IBM Security Verify

Expand all | Collapse all

PluginUtils - usage in Infomap

  • 1.  PluginUtils - usage in Infomap

    Posted 4 days ago
    Dear community,

    I was wondering if somebody could help explaining why PluginUtils class sometimes is usable and sometimes is not.
    We are running 9.0.7.1, but same behavior was noticed on earlier versions.

    In documentation it is listed as globally available class: https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/con_otp_customize_mapping_rules_gs_aac.html

    We are able to import and use this class in some mapping rule (like Post/Pre token), but in some it does not work.

    For example in infomap, following import
    importClass(Packages.com.tivoli.am.rba.extensions.PluginUtils);
    results in a stack trace:
    Caused by: org.mozilla.javascript.EvaluatorException: Function importClass must be called with a class; had "[JavaPackage com.tivoli.am.rba.extensions.PluginUtils]" instead.

    Same import works fine in some other places.

    Thanks,
    Dean





  • 2.  RE: PluginUtils - usage in Infomap

    Posted 4 days ago

    Hello Dean,

    The 'com.tivoli.am.rba.extensions.PluginUtils' class is meant to be used in the JavaScript PIP as it's part of the 'RBA' (Risk Based Access also known as 'CBA', Contex Based Access') feature.

    For mapping rules other than JavaScript PIP you should use the following:

    com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils

    Is there a specific function from the PluginUtils class that you are trying to use in infomap that's not in the IDMappingExtUtils class?



    ------------------------------
    JACK YARBOROUGH
    ------------------------------



  • 3.  RE: PluginUtils - usage in Infomap

    Posted 4 days ago
    Hi Jack,

    thanks a lot for you fast response. Ok, noted the difference.

    I actually need to calculate SHA256 hash of a string.
    In PluginUtils there is "hash" function which I wanted to try.
    Besides that, only alternative I saw is SHA256Sum in OAuthMappingExtUtils.
    I tried it, but I am not confident in the output I get.

    Following is my snippet:
    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils);
    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);

    let payload = "This is a payload";
    IDMappingExtUtils.traceString("\nPayload: " + payload);

    let payload_digest = String(new java.lang.String(OAuthMappingExtUtils.SHA256Sum(new java.lang.String(payload))))
    IDMappingExtUtils.traceString("\nDigest: " + payload_digest);


    Output:
    Payload: This is a payload
    Digest: W�����Z�YKC��X��!�� �+�De>�


    Is this function correct to use?

    Thanks,
    Dean

    ------------------------------
    Dean Ivosevic
    ------------------------------



  • 4.  RE: PluginUtils - usage in Infomap

    Posted 4 days ago

    Hello Dean,

    That would be the correct output to use but since the output is going to be a Java Byte array (byte[]) the best thing would be to wrap it in the 'com.tivoli.am.fim.base64.BASE64Utility.encode(byte[])' class so that you'll get a base64 encoded String as the output.

    EG:

    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils);
    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
    importClass(Packages.com.tivoli.am.fim.base64.BASE64Utility);
    
    let payload = "This is a payload";
    IDMappingExtUtils.traceString("\nPayload: " + payload);
    
    let payload_digest = String(new java.lang.String(BASE64Utility.encode(OAuthMappingExtUtils.SHA256Sum(new java.lang.String(payload)))));
    IDMappingExtUtils.traceString("\nDigest: " + payload_digest);


    That way you get a string output.
    Hashes are base64 encoded by default by other programs due to them being binary in nature (byte arrays).



    ------------------------------
    JACK YARBOROUGH
    ------------------------------



  • 5.  RE: PluginUtils - usage in Infomap

    Posted 3 days ago
    Hi Jack,

    thanks a lot! This really helps.

    Just for reference and completion, if somebody also needs this.
    If a hexadecimal SHA256 representation is needed, which is also common, the byte array needs to be transformed in hexadecimal string.
    I achieved this with following:

    let payload = "":
    let
    hash_byte = OAuthMappingExtUtils.SHA256Sum(new java.lang.String(payload));

    let
    hash_hex = [];
    for (let i = 0; i < hash_byte.length; i++){
    let hex = ('0' + (hash_byte[i] & 0xFF).toString(16)).slice(-2);
    hash_hex.push(hex);
    }
    hash_hex = hash_hex.join("");

    hash_hex = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    Which is aligned with the SHA256 test vector.


    Best,
    Dean

    ------------------------------
    Dean Ivosevic
    ------------------------------