Connector Rules - Illegal Value

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

I am trying to create a new Web Services connection. This particular system requires a hash-based message authentication code (HMAC) in the header of the API calls. I am attempting to create a Web Service BeforeRule to create the HMAC and add it to the header of the requestEndPoint. When I try to upload the script, I am receiving the following error:

{
    "detailCode": "400.1.3 Illegal value",
    "trackingId": "9dd0c810a25a4522941ef504ac8e5d2e",
    "messages": [
        {
            "locale": "und",
            "localeOrigin": "REQUEST",
            "text": "Illegal value \"[{\"line\":25,\"column\":5,\"message\":\"Remove reference to .update(\"},{\"line\":26,\"column\":5,\"message\":\"Remove reference to .update(\"},{\"line\":29,\"column\":5,\"message\":\"Remove reference to .update(\"}]\" for field \"sourceCode.script\"."
        },
        {
            "locale": "en-US",
            "localeOrigin": "DEFAULT",
            "text": "Illegal value \"[{\"line\":25,\"column\":5,\"message\":\"Remove reference to .update(\"},{\"line\":26,\"column\":5,\"message\":\"Remove reference to .update(\"},{\"line\":29,\"column\":5,\"message\":\"Remove reference to .update(\"}]\" for field \"sourceCode.script\"."
        }
    ],
    "causes": []
}

Here is the script:

import java.lang.*;\n
import connector.common.JsonUtil;\n
import java.util.*;\n
import sailpoint.connector.webservices.WebServicesClient;\n
import javax.naming.*;\n
import java.net.*;\n
import org.json.*;\n
import java.text.DateFormat;\n
import java.text.SimpleDateFormat;\n
import org.apache.commons.codec.binary.Base64;\n
import org.apache.commons.codec.digest.*;\n
Map body = requestEndPoint.getBody();\n
Map header = requestEndPoint.getHeader();\n
String fullUri = requestEndPoint.getContextUrl;\n
String operationType = requestEndPoint.getHttpMethodType();\n
String methodURL = operationType + fullUri;\n
byte[] methodURLBytes = methodURL.getBytes();\n
if(header != null) {\n
	String HeaderSignature = header.get(\"Signature\");\n
	String currentDate = new SimpleDateFormat(\"yyyy-MM-dd'T'h:m:ssZZZZZ\").format(new Date());\n
	String currentDateSubstring = currentDate.substring(0,12);\n
	byte[] currentDateSubstringBytes = currentDateSubstring.getBytes();\n
	byte[] combinedBytes = combined.getBytes();\n
	Mac hmac = Mac.getInitializedMac(HmacAlgorithms.HMAC_SHA_384, HeaderSignature.getBytes());\n
	hmac.update(methodURLBytes);\n
	hmac.update(currentDateSubstringBytes);\n
	if(body != null){\n
		byte[] bodyBytes = body.getBytes();\n
		hmac.update(bodyBytes);\n
	}\n
	byte[] digest = hmac.doFinal();\n
	byte[] digestB64 = Base64.encodeBase64(digest);\n
	header.put(\"Signature\",new String(digestB64));\n
	header.put(\"RequestDate\",currentDate);\n
	requestEndPoint.setHeader(header);\n
}\n
return requestEndPoint;\n

The error refers to:
hmac.update(methodURLBytes);
hmac.update(currentDateSubstringBytes);
hmac.update(bodyBytes);

Is there a way to call .update() without it being marked as illegal value?

2

Do you have a link to the documentation for the Mac library?

3

I’m not sure why .update() is causing an issue, but you could try concatenating all of your update bytes into a single byte[] and feed that into the getInitializedMac constructor to see if that works.

4

Thanks for the reply Colin. It pointed me in the right direction. I switched to using Javax.crypto.Mac. I found that I had to perform doFinal() for each iteration for this HMAC.

import java.lang.*;
import connector.common.JsonUtil;
import java.util.*;
import sailpoint.connector.webservices.WebServicesClient;
import javax.naming.*;
import java.net.*;
import org.json.*;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.*;
Map originalBody = requestEndPoint.getBody();
String body = originalBody.get(jsonBody);
Map header = requestEndPoint.getHeader();
String contextUri = requestEndPoint.getContextUrl;
String operationType = requestEndPoint.getHttpMethodType();
String methodURL = operationType + contextUri;
if(header != null) {
	String HeaderSignature = header.get("Signature");
	//get bytes for headerSignature
	byte[] key = headerSignature.getBytes("UTF-8");
	//create Mac
	Mac digest = Mac.getInstance("HmacSHA256");
	//initialize Mac with headerSignature key
	digest.init(new SecretKeySpec(key, "HmacSHA256"));
	byte[] digestNew = digest.doFinal(methodURL.getBytes("UTF-8"));
	digest.init(new SecretKeySpec(digestNew, "HmacSHA256"));
	//get current date
	String currentDate = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX").format(new Date());
	String currentDateSubstring = currentDate.substring(0,13);
	digestNew = digest.doFinal(currentDateSubstring.getBytes("UTF-8"));
	digest.init(new SecretKeySpec(digestNew, "HmacSHA256"));
	String messageSignature = Base64.encodeBase64String(digest.doFinal(body.getBytes("UTF-8")));
	//update header
	header.put("User-Agent", "IdentityNow");
	header.put("Content-Type", "application/json");
	header.put("Signature",messageSignature);
	header.put("RequestDate",currentDate);
	header.remove("uri");
	header.remove("method");
	//set Header
	requestEndPoint.setHeader(header);
}
return requestEndPoint;