× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi All,

Thanks everyone for the suggestions. It helped me to fix the issue.

Below are the modifications which i did to fix the issue
1) Data part to be in UTF-8 format (encoded value)
2) Key also to be in UTF-8 format (plain text)
3) Minimum Key length value is 32. If we pass key value less than 32 then
we should concatenate null value for the remaining length.

Thanks again for your suggestions.

I appreciate it.

Regards,
Surender K



On Mon, Dec 7, 2020 at 10:46 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:

This is the code I am using - with the keys changed for obvious reasons.
Note the declarations of the keys as UTF-8 - the keys are just as given by
the API supplier. I do no conversion.

Hope this helps.


Dcl-Proc GetJWTKey;

dcl-pi *N Like(jwt_token_t);
end-pi;

// This is the secret key used to sign the app.
// Value will need to be changed if we ever regen the key in the app
store
dcl-s signKey like(jwt_signKey_t) ccsid(*utf8)
inz('abciPFYZjZnUo3pVGxLYG21zmf2qxso89999');

// This is the API key used to identify the issuer (i.e. SiD)
dcl-s apiKey like(jwt_signKey_t) ccsid(*utf8)
inz('-xyz7q4QSaOZESQwPGq15A');

dcl-s payload like(jwt_token_t) ccsid(*utf8);
dcl-s token like(jwt_token_t) ccsid(*utf8);

// The JWT issue time and expiry are specified in unix epoch time
// The routine CvtTSEpoch is used to convert a timestamp to epoch time
dcl-s epochNow int(10);
dcl-s epochExpire int(10);

dcl-c EXPIRE_IN 60; // Life of token in seconds

epochNow = CvtTSEpoch(%Timestamp()); // Time now as unix epoch

epochExpire = epochNow + EXPIRE_IN; // expire token in 1 minute
// - assuming EXPIRE_IN is 60.

// Build the JWT payload
payload = '{ "iss" : "' + apiKey + '", "exp" : ' + %editc(epochExpire :
'X')
+ ', "iat" : ' + %editc(epochNow : 'X') + ' }';

// And generate the JWT using ILEastic's JWT routine/
token = jwt_sign(JWT_HS256 : payload : signKey);

return token;

end-proc;


On Dec 7, 2020, at 10:54 AM, Suren K <suren7437@xxxxxxxxx> wrote:

Hi Jon,

I just saw the ILEastic code.

In the program JWTUT1, the key can assigned as shown below

signKey = '123456789012345678901234567890AB';

I assume the signkey value is the plain text (ASCII format which we are
getting from the client).

Am i right? or do we need to convert the ASCII plain text into another
format?

Regards,
Surender K

On Mon, Dec 7, 2020 at 8:17 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx>
wrote:

If you are using JWTs then rather than rolling your own you could try
Mihael's code (part of the ILEastic project) from here:
https://github.com/sitemule/ILEastic/tree/master/plugins/jwt <
https://github.com/sitemule/ILEastic/tree/master/plugins/jwt>

That is what I ended up using for my Zoom work after having spent some
time beating my head against the same barriers you are encountering.

Always nice to use tested code !


Jon

On Dec 7, 2020, at 7:17 AM, Thomas Raddatz <thomas.raddatz@xxxxxx>
wrote:

Did you convert the secret key (KEYD0200) to the ccsid of the target
system? I assume that you need the hmac for a PC and not for an IBM I,
right? Therefore you want to use an Ascii or UTF-8 key instead of an
EBCDIC
key, I assume.

In that case the key must be converted to the CCSID of the target
system, before passing it to the Qc3CalculateHMAC() API.

Thomas.

-----Ursprüngliche Nachricht-----
Von: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> Im Auftrag von
Suren K
Gesendet: Montag, 7. Dezember 2020 10:15
An: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Betreff: Reg: HMAC Calculation

Hi All,

How are you?

I am facing the following issue with Qc3CalculateHMAC API.

Currently i am trying to do the JWT token validation in iSeries, to do
that i am planning to generate the HMAC using the header, payload and
signed secret key.

The logic i am using is Passing the input data as
Header(Base64encoded).Payload(Base64encoded).

1) For Base64 decoding - SYSTOOLS.BASE64ENCODE function is used.
2) Algorithm - SHA256.
3) I am passing the Secret Key as plain character text using "KEYD0200"

But the HMAC generated by the API is not correct. Am i doing anything
wrong?

Qc3CalculateHMAC(
%addr(headerPayload) :
%len(%trimr(headerPayload)) :
'DATA0100' :
algd0500 :
'ALGD0500' :
keyparam :
'KEYD0200' :
'0' : // crypto
*blank : // crypto dev
hash :
QUSEC);

Could anyone please help me to figure out the issue?

Regards,
Suren K
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe,
or
change list options,
visit:

https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2flists.midrange.com%2fmailman%2flistinfo%2frpg400%2dl&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-b35601ec44c876b516ef29c843b5d6cb9c44d158
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at

https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2farchive.midrange.com%2frpg400%2dl&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-b01fb74cc3366396f8ce552b3fb7a7e1d77d948b
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:

https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2famazon.midrange.com&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-25c69241f01dab5b20ef507ba6ee621ff83bc9a0
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.