CODEWITHSUNDEEP
javascriptcurity
Plasmadog
Plasmadog

Reputation: 106

Using Javascript libraries in Curity scripts

I'm getting to grips with Curity, and it looks very promising, but I need to replicate a weird hashing function from a legacy system. The built-in context class passed in to a credential transformation procedure does not include the algorithms I need, so I want to use the crypto-js library. Unfortunately, the Curity documentation is a bit light on the topic of using 3rd-party JS libraries. It says this:

Global scripts allow the use of standard JavaScript libraries. Simply include the source code of your favourite JS library in a global script to start using it from any of your JS scripts.

But there seems to be a lot of hand-waving in those words "include the source". There's no mention of any module system, and I don't think it runs on Node, so I assume there's no support for require or import statements. Am I supposed to copy all the source code for something that is normally packaged as a module, and somehow unpack and refactor it to work as a single script file? And then do that again any time in future if I want to incorporate upstream changes? Has anyone out there done this before?

Upvotes: 1

Views: 96

Answers (1)

Gary Archer
Gary Archer

Reputation: 29208

The Curity Identity Server supports extensibility via Javascript, based on Nashorn, which has some limitations, since this engine is based on ECMAScript 5.1. See this tutorial for a good overview. There are two options for performing crypto tasks:

USE JAVA INTEROP

This is explained in Invoking Java Methods from Javascript in the above article. You should be able to get hold of a Java class that can calculate a secure hash for you. I have not tried this code but it would look something like this:

var md = Java.type('java.security.MessageDigest');
var instance = md.getInstance('SHA-256');
var hashedBytes = instance.digest(utf8bytes);

USE JAVASCRIPT

You can place a script such as mycryptolib.js in the global-scripts folder:

function createHash(context, input) {
  
  var output = ...
  return output;
}

Its functions will then be automatically available in other scripts, such as a token procedure. Just use the function name, without any import or require statements:

createHash(context, 'xyz');

If using third party libraries you can follow the same approach, though you will need to add an ES5 third party file to the global-scripts folder. This might be called crypto-js-es5.min.js, and you might be able to produce the script using a tool such as Babel.

Upvotes: 2

Related Questions