Problem getting HmacSHA512 with CryptoJS to work

Go to solution
Simon Larsson
Tera Contributor

‎04-08-2022 07:20 AM

Hello,

I've tried to implement some variant of CryptoJS for making an authentication token. The problem is when i run the code snippet below I encounter this error:

Evaluator.evaluateString() problem: java.lang.SecurityException: Encountered scriptable of unknown type Object

 

var key = "sample_key"; 
var secret = CryptoJS.enc.Base64.parse(key);
var str = CryptoJS.HmacSHA512("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);

I think the error is occuring when trying to create the HmacSHA512 encoding. The code works fine running in a node.js environment.
I have created a Script Include called CryptoJS with the code attached in the file.
find_real_file.png

Anyone have some experience working with HmacSHA512, any help is appriciated.

Labels:
Preview file
163 KB
Preview file
52 KB
0 Helpfuls
  • 5,897 Views
1 ACCEPTED SOLUTION

Go to solution
-O-
Kilo Patron
Kilo Patron
In response to Simon Larsson

‎04-13-2022 01:11 AM

Not sure why that is. However I'll attach your file modified by me as described; I've tested it in both San Diego and Quebec. I assume if it works in those two, it should also work in Rome.

View solution in original post

Preview file
150 KB
0 Helpfuls
11 REPLIES 11

Go to solution
-O-
Kilo Patron
Kilo Patron

‎04-09-2022 04:31 PM

Maybe it's because the object has not been created with Class.create(). At least one of the problems. If I remember correctly, when in scope one has to use the Class.create() for the objects to be correctly created.

0 Helpfuls

Go to solution
-O-
Kilo Patron
Kilo Patron
In response to -O-

‎04-10-2022 01:08 PM

Indeed after modifying the attached code so that it conforms to the outlined requirements it works.

What I did was to

- loose all the package b....t, remove

;(function (root, factory) {
	if (typeof exports === "object") {
		// CommonJS
		module.exports = exports = factory();
	}
	else if (typeof define === "function" && define.amd) {
		// AMD
		define([], factory);
	}
	else {
		// Global (browser)
		root.CryptoJS = factory();
	}
}(this, function () {

	/**
	 * CryptoJS core components.
	 */
	var CryptoJS = CryptoJS ||

from the beginning and replace it with:

var CryptoJS = Class.create();

(function () {

- replace line (originally 42)

var C = {};

with

var C = CryptoJS;

- replace the very last line

}));

with

})();

And that's it basically.

After those changes the library "integrates" with the ServiceNow run-time and it can be used. Running code

var key = "sample_key";
var secret = CryptoJS.enc.Base64.parse(key);

var str = CryptoJS.HmacSHA1("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == 'pf/igwxG5LGhO1BmFGwrSc7VkSk=');

var str = CryptoJS.HmacSHA224("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == '+OTuKzoSTITyyWLfsPdodAVR7oMDMitZfIWMqQ==');

var str = CryptoJS.HmacSHA256("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == 'f7Kqu0xm6mloRRX+18eI/5yT7137Y6LIYXVRUeQ/ChY=');

var str = CryptoJS.HmacSHA384("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == '95T6tnov0jlrCdSOeI8gsIzjQUsM6TL1niUEKU/+2wL65LqlSeYNIP4QPq0rHJm7');

var str = CryptoJS.HmacSHA512("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == 'zFdnLe956Fe1nYT79GL3eCiAu/yhx00flNB3/nMYDXVAk1ZjL0ANikHvyltwOAbPzZdwgYew7QVoccLHDKT/Rw==');

var str = CryptoJS.HmacSHA3("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == 'jeoUe+hHGchUlaQWhTYkCKjullbwLG7xb2LyIJPt5XABUfgFXPyPPv6Gxwh66kxeM0D9JgDf5swEMcW/N6xaYA==');

var str = CryptoJS.HmacRIPEMD160("sample_data", secret);
str = CryptoJS.enc.Base64.stringify(str);
gs.debug(str);
gs.debug(str == 'aBTw4oZSD4Rw7ItWygf7iQ5tZP4=');

In Scripts - Background, produces the output:

x_???_crypto: pf/igwxG5LGhO1BmFGwrSc7VkSk= (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: +OTuKzoSTITyyWLfsPdodAVR7oMDMitZfIWMqQ== (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: f7Kqu0xm6mloRRX+18eI/5yT7137Y6LIYXVRUeQ/ChY= (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: 95T6tnov0jlrCdSOeI8gsIzjQUsM6TL1niUEKU/+2wL65LqlSeYNIP4QPq0rHJm7 (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: zFdnLe956Fe1nYT79GL3eCiAu/yhx00flNB3/nMYDXVAk1ZjL0ANikHvyltwOAbPzZdwgYew7QVoccLHDKT/Rw== (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: jeoUe+hHGchUlaQWhTYkCKjullbwLG7xb2LyIJPt5XABUfgFXPyPPv6Gxwh66kxeM0D9JgDf5swEMcW/N6xaYA== (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
x_???_crypto: aBTw4oZSD4Rw7ItWygf7iQ5tZP4= (sys.scripts extended logging)
x_???_crypto: true (sys.scripts extended logging)
0 Helpfuls

Go to solution
Simon Larsson
Tera Contributor
In response to -O-

‎04-13-2022 12:24 AM

This looks exactly like what i need, despite your documentation i failed to make this work for my self.
 i think i failed to replace the packageing in the beginging of the script. Can you take a look at my code?


I replaced the following:

;(function (root, factory) {
	if (typeof exports === "object") {
		// CommonJS
		module.exports = exports = factory();
	}
	else if (typeof define === "function" && define.amd) {
		// AMD
		define([], factory);
	}
	else {
		// Global (browser)
		root.CryptoJS = factory();
	}
}(this, function () {

	/**
	 * CryptoJS core components.
	 */
	var CryptoJS = CryptoJS || || (function (Math, undefined) {
		/*
	     * Local polyfil of Object.create
	     */
		var create = Object.create || (function () {
			function F() {};

			return function (obj) {
				var subtype;

				F.prototype = obj;

				subtype = new F();

				F.prototype = null;

				return subtype;
			};
		}())

		/**
	     * CryptoJS namespace.
	     */
		var C = {};

with this, based of what i could read out from your earlier post.

var CryptoJS = Class.create();

(function () {

	/**
	 * CryptoJS core components.
	 */
	(function (Math, undefined) {
		/*
	     * Local polyfil of Object.create
	     */
		var create = Object.create || (function () {
			function F() {};

			return function (obj) {
				var subtype;

				F.prototype = obj;

				subtype = new F();

				F.prototype = null;

				return subtype;
			};
		}())

		/**
	     * CryptoJS namespace.
	     */
		var C = CryptoJS;

 

I still get some errors when running the code.

Javascript compiler exception: Primitive type expected (had org.mozilla.javascript.Undefined instead) (sys_script_include.b35e260207320110f83cf87e7c1ed0ff.script; line 68)

this is line 68:

if (overrides) {
    subtype.mixIn(overrides);
}
0 Helpfuls

Go to solution
-O-
Kilo Patron
Kilo Patron
In response to Simon Larsson

‎04-13-2022 01:11 AM

Not sure why that is. However I'll attach your file modified by me as described; I've tested it in both San Diego and Quebec. I assume if it works in those two, it should also work in Rome.

Preview file
150 KB
0 Helpfuls