-
-
Save mrpinghe/f44479f2270ea36bf3b7cc958cc76cc0 to your computer and use it in GitHub Desktop.
| var crypto = require('crypto'); | |
| const id = process.env.API_ID; // your API ID, reading from environment variable | |
| const key = process.env.KEY; // your API key, reading from environment variable | |
| const preFix = "VERACODE-HMAC-SHA-256"; | |
| const verStr = "vcode_request_version_1"; | |
| var resthost = "api.veracode.com"; // rest host | |
| var xmlhost = "analysiscenter.veracode.com"; // xml host | |
| var hmac256 = (data, key, format) => { | |
| var hash = crypto.createHmac('sha256', key).update(data); | |
| // no format = Buffer / byte array | |
| return hash.digest(format); | |
| } | |
| var getByteArray = (hex) => { | |
| var bytes = []; | |
| for(var i = 0; i < hex.length-1; i+=2){ | |
| bytes.push(parseInt(hex.substr(i, 2), 16)); | |
| } | |
| // signed 8-bit integer array (byte array) | |
| return Int8Array.from(bytes); | |
| } | |
| var getHost = (xml) => { | |
| if (xml) { | |
| return xmlhost; | |
| } | |
| return resthost; | |
| } | |
| var generateHeader = (url, method, xml) => { | |
| var host = getHost(xml); | |
| var data = `id=${id}&host=${host}&url=${url}&method=${method}`; | |
| var timestamp = (new Date().getTime()).toString(); | |
| var nonce = crypto.randomBytes(16).toString("hex"); | |
| // calculate signature | |
| var hashedNonce = hmac256(getByteArray(nonce), getByteArray(key)); | |
| var hashedTimestamp = hmac256(timestamp, hashedNonce); | |
| var hashedVerStr = hmac256(verStr, hashedTimestamp); | |
| var signature = hmac256(data, hashedVerStr, 'hex'); | |
| return `${preFix} id=${id},ts=${timestamp},nonce=${nonce},sig=${signature}`; | |
| } | |
| module.exports = { | |
| getHost, | |
| generateHeader | |
| } |
Hi @mrpinghe Im trying to use this and kinda confused on
"Then in command line
$ export API_ID=YOUR_API_ID_VALUE && export KEY=YOUR_KEY_VALUE && node test.js"
I cant seem to get it to work as i paste it in my terminal and get this error Uncaught SyntaxError: Unexpected token 'export'
$ export
$ export
What am I doing wrong?
@falcond20 could you paste a screenshot of your terminal showing how you ran the command and the output, with your ID and Key values redacted?
Here is the screenshot @mrpinghe
Ah PowerShell. You want to use Set-Variable to set those variables I believe (I'm not too familiar with PowerShell) https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/set-variable?view=powershell-7.3
FYI - For those interested in using the Web Crypto API (e.g. browser) instead of the Node.js Crypto module, https://gist.github.com/ThibaudLopez/fe1baeaa4461cbf0bfa8fd258ff43243 (based on @mrpinghe work here)
Ah glad to see it worked out!