A service policy might be invoked that runs a SHA-1 hash function against a string:?helloworld. This would be executed using the Generate Security Hash?assertion as follows:
<Please see attached file for image>
This would result in the following hash sum being presented:
<Please see attached file for image>
This hash sum may not match the hash sum provided by certain tools such as online hash generators, Linux-based hash generators (such as sha1sum or md5sum), or applications or functions within other programming languages. For example, the hashed value displayed above is a hash some that has been Base64-encoded from the raw binary data. Most tools and functions present hashed data encoded in Base16. For example, a comparison of the SHA-1 sum generated by the Policy Manager and a SHA-1 sum generated using the `sha1sum` tool from Unix is:
Gateway: at+xg6SiyUovktq1redipHiJpaE=
sha1sum: 6adfb183a4a2c94a2f92dab5ade762a47889a5a1
There is a marked difference between the two. It is immediately clear that the top result is Base64-encoded whereas the bottom result is Base16-encoded. This gap must be addressed in order to accommodate for certain external applications and endpoints that may present SHA-1 hashes in Base16.
A Gateway service policy can be authored to decode and re-encode hashed data into an appropriate format. A hash operation is performed upon binary data and then encoded in a certain way for consumption. The Gateway encodes the raw hashed binary data in Base64 whereas other applications might encode it in Base16. The following service policy displayed below will hash a string, decode it, and re-encode it in Base16:
<Please see attached file for image>
This service will generate a particular security hash, decode it into raw binary data and then re-encode it in base16. Auditing a string of "helloworld" would show the following results for each hashing operation:
<Please see attached file for image>
In the example above, the base64-encoded hash is printed first and the base16-encoded hash is printed second.
A service policy that is capable of this transformation is attached to this article.
Attachments: