1. Using the Rapid Adapter Builder with Oracle Integration 3
  2. Work with the Adapter Definition Document
  3. Update Trigger Definitions
  4. Work with Security Policies in Triggers
  5. Create a Trigger Connection Definition Using RSA Signatures

Create a Trigger Connection Definition Using RSA Signatures

This procedure gives an overview of how to implement a trigger connection definition that uses RSA signatures.

Prerequisites

Check the webhook producer documentation on how the webhook is signed. Collect information on the following:
  • What is signed?
  • Which algorithm is used.
  • How the signature is sent in the request? For example, find out which header and the format of the header value.
  • Does it contain any information on timestamp to be validated. If yes where and what format.
  • How to get the signing key?

Note:

Customer must upload certificate in Oracle Integration without which this security policy does not work.
  1. Open the adapter definition document in Visual Studio Code Editor.
  2. Navigate to the connections code section of the document and set the scope to TRIGGER.
  3. Set the value of the security properties according to the information you collected in the prerequisites.

    Here is a code sample where:

    • Signed content is extracted from authorization header ( .request.headers.authorization|split(\" \")|.[1]|split(\".\")|(.[0]+\".\"+.[1]) ).
    • Signature is base64URLencodeString and part of authorization header ( connectivity::base64URLDecode(.request.headers.authorization|split(" ")|.[1]|split(".")|.[2]) ).
    • Signature key is added in securityProperty signKey part of same policy and referred in RSA function (.securityProperties.signKey). This key resolved to alias of certificate uploaded in OIC eg:- "orakey".
    • Timestamp validation is not required and hence empty string.
    "securityPolicies": [
      {  
         "type": "managed",
         "refName": "RSA_SIGNATURE_VALIDATION",
         "description": "Validates RSA Signature",
         "displayName": "RSA SIGNATURE VALIDATION",
         "scope": "TRIGGER",
         "securityProperties": [
            {
                "name": "signatureString",
                "displayName": "Signature Statement",
                "hidden": true,
                "required": true,
                "default": "${.request.body)}"
            },
            {
                "name": "signature",
                "displayName": "Signature Statement",
                "hidden": true,
                "required": true,
                "default": "${connectivity::base64URLDecode(.request.query.signature)}"
            },    
{
                "name": "signatureAlgorithm",
                "displayName": "Request Signature Location",
                "hidden": true,
                "required": true,
                "default": "SHA256withRSA"
            },
            {
                "name": "signKey",
                "displayName": "Certificate Alias",
                "hidden": false,
                "required": true
            },
            {
                "name": "timestampValidator",
                "displayName": "Request Signature Location",
                "hidden": true,
                "required": true,
                "default": ""
            },
             
        ]
       }
    ]