In order to do this, you'll need to access the Java crypto libraries. In order to access those, you'll have to add a couple of things to the Rhino class shutterfile. This enables you to expose Java libraries natively to the vRO scripting environment. To expose the Java libraries, do this:
- Log in to the control center
- Click System Properties
- Add a new property with the name com.vmware.scripting.rhino-class-shutter-file and the value = /var/lib/vco/app-server/conf/rhinofile
- SSH into the vRO appliance and create the /var/lib/vco/app-server/conf/rhinofile file, the contents should be 3 lines (or add these 3 if you have already created this file before)
- Save the file
- Run chown vco:vco /var/lib/vco/app-server/conf/rhinofile
Restart the vRO server using the command service vco-server restart.
Now you can access those libraries from code. Here is an example of a scriptable task create a hash for a given plainText message and secret. The task takes 2 inputs (strings) - plaintext and secret - and produces one output (string) - hash:
//put our inputs into java.lang.String objects so we can easily convert them to byte arrays later for the hashing functions
javaStrPlainText = new java.lang.String(plaintext);
javaStrSecret = new java.lang.String(secret);
var sha256hmac = javax.crypto.Mac.getInstance("HmacSHA256");
var keySpec = new javax.crypto.spec.SecretKeySpec(javaStrSecret.getBytes(), "HmacSHA256");
hash = org.apache.commons.codec.binary.Base64.encodeBase64String(sha256hmac.doFinal(javaStrPlainText.getBytes()));
Sample run using inputs - plaintext = 'This is a message' ; secret = 'supersecretstring':
[2017-11-20 20:59:57.288] [I] P+GQtjagKxLCrnZ27gM22abua/WJl1vL740NSJshB+U=
Output = 'P+GQtjagKxLCrnZ27gM22abua/WJl1vL740NSJshB+U='
I didn't attempt to piece together the S3 REST calls using this, but it should work. I may try it tomorrow if I have some time.
This looks very useful, but I cannot seem to get the same values as AWS thinks I should get at https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html of
key = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY and a dateStamp = 20120215 should yield a kDate = 969fbb94feb542b71ede6f7e4... When I run code similar to your example I get lp+71P61Q... See Attached. What am I missing?
vROAWSSignature.txt.zip 413 bytes
The HMAC-SHA256 and Base64 Encode/Decode methods you're looking for are available with: GitHub - vmware/o11n-plugin-crypto: vRealize Orchestrator Encryption Plugin
An example of v2 sig for S3 is availalble here: Examples: REST Authentication Headers · vmware/o11n-plugin-crypto Wiki · GitHub