Skip to content
Advertisement

Using Javascript libraries in Curity scripts

I’m getting to grips with Curity, and it looks very promising, but I need to replicate a weird hashing function from a legacy system. The built-in context class passed in to a credential transformation procedure does not include the algorithms I need, so I want to use the crypto-js library. Unfortunately, the Curity documentation is a bit light on the topic of using 3rd-party JS libraries. It says this:

Global scripts allow the use of standard JavaScript libraries. Simply include the source code of your favourite JS library in a global script to start using it from any of your JS scripts.

But there seems to be a lot of hand-waving in those words “include the source”. There’s no mention of any module system, and I don’t think it runs on Node, so I assume there’s no support for require or import statements. Am I supposed to copy all the source code for something that is normally packaged as a module, and somehow unpack and refactor it to work as a single script file? And then do that again any time in future if I want to incorporate upstream changes? Has anyone out there done this before?

Advertisement

Answer

The Curity Identity Server supports extensibility via Javascript, based on Nashorn, which has some limitations, since this engine is based on ECMAScript 5.1. See this tutorial for a good overview. There are two options for performing crypto tasks:

USE JAVA INTEROP

This is explained in Invoking Java Methods from Javascript in the above article. You should be able to get hold of a Java class that can calculate a secure hash for you. I have not tried this code but it would look something like this:

var md = Java.type('java.security.MessageDigest');
var instance = md.getInstance('SHA-256');
var hashedBytes = instance.digest(utf8bytes);

USE JAVASCRIPT

You can place a script such as mycryptolib.js in the global-scripts folder:

function createHash(context, input) {
  
  var output = ...
  return output;
}

Its functions will then be automatically available in other scripts, such as a token procedure. Just use the function name, without any import or require statements:

createHash(context, 'xyz');

If using third party libraries you can follow the same approach, though you will need to add an ES5 third party file to the global-scripts folder. This might be called crypto-js-es5.min.js, and you might be able to produce the script using a tool such as Babel.

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement