Interesting but this groovy signature is very similar that I did for S3 Bucket AWS.

 

Groovy Signature AWS S3 Bucket

 

Important to make references.

 

Thanks for sharing.

Hi Ricardo,

Thanks for the reference but I were not aware of this.

Regards,

Priyanka

Hello,

It's just metter to be polite and kind, this is the way that all grow around

Congratulations.

Very nice explanation.. really helpful.

Regards,

Anish

Thank you 🙂

Nice One. 🙂

Thanks 🙂

Hi Priyanka,

Thanks for the blog .

I am utilizing this for getting the file from blob storage but its showing Authentication failed and Signature does not match with any computed signature.
Could you please help .
I followed the same process to generate Signature :Authorization with GET verb .

 

Thanks & Regards
Saurabh
kumarsaurabh8618@gmail.com

Hi Saurabh,

Signature string will be different for the GET method. You can try with the below script. Modify the property names as per your iflow config. For GET method, you have to specify the exact filename also. In the below script, the filename is retrieved from property 'fileName'.

For e.g. If you want to retrieve file named 'Sample.csv', set property fileName as 'Sample.csv'.

 

import com.sap.gateway.ip.core.customdev.util.Message

import com.sap.it.api.ITApiFactory

import com.sap.it.api.securestore.SecureStoreService

import com.sap.it.api.securestore.UserCredential

import com.sap.it.api.securestore.exception.SecureStoreException

import javax.crypto.Mac

import javax.crypto.spec.SecretKeySpec

import java.security.InvalidKeyException

def Message processData(Message message) 

{

    //Set Current Time

    TimeZone.setDefault(TimeZone.getTimeZone('GMT'))

    def now = new Date().format("EEE, dd MMM yyyy HH:mm:ss") + " GMT"

    //Set header for datetime

    message.setHeader("x-ms-date", now)

    // Get file name

    String filename = message.getProperties().get("fileName")

    //Get container name

    String container = message.getProperties().get("container")

    //Get folder path

    String folderPath = message.getProperties().get("folderPath")

    //Get Blob name

    String blobname = folderPath + '/'+ filename

    //Get Account Name

    String account = message.getProperties().get("accountName")

    // Set canonicalized Resource

    String canonicalizedResource = '/'+ account + '/'+ container +'/' + blobname

    // set verb as requested method

    String verb = 'GET'

    //Get version

    String version = message.getHeaders().get("x-ms-version")

    //Set Signature String

    String StringToSign = verb +'\n'+'\n'+'\n'+ '\n' +'\n'+ '\n' + '\n' +'\n'+'\n'+'\n'+'\n'+'\n'+'x-ms-date:'+ now +'\n' +'x-ms-version:' + version + '\n'+ canonicalizedResource

    //Get Account Key from Secure Parameter

    String accountKeyAlias = message.getProperties().get("accountKeyAlias")

    def accountKey = getAccountKey(accountKeyAlias)

    // Decode Account Key

    def decodedKey = accountKey.decodeBase64()

    //Get Hash Value

    String hash = hmac_sha256(decodedKey, StringToSign)

    //Set Authorization header

    String auth = 'SharedKey'+ ' ' + account + ':' + hash

    message.setHeader("Authorization", auth)

    return message

}



String getAccountKey(String accountKeyAlias)

{

   def secureStorageService =  ITApiFactory.getService(SecureStoreService.class, null)

    try

    {

        def secureParameter = secureStorageService.getUserCredential(accountKeyAlias)

        return secureParameter.getPassword().toString()

    } 

    catch(Exception e)

    {

        throw new SecureStoreException("Secure Parameter not available")

    }

}



String hmac_sha256(byte[] secretKey, String data) 

{

    try 

    {

        Mac sha256_HMAC = Mac.getInstance("HmacSHA256")

        SecretKeySpec secret_key = new SecretKeySpec(secretKey, "HmacSHA256")

        sha256_HMAC.init(secret_key)

        byte[] digest = sha256_HMAC.doFinal(data.getBytes())

        return digest.encodeBase64()



    } catch (InvalidKeyException e) 

    {

        throw new RuntimeException("Invalid key exception while converting to HMac SHA256")

    }

}

 

HTTP Receiver settings:

HTTP Receiver Adapter

Regards,

Priyanka

Hi Priyanka,

Thanks for your swift response.

It really worked dedicated for one file.

is it possible to get all the files from the folder path ,those have been created or modified after the last pole by CPI

Thanks and Regards

Saurabh

Hi Saurabh,

 

1st you can use List Containers REST API to get the list of filenames and filter out using last modified datetimestamp and then use the GET API to retrieve the file one by one.

Link: https://docs.microsoft.com/en-us/rest/api/storageservices/list-containers2

Regards,

Priyanka

Hi Priyanka,

List with Blobname is retrieved but there are mutiple blobs and is it possible to get the file where blob name with multiple directories e.g - myaccount->container->blobs->blob name -> A/B/C/FileName1.....N.csv.
is it possible to get list only these files FileName1....N and I tried with prefix but It did not work and again filtering based on last modified then passing them one by one to next REST API call to retrive the file .

Condition - CPI should search the file which is modified after the Last Pole happened from CPI ,So for this comparison where should I store the timestamp for lastpole and pass this to compare .

Hi Saurabh,

The scenario sounded similar to the one that I designed previously. Please check out the new blog post on this. Link: Part 2

Hope this helps.

Regards,

Priyanka

Hello Priyanka,

 

Thanks for your blog,

I have followed as to same. I am getting below error cloud please help on the same.

Error

in the monitoring it is showing 403 status code but same public key i am able to opening the Blob Storage.

Do i need to check any thing from Azure Blob side.

Regards,

Kumar

Hello Kumar,

I can see the content-length is missing. To debug the issue, you can add an attachment for StringToSign (specified in groovy script). Both StringToSign and server generated signature string should match. Content-Length is must for PUT call.

Regards,

Priyanka

Hi Priyanka,

 

Thanks,

I have added content-type

I am not aware  how to do(you can add an attachment for StringToSign (specified in groovy script). Both StringToSign and server generated signature string should match) this i am very new to CPI.

I have copy and past your scritp and done some changes.

I have put a debuge and find this error

"<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:82095516-401e-006e-7502-fb1478000000 Time:2021-12-27T09:16:38.4731631Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'sNsO93QmQ5RwzpSpoIIFYvSP8XMM2xjxYaXEwylaMK8=' is not the same as any computed signature. Server used following string to sign: 'PUT"

Thanks a lot.......

Thanks a lot,

Really helpful,Great blog,simply awsm.

Hi Kumar,

To add attachment, refer to the link: https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/17dba92e6ed4402f8cb0f05093a...

You can add the script lines to the same groovy script only. In that case, use like below

messageLog.addAttachmentAsString('Signature', StringToSign, 'text/plain').

This will help you to check the signature string generated by the script.

 

Hi Priyanka,

 

Thanks for all your qucik replies is was very helped me to resovle.

Signature I ahve added the Header in http communication chenall now the issue notcoming.

String StringToSign = verb +'\n'+'\n'+'\n'+ '\n' +'\n'+ '\n' + '\n' +'\n'+'\n'+'\n'+'\n'+'\n'+'x-ms-date:'+ now +'\n' +'x-ms-version:' + version + '\n'+ canonicalizedResource

 

I ahve given the spaces and tried some combinations like spaces but no luck.

please suggest me.

 

Thanks a lot.......

 

 

Hi Madhu,

You don't have to add signature as header. Authorization is calculated based on the signature and the headers, which are required to be passed, are already shown in the screenshot attached in the blogpost.

Regards,

Priyanka

Hi Priyanka,

 

Thanks for the valuable blog. I got the requirement with the similar setup, but with the pdf files.
I used the same design to process the pdf file with Content type as application/pdf.

below is the Signature details -

Signature

Required details are available. With CSV files i am receiving expected result. But I'm facing error for PDFs. Below is the error messages we are receiving while processing pdf files.

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:77abe719-e01e-0043-32c6-75fc92000000
Time:2022-06-01T14:44:02.7676748Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'gruflAzW4bDMxttgMWkZ0qK7oqmX2HQR10noUi2BpQU=' is not the same as any computed signature. Server used following string to sign: 'PUT

51604

application/pdf; charset=ISO-8859-1

x-ms-blob-type:Blockblob
x-ms-date:Wed, 01 Jun 2022 14:44:02 GMT
x-ms-version:2020-04-08
/-------------------------------/invoices/nonprod/invoice_test1.pdf'.</AuthenticationErrorDetail></Error>

Error

Could you please help me to resolve the same.

Thanking you in advance.

Aavez

Hi Aavez,

 

We're you able to find the fix for this issue?

 

Thanks,

Poorna

Hi Kumar,

 

Able to fix the issue, was it something to do with version?

 

Thanks,

Poorna

Hello Priyanka,

thanks for the Blog post, it works perfectly!

Thanks,
René

 

**EDIT:

I ran into several 403 errors issue at the azure endpoint, as the azure calculated content-lenght of the body was sometimes different from the value in the StringToSign variable. Here is why:

Your approach calculates the length like the standard-HTTP header "content-length" based on  byte-size:

 def contentLength = message.getBody().length()

 

But Azure seems to calculate the string-length which can be different depending on the payload. I fixed this by using body.length() instead:

def contentLength = body.length()

Hi Priynaka,

 

i am getting below error, can you suggest?

Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

Config

Hi renepress,

 

how did you fix 403 errors, can you please share your experiences?

 

Regards,

Mastan

Hi Mastan,

like I wrote in the above coment, in my case the issue was caused by the script line

 def contentLength = message.getBody().length()

This didn't work for me as the above line calculates the body length on byte-size basis. When I  replaced this line by

def contentLength = body.length()

it worked because this seems to be the payloads' string length calculation approach that also Azure is using.

So, if the 403 problem on your end is related to the content length in the StringToSign Variable, you might give this a try.

Hi Mastan,

The standard adapter for 'AzureStorage' is available now. I recommend using the adapter directly.

AzureStorage Receiver Adapter for BLOB Storage

Regards,

Priyanka

Hi priyanka2018,

thank you for the update.