Tuesday, June 10, 2025

OIC - Verifying RSA Signatures Using OCI Functions and Java – A Seamless OIC Integration

Use Case

In today’s cloud-driven world, secure communication is paramount. One critical aspect of security is verifying digital signatures using asymmetric RSA cryptography. In this scenario, you need to:

✅ Validate incoming data from a third-party system using RSA signature verification.
✅ Perform the verification logic using a Java library (with SHA256withRSA).
✅ Deploy this verification as a serverless OCI Function.
✅ Invoke this function securely from Oracle Integration Cloud (OIC) to ensure your integration flows can trust the incoming data.

Solution Overview

We’ll cover:

1️⃣ Writing a Java class (RSASignatureVerifier) to verify RSA signatures.
2️⃣ Deploying this logic as an OCI Function (Java runtime).
3️⃣ Calling this OCI Function from OIC (via the Function Adapter).

This ensures your verification logic is centralized, secure, and easily maintainable.

Step-by-Step Solution

Step 1: Java Class for RSA Signature Verification

Here’s the complete Java code (RSASignatureVerifier.java).

import java.security.*;
import java.security.spec.*;
import java.util.Base64;

public class RSASignatureVerifier {

    /**
     * Verifies an RSA signature.
     *
     * @param data The original data that was signed.
     * @param signatureBase64 The signature in Base64 encoding.
     * @param publicKeyBase64 The RSA public key in Base64 encoding (X.509 format).
     * @param hashType Hashing algorithm to use (e.g., "SHA256withRSA").
     * @return true if the signature is valid, false otherwise.
     * @throws Exception on errors during verification.
     */
    public boolean verifySignature(String data, String signatureBase64, String publicKeyBase64, String hashType) throws Exception {
        // Decode the public key
        byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyBase64);
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(keySpec);

        // Decode the signature
        byte[] signatureBytes = Base64.getDecoder().decode(signatureBase64);

        // Initialize the Signature object for verification
        Signature signature = Signature.getInstance(hashType);
        signature.initVerify(publicKey);
        signature.update(data.getBytes("UTF-8"));

        // Verify the signature
        return signature.verify(signatureBytes);
    }

    // Example usage
    public static void main(String[] args) throws Exception {
        RSASignatureVerifier verifier = new RSASignatureVerifier();

        String data = "12345678910";
        String publicKeyBase64 = "MIIBIjANBgkqhkiG9w0BAQEFAAOC..."; // truncated for brevity
        String signatureBase64 = "4BDmT8Qm8c9EQDdKLor7DXN5u..."; // truncated

        boolean isValid = verifier.verifySignature(data, signatureBase64, publicKeyBase64, "SHA256withRSA");
        System.out.println("Signature valid? " + isValid);
    }
}

Screenshot:

Step 2: Deploy as an OCI Function

1️⃣ Create a new OCI Function using the Java runtime.
2️⃣ Package your Java code (including the RSASignatureVerifier class) as a JAR.
3️⃣ Implement the Function’s entry point (handleRequest) to accept JSON with these fields:

{
  "data": "string to verify",
  "signatureBase64": "base64-encoded signature",
  "publicKeyBase64": "base64-encoded public key",
  "hashType": "SHA256withRSA"
}

4️⃣ Parse the JSON, call verifySignature, and return the verification result as JSON.

Here’s a sample Function handler:

import com.fnproject.fn.api.*;
import java.util.Map;

public class VerifySignatureFunction {
    public boolean handleRequest(Map<String, String> input) throws Exception {
        RSASignatureVerifier verifier = new RSASignatureVerifier();

        String data = input.get("data");
        String signatureBase64 = input.get("signatureBase64");
        String publicKeyBase64 = input.get("publicKeyBase64");
        String hashType = input.get("hashType");

        return verifier.verifySignature(data, signatureBase64, publicKeyBase64, hashType);
    }
}

Step 3: Invoke OCI Function from OIC

✅ Use the Oracle Integration Function Adapter.
✅ Configure it to call your OCI Function endpoint.
✅ Pass the required JSON payload dynamically from your OIC integration (e.g., mapping from integration data fields).

Result

🎉 Your integration flows in OIC now securely validate signatures before proceeding!
🛡️ You’ve centralized this cryptographic logic in an OCI Function, making it secure and reusable across multiple flows.

Conclusion

🔑 By combining Java’s cryptography libraries, OCI Functions, and OIC’s Function Adapter, you’ve built a secure, scalable, and maintainable solution for RSA signature verification.

How to generate the rsa public key: use the below online tool:

https://8gwifi.org/RSAFunctionality?rsasignverifyfunctions=rsasignverifyfunctions&keysize=2048

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

OIC - OIC Utility to Reprocess Failed Real-Time Integration JSON Payloads

📌 Use Case In real-time OIC integrations, JSON payloads are exchanged with external systems via REST APIs. When such integrations fail (du...