The CreatorCon Call for Content is officially open! Get started here.

Generate RSA-SHA1 signature based off of a string and private key

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎07-01-2019 11:35 AM

I am working on a JIRA integration from Servicenow and the authentication I want to use is oAuth 1.0. As servicenow doesnt support oAuth 1.0, I am writing custom code to make it work.

I have the access token, consumer id etc, and I am trying to generate a signature, with a private key and a string I have.

Is there a function which can generate the signature using RSA-SHA1 algorithm?

I know I can generate the HMAC SHA1, but RSA-SHA1 is not supported

 

var mac = new CertificateEncryption();
var signature = mac.generateMac(pkey, "RSA-SHA1", signatureBaseString);


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls
  • 2,794 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Rahman4

‎07-15-2019 10:24 PM

Yes. I had a certificate which was in pkcs8 format. I converted it to pkcs12 format and loaded it in sys_certificate table. Once you do that, use below function, which will generate the signature.

var ce = new CertificateEncryption();
ce.sign("sysid of the certificate", "1", "", "SHA1withRSA", "datastring");

Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

12 REPLIES 12

Go to solution
Sashi K1
Kilo Guru
In response to adaml

‎10-30-2020 02:11 PM

For Global reference --> 

 

var gce = new GlideCertificateEncryption;
gce.sign("<sys_id>", "", "<pwd>", "SHA1withRSA", "sign this data");

 

refer --> https://docs.servicenow.com/bundle/paris-application-development/page/app-store/dev_portal/API_reference/GlideCertificateEncryption/concept/c_GlideCertificateEncryptionAPI.html#

 

 

0 Helpfuls

Go to solution
Sashi K1
Kilo Guru
In response to SanjivMeher

‎10-30-2020 02:08 PM

Hey Sanjeev

Could you share the OpenSSL to export pkcs8 to pkcs12? When I tried to export and use from sys_certificate, I get the following error

Key must not be null: java.security.InvalidKeyException: Key must not be null: sun.security.rsa.RSAKeyFactory.engineTranslateKey(RSAKeyFactory.java:182)

Not sure whats going wrong. Could you share openssl command used to covert? 
When I attached to sys_certificate table, I see success message when used Validate cert UI action

Thanks
Sashi


0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Sashi K1

‎11-02-2020 02:51 PM

I have documented the steps

 

  • Generate certificates in Servicenow supported format

 

Now here comes another problem. ServiceNow does not support pkcs8. But it does support pkcs12 and jks. So what we would like to do is convert the certificates to p12 file. Instructions in step 1, generates following files. Jira_privatekey.pem, jira_publickey.pem and jira_privatekey.pcks8.

 

To generate the p12, you need the jira_privatekey.pem and jira_publickey.pem file. Create a copy of jira_privatekey.pem, which will only have the private key (jira_privatekey_copy.pem). Add the public key from jira_publickey.pem to the same file after the RSA Private Key section as shown below.

 

-----BEGIN RSA PRIVATE KEY-----

<Private Key>

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

<Public Key>

-----END CERTIFICATE-----

 

Then run the following command to generate the pkcs file.

 

openssl pkcs12 -export -in jira_privatekey_copy.pem -out jira_privatekey.p12


Please mark this response as correct or helpful if it assisted you with your question.

Go to solution
Sashi K1
Kilo Guru
In response to SanjivMeher

‎11-02-2020 03:22 PM

Thank you Sanjeev, once we export the .p12 to sys_certificate, you did mention to use following code

var ce = new CertificateEncryption();
ce.sign("sysid of the certificate", "1", "", "SHA1withRSA", "datastring");

Question is on the datastring. What is the correct format of the datastring that would sign the Rest message and headers

Is that datastring is a rest end point and headers together? could you give me example?
0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Sashi K1

‎11-02-2020 03:46 PM

Below link should help you understand

 

http://consumingrestapis.github.io/chapter-4/4.1-oauth-1.0.html

 

Below is a snapshot of what i did

signatureBaseString += encodeURIComponent("oauth_consumer_key="+consumerKey+"&");

signatureBaseString += encodeURIComponent("oauth_nonce="+nonce+"&");

signatureBaseString += encodeURIComponent("oauth_signature_method="+signatureMethod+"&");

signatureBaseString += encodeURIComponent("oauth_timestamp="+timestamp+"&");

signatureBaseString += encodeURIComponent("oauth_token="+accessToken+"&");

signatureBaseString += encodeURIComponent("oauth_token_secret="+verificationCode+"&");

signatureBaseString += encodeURIComponent("oauth_version=1.0");

 

var ce = new CertificateEncryption();

// For PKCS

var signature = ce.sign("<sys id of the certificate>", "1", "", "SHA1withRSA", signatureBaseString);


Please mark this response as correct or helpful if it assisted you with your question.