jsrsasign

ewj · ‎11-06-2015

i was tasked with integrating ServiceNow with our second-factor authentication vendor (Ping Identity). the goal was to be able to automate administrative processes that would otherwise be worked on manually and only during business hours.

this brought up the need to use JWTs for our first time. jsrsasign was the recommended javascript library per our vendor and general googling. all i had to do was get it working in ServiceNow. of the many ways this is probably possible, this is how i did it:

requirements:

maintain original source code of jsrsasign with the least amount of modification necessary
that it works

resources used

jsrsasign
brackets
service-now community
coffee
sleep iou's

process:

create script include

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function() {
       },
       type: 'jsrsasign'
};

the entire minified source for jsrsasign will be put in the initialize function of the script include. there were some errors at first relating to window and navigator not being defined. this was resolved by declaring these as objects before pasting in the jsrsasign code. (i've spared your scroll bars by not pasting in the entire code for jsrsasign-5.0.1-all-min.js. you would paste in after line 5 in the script example below.)

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function () {
               var navigator = {};
               var window = {};
       },
       type: 'jsrsasign'
};

the other error i had, and the one modification i had to make to the jsrsasign source, was with a primitive type error related to an if statement in the cryptojs library. this was worked out, thanks to a tip from chrisc., by using JSUtil.notNil. run a replace on:

if(p)

and replace with:

if(JSUtil.notNil(p)) /*modified from original value of if(p)*/

next, i created functions that called one of the specific functions from jsrsasign that i needed.

       signJWT: function (alg, sHeader, sPayload, key, pass) {
               var sign = KJUR.jws.JWS.sign(alg, sHeader, sPayload, key, pass);
               return sign;
       },

i have another script include that builds and packages the required json headers/payload and sends the request up to our vendor. i run my new JWT function from that script include by calling:

new jsrsasign().signJWT(alg, sHeader, sPayload, key, pass);

results:

instant authenticated request/response to our 3rd party app to deprovision mobile devices.
zero-touch results for users around the clock.

thirschi · ‎02-16-2017

I'm getting an opposite error to the if(p) compared to the if(JSUtil.notNil(p))

thirschi · ‎02-16-2017

Of course it doesn't work the other way either.

thirschi · ‎03-03-2017

I was able to get it working by changing the if(JSUtil.notnil(p)) to the following

var answerNil;

if (JSUtil.isJavaObject(p)){

answerNil = !GlideJSUtil.isNilJavaObject(p);

}

if(answerNil == null) {

answerNil = !((p == null) || (typeof p == 'undefined'));

}

if(answerNil)

ewj · ‎03-28-2017

we finally upgraded (istanbul). i knew my code was going to break based on the feedback received off of this thread. finally having a reason to look at Certificate encryption APIs, i realized i don't have a cert to sign with but rather a key. in full disclosure, i'm not too keen on the differences between the two, but saw getting my key into a cert as a bigger effort at this stage of upgrade testing than we have time for.

all told, thirschi your solution worked and worked quickly. thank you! I'm sure with time (which i don't have) i can figure out how to refactor and gather the requirements (and understanding) to work with Certificate encryption APIs but for now things are working and i can get onto the rest of our istanbul testing.

Pranav Bhagat · ‎07-21-2017

Hi Erik

The document that you are referring ie Certificate encryption APIs is not accesible ,can you please help me out with it

Thanks

Pranav