https://netsuiteprofessionals.com logo
Join Slack
Powered by
hi all, i'm trying to connect to google service us...
# suitescript
d
hi all, i'm trying to connect to google service using suitescript 2.0, it requires me to generate signature by referring to JSON web Signature. Not really sure how to do this. I know i should use N/crypto module, but not sure which method should i use , can someone shed a light, thanks
b
first choice is usually to go to npm and pick a module that works in netsuite
at the very least, you need to know how to implement the signing algorithm before trying N/crypto
you should also be weary of the weaknesses of N/crypto
it treats secrets differently than normal and you have limited control over how and when you can combine secrets
d
from googling, this is how to do in PHP
Copy code
// Create Signature Hash
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, 'abC123!', true);
i believe the secret is the one coming from google, but in 
crypto.createHmac
, i understand that the key is coming from NS, so seems like it's for different purpose
i got the base64header, payload, and the google secret, i just don't know how to generate in NS
b
my recommendation remains goto npm
if you insist on N/crypto, then crypto.Hmac is the middle step after creating a crypto.SecretKey
you store the secret used for creating the secret key using Secrets Management
if you want to do it the hard way, then Form.addSecretKeyField
you can also probably use Form.addCredentialField if you use it in combination with the methods with a https.SecureString
d
do you have any recommendation package i can use ?
Copy code
you store the secret used for creating the secret key using Secrets Management
You're saying that i store the google secret key as a new key in NS Secrets Management ?
b
id try jwt-simple first, though it would probably require browserify and suitescript 2.1
if you still wanted to do N/crypto, then yes, your key for the hashing function should go into the secrets management
d
ok @battk thanks for your input, i will try with the secrets management first
m
I did this at a previous job. From memory I took the code from jwt-simple but adapted it to use crypto.js instead of node.js crypto module.
b
its why i said i expected the use of browserify to include their crypto polyfill
d
i tried using crypto with secret management. But i got error on 
hmacSHA256.digest
. The error is 
AN_ERROR_OCCURRED_WHILE_DECRYPT_PASSWORDGUID
This is part of my script, i cannot find out why
Copy code
const headerBase64 = encode.convert({
                string: googleHeader,
                inputEncoding: encode.Encoding.UTF_8,
                outputEncoding: encode.Encoding.BASE_64
            });

            const claimsetBase64 = encode.convert({
                string: claimSet,
                inputEncoding: encode.Encoding.UTF_8,
                outputEncoding: encode.Encoding.BASE_64
            });
            var inputString = headerBase64 + '.' + claimsetBase64;

            var secretKey = crypto.createSecretKey({
                encoding: encode.Encoding.HEX,
                secret: 'mysecret'
            });

            var hmacSHA256 = crypto.createHmac({
                algorithm: crypto.HashAlg.SHA256,
                key: secretKey
            });
            hmacSHA256.update({
                input: inputString
            });

            var digestSHA256 = hmacSHA256.digest({
                outputEncoding: encode.Encoding.HEX
            });
b
obviously get the script id of the secret correct
and make sure that it is actually hex encoded
d
ahh, i forgot NS added prefix custsecret
let me try again
btw, i want to confirm is it the google private key, which starts with 
-----BEGIN PRIVATE KEY-----\nMIIEvxxxxxxx
, is the one to be inputed in 
password
field when creating new API Secret, right ?
b
that looks like a private key used for json web encryption
thats something beyond the signing that you are currently doing
you should make extra sure you arent using jwe
if its not jwe, then its likely that your jws algorithm is not an hmac
d
b
Sign the JWT with RSA-256 using the private key found in your service account JSON file.
rsa is not a hmac
the code you are writing is an hmac
d
ic, i think i got confused with this article that says
Copy code
// Create Signature Hash
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, 'abC123!', true);
hmm.. seems like there is no module in NS to do this RSA256 signing ?
b
no
d
ic
i'll look at jwt-simple as you suggested, let's see
b
you are probably getting close to the point where i would consider doing this outside of suitescript
d
how would you do this @battk?
i'm thinking of another approach, where NS will generate file in file cabinet and let third party apps to download it
b
Not sure what you are trying to do, my recommendation is based on not finding any fast asymmetric crypto that works in suitescript
Expect to do a more traditional integration where middleware does integration tasks
You would have access to much broader library support
You may be able to get a npm module working in suitescript but i would expect you to have to work for it and be willing to deal with slow performance
10 Views
Open in Slack
PreviousNext
Powered by