| |
OScript API/Built-in Package Index |
The built-in functions in the Cloud Package allow cloud storage provider authentication operations to be performed for AWS, Azure, and GCP.
The Cloud Package offers the following functionality:
Request an access token using a JWT.
Create and sign a JWT (JSON Web Token).
Computes the signature string used for Azure authentication.
Generate SHA-256 hash string.
Sign an AWS4 key for Amazon cloud access.
Request an access token using a JWT.
credentials.
scope that application should be granted access to
options for specifying expiration info for the token. By default, the token will be valid from the time when the request is made and will expire in one hour.
An access token that can be used for making Google Cloud API calls if success, Error otherwise.
String jwtToken Assoc checkVal RestClient rc Assoc query Assoc headersAuth // NOTE THAT THE PRIVATE KEY HAS BEEN MODIFIED. A VALID KEY MUST BE PROVIDED TO RUN THE CODE. Assoc credential = Assoc{ "type": "service_account", "project_id": "otcs-cloud", "private_key_id": "8f435000a83a2dc6f6befeec468e49b8c3817b72", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBK.....6Cg==\n-----END PRIVATE KEY-----\n", "client_email": "conetnt-server@otcs-cloud.iam.gserviceaccount.com", "client_id": "106117477893356774801", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/conetnt-server%40otcs-cloud.iam.gserviceaccount.com" } String scope = "https://www.googleapis.com/auth/devstorage.full_control" Integer startTime = Date.Systime() Integer expirationTime = startTime + 3600 // token will expire in one hour Assoc options = Assoc{ 'iat':startTime, 'exp':expirationTime } Dynamic status = Cloud.AuthenticateJWT( credential, scope, options ) if( IsNotError( status ) ) jwtToken = $WebLL.JSONUtils.ParseJSON( status.content ).access_token checkVal = signatureproviders::SignatureRESTUtils.ParseURL( "https://www.googleapis.com/storage/v1/b/otcs/o" ) rc = RestClient.NewSecure( checkVal.host, checkVal.port, checkVal.path ) headersAuth.( 'Authorization' ) = "Bearer " + jwtToken checkVal = rc.GET( query, headersAuth ) if( checkVal.status == 200 ) echo( checkVal.content ) end else Echo( Error.ErrorToString( status ) ) end
Create and sign a JWT (JSON Web Token). The result is the JWT in the format: {Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}.
RSA private key.
header, not encoded yet.
claim set, not encoded yet.
A JWT that has been signed and is ready for request an access token if success, Error otherwise.
Assoc checkVal Assoc jwtClaim Assoc jwtHeader Assoc jwtSignature // NOTE THAT THE PRIVATE KEY HAS BEEN MODIFIED. A VALID KEY MUST BE PROVIDED TO RUN THE CODE. Assoc credential = Assoc{ "type": "service_account", "project_id": "otcs-cloud", "private_key_id": "8f435000a83a2dc6f6befeec468e49b8c3817b72", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBK.....6Cg==\n-----END PRIVATE KEY-----\n", "client_email": "conetnt-server@otcs-cloud.iam.gserviceaccount.com", "client_id": "106117477893356774801", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/conetnt-server%40otcs-cloud.iam.gserviceaccount.com" } Boolean ok = TRUE jwtHeader.( "alg" ) = "RS256" jwtHeader.( "typ" ) = "JWT" jwtHeader.( "kid" ) = credential.private_key_id String strJwtHeader = $WebLL.JSONUtils.ToJSON( jwtHeader ) jwtClaim.( "iss" ) = credential.client_email jwtClaim.( "scope" ) = "https://www.googleapis.com/auth/devstorage.full_control" jwtClaim.( "aud" ) = credential.token_uri jwtClaim.( "exp" ) = Date.Systime() + 36000 // in seconds; must be less then one hour jwtClaim.( "iat" ) = Date.Systime() String strjwtClaim = $WebLL.JSONUtils.ToJSON( jwtClaim ) Dynamic result = Cloud.CreateJWT ( credential.private_key, strJwtHeader, strjwtClaim ) if ( IsNotError( result ) && IsDefined( result ) ) jwtSignagure = result echo( 'jwtSignagure:', jwtSignagure ) checkVal = GetToken( jwtSignagure ) ok = checkVal.ok elseif( IsNotError( result ) ) Echo( Error.ErrorToString( result ) ) end if ( ok ) Echo( 'success:', checkVal.access_token ) else Echo( 'failire:', checkVal.errMsg ) end echo( 'done' ) function Assoc GetToken( String jwtSignagure ) Assoc result Assoc headers RestClient rc Assoc query String body Assoc checkVal = signatureproviders::SignatureRESTUtils.ParseURL( "https://oauth2.googleapis.com/token" ) if( checkVal.ok ) rc = RestClient.NewSecure( checkVal.host, checkVal.port, checkVal.path ) headers.( 'Content-Type' ) = "application/x-www-form-urlencoded" body = "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=" + jwtSignagure checkVal = rc.POST( query, body, Length( body ), headers ) if ( checkVal.status == 200 ) result = $WebLL.JSONUtils.ParseJSON( checkVal.content ) result.ok = TRUE else result.ok = FALSE result.errMsg = checkVal.content end end return result end
Computes the signature string used for Azure authentication. The signature string is computed using a HMAC SHA256 hash of the canonicalRequest string and the key string and returns the Base64 encoded signature string.
Base64 encoded key string.
The request string to be hashed.
Base64 encoded signature string.
Compute the SHA-256 hash of an input string and return the output.
input string that is to be hashed.
should the return string to be converted to hex string.
SHA-256 hashed string.
Sign a version 4 key for Amazon Web Services, based on a secret key.
secret key.
dataTimeStamp string.
region name for the AWS authentication.
service name for the AWS authentication.
Raw canonicalRequest string for the AWS authentication.
A hex string that is the final signature used for AWS authentication.
| Copyright © 2022 OpenText Corporation. All rights reserved. |