How to create sha256 signature for Oracle Cloud integration Rest API ?

Caniut Alex 0 Reputation points
2024-07-04T03:27:38.67+00:00

Hi Experts,

Infra:

Azure Synapse -we are using pipelines / API method to get data and create a Data Warehouse.

Source:

We have an Oracle Cloud Infrastructure (OCI ) as source , that will output the report to Oracle Cloud Storage.

OCI has a REST API resource and we can trigger the jobs using API call and get the status . ( we want to achieve this)

Target:

Azure Blob

Issue:

We wish to trigger the OCI Job using Azure Synapse pipeline using the REST API , the caveat here is we need to create a Sha256 signature using private key .

From Oracle Doc: it uses bash and open ssl to create a signature

echo "====================================================================================================="
printf '%b' "signing string is $signing_string \n"
signature=`printf '%b' "$signing_string" | openssl dgst -sha256 -sign $privateKeyPath | openssl enc -e -base64 | tr -d '\n'`
printf '%b' "Signed Request is  \n$signature\n"

From Postman collection : it has pre-req script which has the line as below to create a signature!!

User's image

I want to achieve this using Azure Synapse pipeline method , Request you experts to please guide me here . The goal is to create the signature for GET and POST methods and then send an API request to OCI to trigger the jobs.

Thank you !

Kenny Alex

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,629 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,023 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 18,661 Reputation points
    2024-07-04T08:41:30.3566667+00:00

    You need to obtain the private key file from Oracle Cloud Infrastructure. This file will be used to sign the requests.

    The signing string is a combination of the HTTP method, request headers, and the request target. 

    
http_method="GET"  # or POST, depending on your request

request_target="/20160918/instances/"

host="objectstorage.us-phoenix-1.oraclecloud.com"

date=$(date -u "+%a, %d %h %Y %H:%M:%S GMT")

signing_string="(request-target): ${http_method,,} ${request_target}\nhost: $host\ndate: $date"

    Use OpenSSL to sign the signing string with your private key and encode it in base64:

    
signature=$(printf '%b' "$signing_string" | openssl dgst -sha256 -sign /path/to/your/private_key.pem | openssl enc -e -base64 | tr -d '\n')

    The authorization header includes the signature and other required details like the key ID and algorithm.

    
key_id="ocid1.tenancy.oc1..your-unique-key-id"

auth_header="Signature version=\"1\",keyId=\"$key_id\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"$signature\""

    You can use Azure Synapse Pipeline Web Activity to make HTTP requests where you add headers for Authorization, Date, and Host.

    {

"Authorization": "Signature version=\"1\",keyId=\"ocid1.tenancy.oc1..your-unique-key-id\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"$signature\"",

"Date": "Thu, 04 Jul 2024 14:27:00 GMT",

"Host": "objectstorage.us-phoenix-1.oraclecloud.com"

}

    Then set the URL to the OCI endpoint you want to interact with and configure the method (GET or POST) as required (you can pass any additional required parameters)