This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to add CryptoJS in apigee ?

Posted on 02-14-2016 10:22 PM
Not applicable
Reply posted on --/--/---- --:-- AM

We want to use message level encryption on apiKey when sending the information to target servers. While sending the apiKey over to target servers we want to encrypt (with hmac) and send it to them. In order to achieve this, we tried via CryptoJS but it failed. Can you please let us know the best easy way to achieve this?

1 13 1,207
Topic Labels
13 REPLIES 13

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Madhumita Kumari , Found related article here, hope it's helpful.

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

1. on your develpoment workstation, Get the crypto-js.js file

bower install crypto-js

after the above command, you will find it here:

bower_components/crypto-js/crypto-js.js

2. Import the script to Apigee via the UI. (Add Script -> Import from File). Then, in your Javascript policy, reference the crypto-js like this,

<IncludeURL>jsc://crypto-js.js</IncludeURL>
<ResourceURL>jsc://encrypt-apikey.js</ResourceURL>

3. In your encrypt-apikey.js script, you can encrypt the key like this

var encrypted_apikey = CryptoJS.HmacSHA1(apikey, "encrypt-key").toString()
context.setVariable('encrypted_apikey',encrypted_apikey)

Thanks,

Posted on --/--/---- --:-- AM
Not applicable
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Should I install the "bower install crypto-js" in router+message processor node or in management console node? The import of crypto-js.js into apigee can be done via the management console develop segment as Add script -> Import from file right? Also which option do you suggest in general "Java Callout vs Javascript" ? What are the pros and cons on using either of these approaches.

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

"bower install crypto-js" is just to get the crypto-js.js file, you can run this on your laptop/local machine - java vs js - personally i prefer js - no need for compillation, easy to test in js console

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Have included the crypto-js.js in the jsc. Here is what the encrypt-apikey.js contains. For some reasons the js is failing and apiKey is not getting updated. Actually the first two lines causing the error and not proceeding further...

try{//require("CryptoJS");var encrypted_apikey =CryptoJS.HmacSHA1(xyz.apikey,"encrypt-key").toString();
context.setVariable('encrypted_apikey',encrypted_apikey);var jsonPayLoad = context.targetRequest.body.asJSON;if(typeof jsonPayLoad !="undefined"&& jsonPayLoad !=null){
 jsonPayLoad.apiKey= encrypted_apikey ;
 context.targetRequest.body = JSON.stringify(jsonPayLoad);}}catch(err){}
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

According to this answer in StackOverflow, it seems that you also need to include sha1-min.js file in the JS Policy.

http://stackoverflow.com/questions/4337959/need-hmac-sha1-library-for-javascript

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

if bower is used, it combines all the code in crypto-js.js so other files are not needed @Diego Zuluaga

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Got it. Thanks!

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

whats the error you are getting? can you 'throw err' in your catch block?

what is this - 'xyz.apikey'? are you sure this is initialized and has right value?

have u attached this policy at the target flow?

instead of this,

var jsonPayLoad = context.targetRequest.body.asJSON;if(typeof jsonPayLoad !="undefined"&& jsonPayLoad !=null){
 jsonPayLoad.apiKey= encrypted_apikey ;
 context.targetRequest.body = JSON.stringify(jsonPayLoad);

I would also try, [this would work irrespective of proxy/target]

var jsonPayload = JSON.parse(context.getVariable('request.content'))
jsonPayLoad.apiKey= encrypted_apikey ;
context.setVariable('request.content',JSON.stringify(jsonPayload))

Thanks

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

The variable xyz.apikey was not resolved. Have added the variable via context.getvariable and it worked. Also I'm able to use CryptoJS.AES.encrypt / decrypt which is what we needed. Thanks everyone. esp Mukundha

"throw err" - This helped me nailing down where the issue is..

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

cool! you are welcome

0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

do you know why it failed? did you get any errors?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Have included the crypto-js.js in the jsc. Here is what the encrypt-apikey.js contains. For some reasons the js is failing and apiKey is not getting updated. Actually the first two lines causing the error and not proceeding further... 

try{
//require("CryptoJS");
var encrypted_apikey = CryptoJS.HmacSHA1(xyz.apikey, "encrypt-key").toString();
context.setVariable('encrypted_apikey',encrypted_apikey);
var jsonPayLoad = context.targetRequest.body.asJSON;
if(typeof jsonPayLoad != "undefined"  && jsonPayLoad != null){
 jsonPayLoad.apiKey= encrypted_apikey ;
 context.targetRequest.body = JSON.stringify(jsonPayLoad);
}
}
catch(err){}
0 Likes