Forum Stats

  • 3,875,729 Users
  • 2,266,956 Discussions
  • 7,912,321 Comments

Discussions

Function for RSA SHA-256 digital signature

24

Answers

  • sect55
    sect55 Member Posts: 1,108 Bronze Badge

    I ran the sign function but the result is in hex. The result for JWT token is not in HEX format. It should look something like

    I am following this webpage:


    What should I do??


    Robert

  • Paulzip
    Paulzip Member Posts: 8,811 Blue Diamond

    That's Base64 encoding.

    If it's shorter than 32k you use utl_raw.cast_to_varchar2(utl_encode.base64_encode(utl_raw.cast_to_raw(<INPUT>)));

    If it's longer, you'll have to process the chunks. I wrote as package to simplify some of the hassles of Base64 here.

  • Anton Scheffer
    Anton Scheffer Member Posts: 1,950 Gold Trophy
    Answer ✓
    declare
      l_header varchar2(1000);
      l_payload varchar2(1000);
      l_sign varchar2(1000);
      l_token varchar2(1000);
      function base64URL_encode( p_raw in raw )
      return varchar2
      is
        l_rv varchar2(32767);
      begin
        l_rv := utl_raw.cast_to_varchar2( utl_encode.base64_encode( p_raw ) );
        l_rv := replace( l_rv, '+', '-' );
        l_rv := replace( l_rv, '/', '_' );
        l_rv := replace( l_rv, chr(10), '' );
        l_rv := replace( l_rv, chr(13), '' );
        return rtrim( l_rv, '=' );
      end;
      function base64URL_encode( p_txt in varchar2 )
      return varchar2
      is
      begin
        return base64URL_encode( p_raw => utl_raw.cast_to_raw( p_txt ) );
      end;
    begin
      l_header := base64URL_encode( p_txt => '{"alg":"RS256","typ":"JWT"}' );
      l_payload := base64URL_encode( p_txt => '{"sub":"1234567890","name":"John Doe","admin":true,"iat":1516239022}' );
      l_sign := base64URL_encode( p_raw => as_crypto.sign( utl_raw.cast_to_raw( l_header || '.' || l_payload )
                                                         , utl_raw.cast_to_raw( 'MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvBsaJq7S5wA+kzeVOVpVWw
    kWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHcaT92whREFpLv9cj5lTeJSibyr/Mr
    m/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIytvHWTxZYEcXLgAXFuUuaS3uF9gEi
    NQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0e+lf4s4OxQawWD79J9/5d3Ry0vbV
    3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWbV6L11BWkpzGXSW4Hv43qa+GSYOD2
    QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9MwIDAQABAoIBACiARq2wkltjtcjs
    kFvZ7w1JAORHbEufEO1Eu27zOIlqbgyAcAl7q+/1bip4Z/x1IVES84/yTaM8p0go
    amMhvgry/mS8vNi1BN2SAZEnb/7xSxbflb70bX9RHLJqKnp5GZe2jexw+wyXlwaM
    +bclUCrh9e1ltH7IvUrRrQnFJfh+is1fRon9Co9Li0GwoN0x0byrrngU8Ak3Y6D9
    D8GjQA4Elm94ST3izJv8iCOLSDBmzsPsXfcCUZfmTfZ5DbUDMbMxRnSo3nQeoKGC
    0Lj9FkWcfmLcpGlSXTO+Ww1L7EGq+PT3NtRae1FZPwjddQ1/4V905kyQFLamAA5Y
    lSpE2wkCgYEAy1OPLQcZt4NQnQzPz2SBJqQN2P5u3vXl+zNVKP8w4eBv0vWuJJF+
    hkGNnSxXQrTkvDOIUddSKOzHHgSg4nY6K02ecyT0PPm/UZvtRpWrnBjcEVtHEJNp
    bU9pLD5iZ0J9sbzPU/LxPmuAP2Bs8JmTn6aFRspFrP7W0s1Nmk2jsm0CgYEAyH0X
    +jpoqxj4efZfkUrg5GbSEhf+dZglf0tTOA5bVg8IYwtmNk/pniLG/zI7c+GlTc9B
    BwfMr59EzBq/eFMI7+LgXaVUsM/sS4Ry+yeK6SJx/otIMWtDfqxsLD8CPMCRvecC
    2Pip4uSgrl0MOebl9XKp57GoaUWRWRHqwV4Y6h8CgYAZhI4mh4qZtnhKjY4TKDjx
    QYufXSdLAi9v3FxmvchDwOgn4L+PRVdMwDNms2bsL0m5uPn104EzM6w1vzz1zwKz
    5pTpPI0OjgWN13Tq8+PKvm/4Ga2MjgOgPWQkslulO/oMcXbPwWC3hcRdr9tcQtn9
    Imf9n2spL/6EDFId+Hp/7QKBgAqlWdiXsWckdE1Fn91/NGHsc8syKvjjk1onDcw0
    NvVi5vcba9oGdElJX3e9mxqUKMrw7msJJv1MX8LWyMQC5L6YNYHDfbPF1q5L4i8j
    8mRex97UVokJQRRA452V2vCO6S5ETgpnad36de3MUxHgCOX3qL382Qx9/THVmbma
    3YfRAoGAUxL/Eu5yvMK8SAt/dJK6FedngcM3JEFNplmtLYVLWhkIlNRGDwkg3I5K
    y18Ae9n7dHVueyslrb6weq7dTkYDi3iOYRW8HRkIQh06wEdbxt0shTzAJvvCQfrB
    jg/3747WSsf/zBTcHihTRBdAv6OmdhV4/dD5YBfLAkLrd+mX7iE=' ), as_crypto.KEY_TYPE_RSA, as_crypto.SIGN_SHA256_RSA ) );
      l_token := l_header || '.' || l_payload || '.' || l_sign;
      dbms_output.put_line( l_token );
    end;
    
    
    
  • sect55
    sect55 Member Posts: 1,108 Bronze Badge

    Thank you ascheffer.

    I was able to generate the sign. But I'm still cannot get the JWT from DocuSign. I get the following result for my response to the API:

    {"error":"invalid_grant","error_description":"unsupported_grant_type"}

    DocuSign states that the grant_type was blank but it wasn't.

    So I'm asking are there any Oracle PL/SQL developers who has had experience with DocuSign embedded signature with JWT authentication. My management is ready to pull the plug on this project since it seems that APEX/ PL/SQL does not work well with DocuSign.

    Please help me!!!

    Robert

  • Anton Scheffer
    Anton Scheffer Member Posts: 1,950 Gold Trophy

    I suspect that you will get more help if you show the code you have used.

  • sect55
    sect55 Member Posts: 1,108 Bronze Badge

    Ascheffer,

    Here is the code. Hope you can find the resolution. Thanks in advance.


    Robert

  • Anton Scheffer
    Anton Scheffer Member Posts: 1,950 Gold Trophy

    Several things:

    • No need to select sysdate from dual, l_iat := round(( SYSDATE - DATE '1970-01-01' ) * 86400 ,0) will do
    • I would check the Oracle documentation for ltrim/rtrim if I was you
    • you only need a private key for the signing function
    • you token is not l_sign, but l_header || '.' || l_payload || '.' || l_sign;

    Just a quick check, no guarantee that this is complete.

  • sect55
    sect55 Member Posts: 1,108 Bronze Badge

    Ascheffer,


    I may the changes you suggestion. Please see the attached. I still get the same error. Can you see anything else?


    Robert

  • sect55
    sect55 Member Posts: 1,108 Bronze Badge

    Ascheffer,

    Some more information:

    body :

    grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiI4ZWNkNTRkYi0yODUyLTRhZWEtODhhOS03ZmM2ZDhkOTg5OGEiLCJzdWIiOjZlYzc1ZTg0LTYwMWYtNGNhNC05NzE3LTFkZDFlNDBkZDc2ZSwiaWF0IjoxNjE5NDM2MjY3LCJleHAiOjE2MTk0Mzk4NjcsImF1ZCI6ImFjY291bnQtZC5kb2N1c2lnbi5jb20iLCJzY29wZSI6InNpZ25hdHVyZSBpbXBlcnNvbmF0aW9uIn0.FzoxYh3pN2A-Tqx5Tn6J1ps6wWMewtd_3rmTpRm2gmh5poOTUzO8hNpP4dAbeJbUZuwVkCBC3Z6lxyBVCumYCJ8pHMeHLWisX0kamUge-1FPo4iBSlF0pz9gcYYt1TIl5w2VwKpGHmUdekw2Bu3PtenO3frq0xLuQrlEiMG5EarHethNcRV0zo6FD63fplLoWRWuYK6_CDnbmi1qO8WZVyhSHkysstRwF4kDXUle9SF6jmgh1T4zQhJ8DcG7iYZ4mLig3JccCnChVUmaWpC3Ja2ad3CO-sHcERS475wqLu3oa27_P-9P9HOxryTTLglEQgCgHjUOLSj3_Ux2h6jVfQ


    header : {"typ":"JWT","alg":"RS256"}

    Payload ={"iss":"8ecd54db-2852-4aea-88a9-7fc6d8d9898a","sub":6ec75e84-601f-4ca4-9717-1dd1e40dd76e,"iat":1619436267,"exp":1619439867,"aud":"account-d.docusign.com","scope":"signature impersonation"}


    Robert

  • Anton Scheffer
    Anton Scheffer Member Posts: 1,950 Gold Trophy

    Are you sure you get the same error {"error":"invalid_grant","error_description":"unsupported_grant_type"}?

    I get a {"error":"invalid_grant","error_description":"user_not_found"} using your body

    Might have something to do with the sub json string value not being surround with ""

    But the way, using this forum as a debug service is probably not the fastest way to solve your problems.