tag:blogger.com,1999:blog-6139250371277978964.post635427358613647378..comments2023-06-25T04:23:18.275-04:00Comments on Application Express Nuggets: HMAC_SHA256 in PL/SQLJason Straubhttp://www.blogger.com/profile/12627913070109819002noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-6139250371277978964.post-82965168414383116192014-12-02T10:43:24.713-05:002014-12-02T10:43:24.713-05:00Sorry to update an old blog, but I found this real...Sorry to update an old blog, but I found this really useful in debugging my same requirement. In 12c it looks like the DBMS_CRYPTO is updated to include HMAC_SH256...<br /><br />DECLARE<br /> l_key VARCHAR(100) := 'abcdefg';<br /> l_string VARCHAR2(2000) := 'GET<br />ecs.amazonaws.com<br />/onca/xml<br />AWSAccessKeyId=123456&'||'AssociateTag=apex30-20&'||'Keywords=liberty%20and%20tryanny&'||'Operation=ItemSearch&'||'ResponseGroup=ItemAttributes%2CImages&'||'SearchIndex=Books&'||'Service=AWSECommerceService&'||'Timestamp=2009-07-24T06%3A35%3A14-08%3A00&'||'Version=2009-03-31';<br /> l_sig_mac RAW(2000);<br /> l_base64_sig_mac VARCHAR2(2000);<br />BEGIN<br /> l_sig_mac :=<br /> DBMS_CRYPTO.mac(UTL_I18N.string_to_raw(l_string, 'AL32UTF8'), DBMS_CRYPTO.HMAC_SH256, UTL_I18N.string_to_raw(l_key, 'AL32UTF8'));<br /> l_base64_sig_mac := UTL_RAW.cast_to_varchar2(UTL_ENCODE.base64_encode(l_sig_mac));<br /> DBMS_OUTPUT.put_line('MAC Signature (Base64-encoded): ' || l_base64_sig_mac);<br />END;<br />/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-80544219696678950552009-10-23T11:19:23.850-04:002009-10-23T11:19:23.850-04:00Yes, you are a star.... I can't wait, thank yo...Yes, you are a star.... I can't wait, thank you so much.Michelle Skamenehttps://www.blogger.com/profile/06293329473156240105noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-52642670724801162622009-10-23T10:56:42.076-04:002009-10-23T10:56:42.076-04:00Michelle:
I have been meaning to update the flex_...Michelle:<br /><br />I have been meaning to update the flex_ws_api with support for RESTful Web services. How about I create a new post when I have added that support and as an example I will call the Amazon Product Search API with the ItemSearch operation as the example? I confirmed this can be done without HTTPS. I will try to have this done by the end of next week. Will that help?<br /><br />Regards,<br /><br />JasonJason Straubhttps://www.blogger.com/profile/12627913070109819002noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-1357852839635156222009-10-23T10:44:01.654-04:002009-10-23T10:44:01.654-04:00Jason,
I am making a pest of myself now... I am st...Jason,<br />I am making a pest of myself now... I am struggling to find a good hosting provider that will allow me to set the wallet path within APEX (without the prohibitive costs of a dedicated instance). Do you have any advice on how I can interact with Amazon API (I need to use ItemSearch and ItemLookup) without posting to https? You have done some work with REST requests, I am wondering if you might give me your thoughts on this, if you might let me look at what you have done, if I can hire your services... This is something I would really want to put in place before starting to market my (really cool!!) website for kids... May I contact you somehow? Thank you in advance for any help/insight you can provide... <br />MichelleMichelle Skamenehttps://www.blogger.com/profile/06293329473156240105noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-90626969096243240052009-10-20T10:11:34.019-04:002009-10-20T10:11:34.019-04:00Michelle:
Oracle Open World was a success and I w...Michelle:<br /><br />Oracle Open World was a success and I was able to spend some time with one of your colleagues.<br /><br />Web Service support in Application Express uses UTL_HTTP to do the HTTP POST to the Web service. If the URL endpoint is HTTPS, then a wallet path and password needs to be passed to UTL_HTTP. Application Express needs to know what that path and password is. (The password is stored encrypted in a table in the Application Express schema.) <br /><br />If your hosting provider refuses to create a wallet that is accessible by the database server where Application Express is running and will not provide the path and password in Application Express Instance Admin Environment settings, than perhaps you do need to find another hosting provider that will, unfortunately.<br /><br />Regards,<br /><br />JasonJason Straubhttps://www.blogger.com/profile/12627913070109819002noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-37703105090113613102009-10-20T09:13:08.723-04:002009-10-20T09:13:08.723-04:00Hi Jason,
Just wanted to let you know that we tr...Hi Jason,<br /><br />Just wanted to let you know that we tried doing and it worked like a charm. Used the SOAP Without WS Security method, generated the signature using your procedure, and it went great! The only thing is that this required a wallet configuration in 'Manage Instance Settings', which we did in our DEV environment, but the people who host my production DB say that 'my approach is wrong' and that the wallet should not be configured within APEX... :-( So I am still stuck there, looking for alternatives... Think a new hosting company may be in my near future, unless you know how I can get around this without doing everything manually (and without access to INTERNAL workspace...). Thanks, hope Open World was a success!!!Michelle Skamenehttps://www.blogger.com/profile/06293329473156240105noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-64055365183673759842009-10-06T11:35:05.072-04:002009-10-06T11:35:05.072-04:00Michelle:
Yes that should work and I was going to...Michelle:<br /><br />Yes that should work and I was going to try exactly that when I had a chance and then blog about it. I am busy with Oracle Open World prep right now, but hope to get to it soon.<br /><br />Regards,<br /><br />JasonJason Straubhttps://www.blogger.com/profile/12627913070109819002noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-9894753186245813112009-10-06T10:49:55.122-04:002009-10-06T10:49:55.122-04:00Hi Jason,
Do you know if, with the Signature chang...Hi Jason,<br />Do you know if, with the Signature changes on Amazon Web Services, I could simply modify the SOAP envelope in the Amazon Store Packaged app to include the:<br />soap: Header with the AWS Access Key, Timestamp and Signature? (following the SOAP without WS-Security procedure on the Product Advertising API). If so, should I be able to use the procedure described here to calculate the HMAC-SHA256 digest of the concatenation of the Action and Timestamp parameters, using my AWS Secret Access Key as the key? I have tried, but am receiving an PL/SQL: numeric or value error: hex to raw conversion error when trying to run it. Any help would be appreciated!Michelle Skamenehttps://www.blogger.com/profile/06293329473156240105noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-26352726272116564002009-09-28T14:47:52.052-04:002009-09-28T14:47:52.052-04:00Hi Jason,
Thanks for your post! I was wondering if...Hi Jason,<br />Thanks for your post! I was wondering if there was *any* way you would be willing to let me see your sample application using the Amazon REST APIs, or provide me with some additional counselling offline.<br />I am really struggling with this. I have been working with APEX since 2003, but have never used Web Services, and not too sure where to start. I am working on a kids' reading incentive program using APEX, and Amazon integration would be a huge plus. I would be happy to tell you more about it.<br />Many thanks!Michelle Skamenehttps://www.blogger.com/profile/06293329473156240105noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-7287646284315197682009-07-24T15:11:17.138-04:002009-07-24T15:11:17.138-04:00Greg:
I did see that same post and got excited ab...Greg:<br /><br />I did see that same post and got excited about it until I realized it was only doing an SHA256 hash and would not do an HMAC_SHA256 signature with a key I can supply. That is the necessary part about signing a URL for Amazon Web Services. You must sign the URL with your secret key, not just hash it.<br /><br />Regards, <br /><br />JasonJason Straubhttps://www.blogger.com/profile/12627913070109819002noreply@blogger.comtag:blogger.com,1999:blog-6139250371277978964.post-69500236087036921232009-07-24T15:02:51.652-04:002009-07-24T15:02:51.652-04:00This looks like a simpler version of the Java stor...This looks like a simpler version of the Java stored procedure<br />http://blog.diggydobby.com/archive/crypto-sha-256-and-sha-512-hashes/<br /><br />GregGreg Jarmiolowskihttps://www.blogger.com/profile/08822053074587683617noreply@blogger.com