Implement client OAuth 1.0 RSA-SHA256

book

Article ID: 143154

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

The customer needs to implement an OAuth 1.0 client through API Gateway by implementing the signature with the RSA-SHA256 algorithm.

Is it possible to have an assertion that does this?

 

Environment

Release : 9.3

Component : API GTW ENTERPRISE MANAGER

Resolution

The generated base string by the 'Oauth Signature Base String' assertion will be stored in the context variable 'oauth.sigBaseString' and would contain a string such as the one provided below:

GET&http%3A%2F%2F10.52.24.199%3A8080%2FoauthService&oauth_consumer_key%3DZYDPLLBWSK3MVQJSIYHB1OR2JXCY0X2C5UJ2QAR2MAAIT5Q%26oauth_nonce%3Ddc1d3dc7-5b73-4635-8c2a-b69cfe5f9974%26oauth_signature_method%3DRSA-SHA256%26oauth_timestamp%3D1578907156%26oauth_token%3D45c8npv52e48

Now, to generate a signature from the above string, we have to use the 'Generate Security Hash' assertion, in which Source Data should be ${oauth.sigBaseString}, select the Signature Algorithm from the drop down as SHA-256 and in the Output Variable we will define a suitable name which will contain the generated hash.
In this case we have used hashMessage which has the following value after the assertion returns

vOwGDjegfYYE5331QDk6Am23xglGiQ91ZkE4od56RXQ=