How to extract a SHA1 Certificate field using cryp...

Report Inappropriate Content · 09-16-2016 05:28 AM

I need to have a API proxy where I send in SHA1 certificate and extract a certain field from it.

The certificate would be sent to the proxy as a part of the incoming request header and it would extract the field value from it.

Went about using the crypto object :-

Please find the code below:-

var _sha1 = crypto.getSHA1();

var issuer=_sha1.Issuer;

if(issuer!==null)

{ context.proxyResponse.content='success'; }

else

{ context.proxyResponse.content='failure'; }

But I'm getting a this error:-

{ "fault": { "faultstring": "Execution of extract-from-cert failed with error: Javascript runtime error: \"ReferenceError: \"crypto\" is not defined. (JavaScript_1_js#1). at line 1 \"", "detail": { "errorcode": "steps.javascript.ScriptExecutionFailed" } } }

Please help.

If this is not feasible in Apigee can anyone please suggest some alternatives.

hanselm

You need to make sure to include the JS crypto library and the code that instantiates the 'crypto' variable in the JS policy to refer to it :

(Assuming, crypto.js is the library code, and getSha1Cert.js is this JS code where you extract the cert) you would need something like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Javascript async="false" continueOnError="false" enabled="true" timeLimit="200" name="Jsc.getSha1Cert">
    <DisplayName>Jsc.getSha1Cert</DisplayName>
    <Properties/>
    <IncludeURL>jsc://crypto.js</IncludeURL>
    <ResourceURL>jsc://getsha1cert.js</ResourceURL>
</Javascript>

Report Inappropriate Content

Hey @Hansel Miranda

Thanks for your reply.

Where do I find "crypto.js" file? Is this a file which is already there in Apigee and I just need to include it?

Or is it something like "angular.js" which I can download from the internet?

hanselm

It sounds like you are using the Apigee OOTB crypto object. The crypto.getSha1() instantiates a new SHA1 object according to the documentation, but that does not sound like what you are looking to achieve.

DChiesa

Can you explain, what is a SHA1 certificate?

I need to have a API proxy where I send in SHA1 certificate and extract a certain field from it.

SHA1 is an algorithm for producing a Hash.

I think you are perhaps referring to a x509 (TLS) certificate, which uses a SHA1 for the signature. Is that right?

How are you "sending in" the certificate? In which form?

In general, it's easier and it performs better if you manipulate certs within Java callouts, rather than in JavaScript.

Report Inappropriate Content

Hi @Dino

Yes,I have a x509(TLS) certificate.

My requirement is to extract a particular field from a incoming certificate in Apigee layer.

What is the best approach for this? Is this even possible? If this possible in what way should the consumer send the certificate to Apigee?

DChiesa

You HAVE a x509 cert.

How? In what form? How has the client sent in the cert?

(Please edit your question and provide ALL the details you possibly can.)

Report Inappropriate Content

Hi @Dino,

The current architecture structure is like this:- App A<->App B.

They perform massl authentication using digital certificates(TLS handshake). The field which i'm trying to extract is a number which App A sends inside the certificate against which App B performs a validation.

I know the certificate exchange/authentication happens in SSL layer. Can't we do something so as to extract the field from here ??

DChiesa

> Can't we do something so as to extract the field from here ??

I don't know. When you have clients connecting via mutual TLS, there are SSL variables populated in the request context. You can read about them here.

Do those variables suffice?

How to extract a SHA1 Certificate field using crypto object ?