray())

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509")
kmf.init(keyStore, pkcs12Password.toCharArray())

SSLContext sslContext = SSLContext.getInstance("TLS")
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom())

// --- Build the full request URL with query params ---
def query = "AppID=${URLEncoder.encode(appId, 'UTF-8')}" +
            "&Safe=${URLEncoder.encode(safe, 'UTF-8')}" +
            "&Object=${URLEncoder.encode(objectName, 'UTF-8')}"

def fullUrl = new URL("${apiUrl}?${query}")
def connection = (HttpsURLConnection) fullUrl.openConnection()

// --- Apply SSL context (with client cert) ---
connection.setSSLSocketFactory(sslContext.getSocketFactory())

// Optional: disable hostname verification (only for testing!)
connection.setHostnameVerifier({ hostname, session -> true })

connection.setRequestMethod("GET")
connection.setRequestProperty("Accept", "application/json")

// --- Read the response ---
def responseCode = connection.responseCode
if (responseCode == 200) {
    def reader = new BufferedReader(new InputStreamReader(connection.getInputStream()))
    def response = reader.lines().join("\n")
    println "🔐 Response from CyberArk:"
    println response
} else {
    def errorReader = new BufferedReader(new InputStreamReader(connection.getErrorStream()))
    def errorMsg = errorReader.lines().join("\n")
    println "❌ Request failed with code ${responseCode}"
    println errorMsg
}