Re: base64 URL decode - for jwt

[Brad Stone <bvstone@xxxxxxxxx>]

I wrote a Node web service to parse out and validate JWTs.  Way easier than
trying to use RPG (and from me that says a lot.. haha).

I then use GETURI to make a call to the local web service to parse
out.validate the data.

On Mon, Mar 10, 2025 at 3:04 PM Hiebert, Chris via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

> For what it’s worth, character fields defined as CCSID(*HEX) don’t do any
> conversions.
>
> Dcl-s Variable Char(32760) Ccsid(*HEX);
>
>
> Example with HmacSHA512:
>   Dcl-s toSign varchar(4096) Ccsid(*utf8);
>   Dcl-s oneTimeSecret varchar(128) Ccsid(*utf8);
>   Dcl-s Key Char(64) Ccsid(*hex);
>   Dcl-s encoded_key char(4096);
>
> …
> Load string toSign
> Load string oneTimeSecret
> …
>
>   Key = HmacSHA512( toSign : oneTimeSecret );
>
> len = base64_encode( %Addr( Key ) : %Size( Key ) : %Addr( encoded_key ) :
> %Size( encoded_key ) );
>
> accessKey = shared +':' + %Subst( encoded_key : 1 : len );
> ….
>   Headers += 'Authorization: AccessKey ' + AccessKey + LE;
>
>
>
> // --------------------------------------------------
> // Procedure name: HmacSHA512
> // Purpose:        generate HMAC hash from input
> //                 To account for CCSID conversions, this procedure assumes
> //                 all input is already in the desired CCSID.
> // Returns:        HMAC Hash
> // Parameter:      message     raw character stream
> // Parameter:      passphrase  raw character stream
> // --------------------------------------------------
> Dcl-Proc HmacSHA512;
>   Dcl-Pi *N Char(64) Ccsid(*Hex);
>     message Varchar(32767) Const Ccsid(*Hex);
>     passphrase Varchar(128) Const Ccsid(*Hex);
>   End-pi;
>   Dcl-ds Qc3_Format_ALGD0500_T Qualified Template;
>     Hash_Alg Int(10);
>   End-ds;
>
>   Dcl-ds Qc3_Format_KEYD0200_T Qualified Template;
>     Key_Type Int(10);
>     Key_String_Len Int(10);
>     Key_Format Char(1);
>     Reserved1 Char(3);
>     Key_String Char(128) Ccsid(*hex);
>   End-ds;
>
>   // Qc3CalculateHMAC Caculate the HMAC.
>   // It is important to note that "datatohash" is CCSID(*HEX) so the system
>   // doesn't "Help" us by converting the data into CCSID 37 prior to the
> call.
>   // The Key String is also defined as CCSID(*HEX) so that it isn't
> converted either.
>   // This allows us to pass strings that have already been set to our
> desired ccsid.
>   Dcl-Pr GetHMAC ExtProc('Qc3CalculateHMAC');
>     datatohash      Char(32767) const options(*varsize) ccsid(*hex);
>     pinDataLen      Int(10) const;
>     pinFormat       Char(8) const;
>     palgDesc        Char(32767)  OPTIONS(*VARSIZE) Const;
>     palgDescFmt     Char(8) const;
>     pkeyDesc        Char(32767) const options(*varsize);
>     pkeyDescFmt     Char(8) const;
>     pcryptoProv     Char(1) const;
>     pcryptoDev      Char(10) const;
>     pHMAC           Char(64) options(*varsize);
>     pErrorCode      Char(32767) options(*varsize);
>   End-Pr;
> // FROM:: /COPY QSYSINC/H,QC3CCI
>   Dcl-c     Qc3_MD5                      1   ;
>   Dcl-c     Qc3_SHA1                     2   ;
>   Dcl-c     Qc3_SHA256                   3   ;
>   Dcl-c     Qc3_SHA384                   4   ;
>   Dcl-c     Qc3_SHA512                   5   ;
>   Dcl-c     Qc3_MD2                      6   ;
>   Dcl-c     Qc3_SHA224                   7   ;
>   Dcl-c     Qc3_SHA3_224                 8   ;
>   Dcl-c     Qc3_SHA3_256                 9   ;
>   Dcl-c     Qc3_SHA3_384                11   ;
>   Dcl-c     Qc3_SHA3_512                12   ;
> // Length of HMAX defined by algorithm.
> //  MD5      16 bytes
> //  SHA-1    20 bytes
> //  SHA-256  32 bytes
> //  SHA-384  48 bytes
> //  SHA-512  64 bytes
>   Dcl-ds alg likeds(Qc3_Format_ALGD0500_T);
>   Dcl-DS KeyFormat Likeds(Qc3_Format_KEYD0200_T);
> //  Dcl-s lkeydata_p pointer inz(%Addr(Keyformat.Key_String));
> //  Dcl-s lkeydata Char(1000) Ccsid(*UTF8) based(lkeydata_p);
>   Dcl-ds Errords Likeds(Apierrords);
>   Dcl-s Outhash char(64) Ccsid(*Hex);
>
> //var key = cryptojs.HmacSHA512(toSign, oneTimeSecret);
>
>   OutHash = *Allx'00';
>   KeyFormat = *Allx'00';
>   KeyFormat.Key_Type = Qc3_SHA512;
>   KeyFormat.Key_String_Len = %Len(passphrase);
>   // The Minimum key length is defined based on the type of HASH.
>   // For Qc3_SHA512 the minimum is 64
>   If KeyFormat.Key_String_Len < 64;
>     KeyFormat.Key_String_Len = 64;
>   Endif;
>   KeyFormat.Key_Format= '0';
>   // This allows the key to be padded with NULs
>   KeyFormat.Key_String = *Allx'00';
>   %Subst( KeyFormat.Key_String : 1 : %Len(passphrase) ) = passphrase;
>
>   Errords = *AllX'00';
>   Errords.Bytespass = %Size(Errords);
>
>   alg.Hash_Alg = Qc3_SHA512;
>   Callp GetHMAC(
>       message
>     : %Len(message)
>     : 'DATA0100'
>     : alg
>     : 'ALGD0500'
>     : KeyFormat
>     : 'KEYD0200'
>     : '0'
>     : ''
>     : Outhash
>     : Errords );
>
>
>   Return OutHash;
>
> End-proc;
>
>
>
>
> --
> Chris Hiebert
> Lead Software Developer
> Disclaimer: Any views or opinions presented are solely those of the author
> and do not necessarily represent those of the company.
>
> From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
> Daniel Gross
> Sent: Wednesday, March 5, 2025 12:49 PM
> To: midrange-l@xxxxxxxxxxxxxxxxxx
> Subject: Re: base64 URL decode - for jwt
>
>
>
> In the end I even had a overlapping DS where a "binary" character field
> was overlapped with an UTF-8 character field, because I didn't find a way
> to "move" the value without mixing it up - but I think that was only the
> SHA-256 API.
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: https://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at https://archive.midrange.com/midrange-l.
>
> Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
> questions.