Topic
6 replies Latest Post - ‏2014-04-08T09:45:57Z by daniel64
Dev5
Dev5
4 Posts
ACCEPTED ANSWER

Pinned topic Rest Service JWT

‏2014-01-01T21:49:33Z |

I am trying to develop sample Rest service which can accept JWT/jws signed message in Firmware 6.0. is it possible to read and verify the JWT signed messages and convert to soap. ?  I searched the forum and don't see anything related to JWT. Please let me know if this is possible in Datapower.

 

  • Dev5
    Dev5
    4 Posts
    ACCEPTED ANSWER

    Re: Rest Service JWT

    ‏2014-01-02T16:38:52Z  in response to Dev5

    is this supported by Datapower Firmware 6.0?

    • HermannSW
      HermannSW
      4357 Posts
      ACCEPTED ANSWER

      Re: Rest Service JWT

      ‏2014-01-03T12:36:16Z  in response to Dev5

      I doubt.

      Are you talkiong about this?
      http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-17


      Hermann<myXsltBlog/> <myXsltTweets/> <myCE/> <myFrameless/>

      • Dev5
        Dev5
        4 Posts
        ACCEPTED ANSWER

        Re: Rest Service JWT

        ‏2014-01-03T16:38:30Z  in response to HermannSW

        Yes. I did not find anything on datapower docs. So trying to see whether i can develop custom style sheet to do that.

         JWT signed structure is described here.

        http://odino.org/securing-your-http-api-with-javascript-object-signing-and-encryption/

        base64URL encoded seperated by dot ".".   Header.payload.signed signature.

        So far i have configured mpg to accept nonxml. In my first processing policy on post action, I configured binary action to capture incoming post reqeust and convert to some kind of xml format using binary-convert.xsl. Then in next policy, I am trying to put header,payload and signature in sepeate nodes (test5.xsl). But I am having difficult convertng post request to some kind of xml format. is that possible ? If you think of some other way, please let me know.  Thank you. XSL's are below.

        binary-convert.xsl

        <xsl:stylesheet version="1.0"
          xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
          xmlns:dp="http://www.datapower.com/extensions"
          extension-element-prefixes="dp"
        >
          <dp:input-mapping  href="binaryNode.ffd" type="ffd"/>
          <dp:output-mapping href="binaryNode.ffd" type="ffd"/>

          <xsl:template match="/">
            <object>
              <message>
                <xsl:copy-of select="/object/message/node()"/>
              </message>
            </object>
          </xsl:template>
        </xsl:stylesheet>

        test5.xsl

        <xsl:stylesheet version="1.0"
                xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions"
                xmlns:man="http://www.datapower.com/schemas/management"
                extension-element-prefixes="dp">
                <dp:input-mapping type="ffd" href="binaryNode.ffd" />
             <xsl:template match="/object/message" name="tokenize">
                <xsl:param name="text" select="."/>
                <xsl:param name="separator" select="'.'"/>
                <xsl:choose>
                    <xsl:when test="not(contains($text, $separator))">
                        <item>
                            <xsl:value-of select="normalize-space($text)"/>
                        </item>
                    </xsl:when>
                    <xsl:otherwise>
                        <item>
                            <xsl:value-of select="normalize-space(substring-before($text, $separator))"/>
                        </item>
                        <xsl:call-template name="tokenize">
                            <xsl:with-param name="text" select="substring-after($text, $separator)"/>
                        </xsl:call-template>
                    </xsl:otherwise>
                </xsl:choose>
            </xsl:template>
        </xsl:stylesheet>
        
        • Dev5
          Dev5
          4 Posts
          ACCEPTED ANSWER

          Re: Rest Service JWT

          ‏2014-01-03T16:42:44Z  in response to Dev5

          Signed sample message looks like this ( done using Java)

          eyJhbGciOiJSUzI1NiJ9.SldUQ2xhaW1zU2V0IFtpc3M9QXBpZ2VlIEFQSSBHYXRld2F5LCBzdWI9bnVsbCwgYXVkPW51bGwsIGV4cD1GcmkgSmFuIDAzIDA5OjUxOjAzIE1TVCAyMDE0LCBuYmY9RnJpIEphbiAwMyAwOTo0MTowMyBNU1QgMjAxNCwgaWF0PUZyaSBKYW4gMDMgMDk6NDE6MDMgTVNUIDIwMTQsIGp0aT1kZDYxMGJhYy0wNDM3LTRkODAtYjE0MS01OTZkNzVkZDdiZmYsIHR5cD1udWxsLCBjdXN0b21DbGFpbXM9e3Njb3BlPWNhbXBhaWduTWd0LCBjbGllbnQ9WFlaLCB1c2VyPWFiY2R9XQ.esOEqnet0jipaDUbyqHezAuVAR36uPmeiSaa6LYeqhgYLEJYnCYzOf8ic2wjFEfJlX6JjVx5lNMzCuMgjPrfextgDjyujNXLOPJqBURiJSeLjAEZ2Gl1QeFkqyFAYte6qKMHUMOYvpkHXWnq56P72OqctNrrGEcdB9Kurh0VQAM

          • HermannSW
            HermannSW
            4357 Posts
            ACCEPTED ANSWER

            Re: Rest Service JWT

            ‏2014-01-04T06:16:03Z  in response to Dev5

            The last 1024 bytes are pure binary data which need special handling in a stylesheet, see:
            http://www-01.ibm.com/support/docview.wss?uid=swg27022977
            http://www-01.ibm.com/support/docview.wss?uid=swg27022979

            $ base64 -di | od -Ax -tcx1
            eyJhbGciOiJSUzI1NiJ9.SldUQ2xhaW1zU2V0IFtpc3M9QXBpZ2VlIEFQSSBHYXRld2F5LCBzdWI9bnVsbCwgYXVkPW51bGwsIGV4cD1GcmkgSmFuIDAzIDA5OjUxOjAzIE1TVCAyMDE0LCBuYmY9RnJpIEphbiAwMyAwOTo0MTowMyBNU1QgMjAxNCwgaWF0PUZyaSBKYW4gMDMgMDk6NDE6MDMgTVNUIDIwMTQsIGp0aT1kZDYxMGJhYy0wNDM3LTRkODAtYjE0MS01OTZkNzVkZDdiZmYsIHR5cD1udWxsLCBjdXN0b21DbGFpbXM9e3Njb3BlPWNhbXBhaWduTWd0LCBjbGllbnQ9WFlaLCB1c2VyPWFiY2R9XQ.esOEqnet0jipaDUbyqHezAuVAR36uPmeiSaa6LYeqhgYLEJYnCYzOf8ic2wjFEfJlX6JjVx5lNMzCuMgjPrfextgDjyujNXLOPJqBURiJSeLjAEZ2Gl1QeFkqyFAYte6qKMHUMOYvpkHXWnq56P72OqctNrrGEcdB9Kurh0VQAM
            base64: ungültige Eingabe
            000000   {   "   a   l   g   "   :   "   R   S   2   5   6   "   }   J
                    7b  22  61  6c  67  22  3a  22  52  53  32  35  36  22  7d  4a
            000010   W   T   C   l   a   i   m   s   S   e   t       [   i   s   s
                    57  54  43  6c  61  69  6d  73  53  65  74  20  5b  69  73  73
            000020   =   A   p   i   g   e   e       A   P   I       G   a   t   e
                    3d  41  70  69  67  65  65  20  41  50  49  20  47  61  74  65
            000030   w   a   y   ,       s   u   b   =   n   u   l   l   ,       a
                    77  61  79  2c  20  73  75  62  3d  6e  75  6c  6c  2c  20  61
            000040   u   d   =   n   u   l   l   ,       e   x   p   =   F   r   i
                    75  64  3d  6e  75  6c  6c  2c  20  65  78  70  3d  46  72  69
            000050       J   a   n       0   3       0   9   :   5   1   :   0   3
                    20  4a  61  6e  20  30  33  20  30  39  3a  35  31  3a  30  33
            000060       M   S   T       2   0   1   4   ,       n   b   f   =   F
                    20  4d  53  54  20  32  30  31  34  2c  20  6e  62  66  3d  46
            000070   r   i       J   a   n       0   3       0   9   :   4   1   :
                    72  69  20  4a  61  6e  20  30  33  20  30  39  3a  34  31  3a
            000080   0   3       M   S   T       2   0   1   4   ,       i   a   t
                    30  33  20  4d  53  54  20  32  30  31  34  2c  20  69  61  74
            000090   =   F   r   i       J   a   n       0   3       0   9   :   4
                    3d  46  72  69  20  4a  61  6e  20  30  33  20  30  39  3a  34
            0000a0   1   :   0   3       M   S   T       2   0   1   4   ,       j
                    31  3a  30  33  20  4d  53  54  20  32  30  31  34  2c  20  6a
            0000b0   t   i   =   d   d   6   1   0   b   a   c   -   0   4   3   7
                    74  69  3d  64  64  36  31  30  62  61  63  2d  30  34  33  37
            0000c0   -   4   d   8   0   -   b   1   4   1   -   5   9   6   d   7
                    2d  34  64  38  30  2d  62  31  34  31  2d  35  39  36  64  37
            0000d0   5   d   d   7   b   f   f   ,       t   y   p   =   n   u   l
                    35  64  64  37  62  66  66  2c  20  74  79  70  3d  6e  75  6c
            0000e0   l   ,       c   u   s   t   o   m   C   l   a   i   m   s   =
                    6c  2c  20  63  75  73  74  6f  6d  43  6c  61  69  6d  73  3d
            0000f0   {   s   c   o   p   e   =   c   a   m   p   a   i   g   n   M
                    7b  73  63  6f  70  65  3d  63  61  6d  70  61  69  67  6e  4d
            000100   g   t   ,       c   l   i   e   n   t   =   X   Y   Z   ,
                    67  74  2c  20  63  6c  69  65  6e  74  3d  58  59  5a  2c  20
            000110   u   s   e   r   =   a   b   c   d   }   ]  \a 254   8   J 247
                    75  73  65  72  3d  61  62  63  64  7d  5d  07  ac  38  4a  a7
            000120   z 335   # 212 226 203   Q 274 252 035 354 300 271   P 021 337
                    7a  dd  23  8a  96  83  51  bc  aa  1d  ec  c0  b9  50  11  df
            000130 253 217 231 350 222   i 256 213   a 352 241 201 202 304   % 211
                    ab  8f  99  e8  92  69  ae  8b  61  ea  a1  81  82  c4  25  89
            000140 302   c   3 237 362   '   6 302   1   D   | 231   W 350 230 325
                    c2  63  33  9f  f2  27  36  c2  31  44  7c  99  57  e8  98  d5
            000150 307 231   M   3   0 256   2  \b 317 255 367 261 266  \0 343 312
                    c7  99  4d  33  30  ae  32  08  cf  ad  f7  b1  b6  00  e3  ca
            000160 350 315   \ 263 217   & 240   T   F   "   R   x 270 300 021 235
                    e8  cd  5c  b3  8f  26  a0  54  46  22  52  78  b8  c0  11  9d
            000170 206 227   T 036 026   J 262 024 006   -   { 252 212   0   u  \f
                    86  97  54  1e  16  4a  b2  14  06  2d  7b  aa  8a  30  75  0c
            000180   9 213 351 220   u 326 236 256   z   ? 275 216 251 313   M 256
                    39  8b  e9  90  75  d6  9e  ae  7a  3f  bd  8e  a9  cb  4d  ae
            000190 261 204   q 320   }   * 352 341 321   T  \0
                    b1  84  71  d0  7d  2a  ea  e1  d1  54  00
            00019b
             
            ~
            $
             

            Hermann<myXsltBlog/> <myXsltTweets/> <myCE/> <myFrameless/>

        • daniel64
          daniel64
          10 Posts
          ACCEPTED ANSWER

          Re: Rest Service JWT

          ‏2014-04-08T09:45:57Z  in response to Dev5

          Hi Dev5,

           

          I need to do the same verification...

          Did you finally succeed ?

          Can you post the XSL if yes...

           

          Best regards.