CertificateEncryption - Scoped
The CertificateEncryption API provides methods for encrypting certificates in scoped applications.
Use these methods to generate a hash for the certificate, sign data using a private key, and generate a message authentication code.
CertificateEncryption - CertificateEncryption()
Instantiates a CertificateEncryption object in a scoped application.
| Name | Type | Description |
|---|---|---|
| None |
CertificateEncryption - generateMac(String key, String algorithm, String data)
Generates the Message Authentication Code (MAC), which is used to authenticate a message.
| Name | Type | Description |
|---|---|---|
| key | String | Key to use to sign the message. Must be Base64 encoded. |
| algorithm | String | Algorithm to use to generate the MAC: HmacSHA256, HmacSHA1, HmacMD5, and so on. |
| data | String | Data to process. |
| Type | Description |
|---|---|
| String | MAC in base64 format. |
This example shows how to a MAC using sample_key as the data and HmacSHA256 as the algorithm.
var mac = new CertificateEncryption;
var key = "sample_key";
key = gs.base64Encode(key);
mac.generateMac(key, "HmacSHA256", "sample_data");CertificateEncryption - getThumbPrint(String certificateID, String algorithm)
Generates a hash (SHA-1, SHA-256, and so on) for the certificate from Trust Store Cert.
| Name | Type | Description |
|---|---|---|
| certificateID | String | Sys_id of the certificate record in the X.509 Certificate [sys_certificate] table. |
| algorithm | String | Algorithm to use to create the hash, such as SHA-1, SHA-256, and so on. |
| Type | Description |
|---|---|
| String | Thumbprint in base64 format. |
This example shows how to generate the thumbprint (hash) for the AzureAAD certificate.
//Create a GlideRecord to the certificate table
var x509GR = new GlideRecord('sys_certificate');
//If there is a certificate of a name of AzureAAD, get the certificate thumbprint
if(x509GR.get('name', 'AzureAAD')){
//Use the sys_id and algorithm we want to create a thumbprint
var thumbPrint = CertificateEncryption.getThumbPrint(x509GR.getUniqueValue(), "SHA-1");
//Print the created thumbprint
gs.print("Thumbprint for " + x509GR.getDisplayValue() + " is " + thumbPrint);
}Output:
V1X+aguDBTZVVbWMGTXxdzJLmaY=CertificateEncryption - getThumbPrintFromKeyStore(String certificateID, String alias, String algorithm)
Generates a hash (SHA-1, SHA-256, and so on) for the certificate from the keystore entry.
| Name | Type | Description |
|---|---|---|
| certificateID | String | Sys_id of the certificate record in the X.509 Certificate [sys_certificate] table. |
| alias | String | Alias name for the certificate. |
| algorithm | String | Algorithm to use to create the hash, such as SHA-1, SHA-256, and so on. |
| Type | Description |
|---|---|
| String | Thumbprint in base64 format. |
CertificateEncryption - sign(String certificateID, String alias, String aliaspassword, String algorithm, String datatosign)
Signs the data using the private key and the specified algorithm.
| Name | Type | Description |
|---|---|---|
| certificateID | String | sys_id of the certificate record in the X.509 Certificate [sys_certificate] table. |
| alias | String | Private key name. |
| aliaspassword | String | Password for the private key. |
| algorithm | String | Algorithm to use. Must be one of the following values:
|
| datatosign | String | Data to sign. |
| Type | Description |
|---|---|
| String | Signed data in base64 format. |
var ce = new CertificateEncryption;
ce.sign("recordID", "alias", "password", "SHA1withRSA", "sign this data");