📌 Use Case
When integrating Oracle Integration Cloud (OIC) with Azure Event Hub / Service Bus / IoT Hub, authentication requires a Shared Access Signature (SAS) token.
- This token is generated from:
- Resource URI (
sr) - Expiry time (
se) - Shared Access Key Name (
skn) - Shared Access Key (
saKey)
- Resource URI (
- The signature (
sig) must be an HMAC-SHA256 hash of the resource URI and expiry, encoded in Base64 and URL-safe.
Instead of relying on external crypto libraries, we can leverage OIC’s built-in oic.crypto.hmacsha256 function to securely generate this SAS token inside integration code.
🛠Solution Steps
1. Define Hex → Base64 URL-safe Converter
The Azure signature must be Base64 URL-encoded. In OIC JS functions, the HMAC result is hex, so we first convert it:
function hexToBase64UrlEncoded(hexString) {
// Convert hex to byte array
var bytes = [];
for (var i = 0; i < hexString.length; i += 2) {
bytes.push(parseInt(hexString.substr(i, 2), 16));
}
// Base64 character set
var base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
var base64 = '';
var padding = '=';
// Process every 3 bytes into 4 base64 characters
for (var i = 0; i < bytes.length; i += 3) {
var byte1 = bytes[i];
var byte2 = i + 1 < bytes.length ? bytes[i + 1] : 0;
var byte3 = i + 2 < bytes.length ? bytes[i + 2] : 0;
var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
base64 += base64Chars[(triplet >> 18) & 0x3F];
base64 += base64Chars[(triplet >> 12) & 0x3F];
base64 += i + 1 < bytes.length ? base64Chars[(triplet >> 6) & 0x3F] : '=';
base64 += i + 2 < bytes.length ? base64Chars[triplet & 0x3F] : '=';
}
// URL-encode the Base64 string
return encodeURIComponent(base64);
}
2. Generate SAS Token in OIC Build Function
This function assembles the SAS token using OIC’s built-in crypto support:
function GetAzureHubAccessTokenOIC(uri, saName, saKey) {
if (!uri || !saName || !saKey) {
throw new Error("Missing required parameter");
}
var encoded = encodeURIComponent(uri);
var now = new Date();
// Token validity: 1 week
var week = 60 * 60 * 24 * 7; // in seconds
var ttl = Math.round(now.getTime() / 1000) + week;
// String to sign
var signature = encoded + '\n' + ttl;
// HMAC-SHA256 using OIC built-in function
var hashCode_value = oic.crypto.hmacsha256(signature, saKey);
// SAS Token format
var sasToken =
"SharedAccessSignature sr=" + encoded +
"&sig=" + hexToBase64UrlEncoded(hashCode_value) +
"&se=" + ttl +
"&skn=" + saName;
return sasToken;
}
Code screenshot:
3. Output SAS Token
The function returns a SAS token like:
SharedAccessSignature sr=<resource-uri>
&sig=<signature>
&se=<expiry-timestamp>
&skn=<key-name>
Example:
SharedAccessSignature sr=https%3A%2F%2Fmyeventhubs.servicebus.windows.net%2Fsamplehub
&sig=abcdXYZ123%3D
&se=1726221440
&skn=RootManageSharedAccessKey
✅ Key Takeaways
- No external crypto library is required — OIC’s built-in
oic.crypto.hmacsha256handles signing. hexToBase64UrlEncoded()ensures the signature is in the correct Base64 URL-safe format.- The generated SAS token can be directly used in HTTP headers for Azure Event Hub or Service Bus REST APIs.
No comments:
Post a Comment