Hi All,
I've been trying to sign an AWS Signature 4 http request using both the Java Cryptography Library plugin and the Cryptography tools plugin. The Appian code near the bottom is using the latter, but I've been getting the same results using the macsignature function from the Java library.
AWS has sample data to validate the process here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html
The pertinent part is..
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
kSecret = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559' which is Hexencode("AWS4" + key)
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'
Your program should generate the following values for the values in getSignatureKey. Note that these are hex-encoded representations of the binary data; the key itself and the intermediate values should be in binary format.
getSignatureKey
Using the below code I get the right result for kDate, but nothing is right after that. I'm assuming the reason is that I'm getting hex string back and I need to input a binary value, but I've tried encoding the subsequent keys to base64, but I still don't get the right values. To be honest I've tried just about everything I can think of in terms of hex-text binary encoding of the keys and values and I can't get the right values. I was able to solve this with a SQL Server Function before, but that isn't an option now. Can anybody help determine if A) this is possible with Appian's Collating and Charater Encoding and B) If so how?
Please and thank you SO much for any guidance!
load( local!key: "AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY", local!date: "20120215", local!region: "us-east-1", local!service: "iam", local!request: "aws4_request", local!kdate: hmacsha256hash(local!key, local!date), local!kRegion: hmacsha256hash(local!kdate, local!region), local!kService: hmacsha256hash(local!kRegion, local!service), local!signing: hmacsha256hash(local!kService, local!request), local!signing )
-JJ
Discussion posts and replies are publicly visible
jeffreyl946,
I'm also facing the same challenge and wondered what you ended up doing? I'm starting down the path of a custom function. If that's the route you went down, would you mind sharing the Java code? Thanks.
I have a SQL Server Function that I used previously, but I have been unable to get this done in MySQL or within Appian no matter which cryptography and character encoding functions I used. I'm on the cloud and don't feel a cloud enabled custom plugin is doable for me right now. This is still on my todo list, so I don't have an answer for you. If you have access to Sql Server I can share the function I used there or if you want the MySQL HMAC function I was unable to get to work let me know, but that's about all I have to help right now. I think I included the original Appian code that I was successful with the first time.
Thanks for the response. I also looked for a MySQL option but wasn't successful. I'm going to move forward with the custom function route
I'm sorry to hear this has turned frustrating for you guys. To help get you started, I went ahead and put together a custom function plugin that will return the hex encoded signature key. I'll see if I can get that uploaded to the app market soon so that you can add it to your environments. What are you doing with the key once you generate it? Have you already determined whether, once the key is generated, you can then do what you need?
Eliot, that would be fantastic! My plan is to use the key to create the signature that gets appended to the Authorization header. To do that, I'll use the hmacsha256hash function from the Cryptographic Hash Functions plugin. I've already created the rules to build the required string that gets signed with the signature key.
Ah, ok. With that in mind, it sounds like it might make more sense for me to just add the signature generation to the Crypto Hash Functions Plugin. Either way, I'll let you know where to look for it.
Either way would be great! Thanks for your help!
I went ahead and did it as an update to the cryptography hash functions plugin. The official update is technically pending review, but should be available soon.
I'm not able to see any app submission. I get an error when I try the link you provided. My guess is I can only see those that I submit. How long does the review process take?