cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
SteveNZ
Obsidian | Level 7 SteveNZ
Obsidian | Level 7

UTF-8 Byte Array and Base64 Decode?

Posted 09-01-2020 07:07 PM (2655 views)

Hi All,

 

To authenticate an API call with a provider we use I need to produce a digest which is proving pretty challenging. The steps to produce are:

  1. Concatenate all the fields in the table above in order (the nonce is a UUID)
    fields = client-id + nonce + timestamp-epoch + http-method + http-url

  2. Produce a UTF-8 byte array of the concatenated string in Step (1)
    fields_bytes = UTF8(fields)

  3. Base-64 decode the supplied ClientSecret
    secret_bytes = Base64Decode(ClientSecret)

  4. Compute HMAC-256 on the string from Step (2) using the signing key from Step (3)
    digest = HMAC256(fields_bytes, secret_bytes)

I've managed (by much Googling..) to do step one but am at a loss as to how to do steps 2 and 3 in SAS? Has anyone tackled something similar?

 

I am also making an assumption that the code below is the SAS equivalent of Step 4?

digest = SHA256(concatenated_field_secret) ;

Many thanks in advance, I've tried various attempts but none seem right.

 

Code so far is (anonymised):

data fields (keep =  fields);
	*nonce;
	nonce = UUIDGEN();

	*timestamp-epoch;
	dt = datetime();
	unixEpoch = dhms('01jan1970'd,0,0,0);
	epoch = sum(dt,-unixEpoch);

	*fields;
	fields = catx('+','CLIENT_ID',nonce,epoch,'POST','https://API_PROVIDER/media/search HTTP/1.1');
run;

warm regards

Steve

 

 

0 Likes
Reply
5 REPLIES 5
ChrisNZ
Tourmaline | Level 20 ChrisNZ
Tourmaline | Level 20

Re: UTF-8 Byte Array and Base64 Decode?

Posted 09-02-2020 02:17 AM (2602 views)  |   In reply to SteveNZ

Not too sure what step 2 means, all the characters you have encode the same in ASCII and UTF8.

 

About step 3, this is how to use base64 encoding:

 

data TEST;
  ENCODE = put('12345abcde',$base64x20.);
  DECODE = input(ENCODE,$base64x20.);
run;

 

 

About step 4, you probably want to use function HASHING_HMAC.

 

0 Likes
Reply
SteveNZ
Obsidian | Level 7 SteveNZ
Obsidian | Level 7

Re: UTF-8 Byte Array and Base64 Decode?

Posted 09-03-2020 04:56 PM (2527 views)  |   In reply to ChrisNZ

Thanks Chris, really appreciate the response and I'll give your suggestions a try. I have anonymised the post as it had my client specific client-id, is there a way you know of that can encode?

0 Likes
Reply
SteveNZ
Obsidian | Level 7 SteveNZ
Obsidian | Level 7

Re: UTF-8 Byte Array and Base64 Decode?

Posted 09-03-2020 05:06 PM (2525 views)  |   In reply to SteveNZ
Just checked and the HASHING_MAC function is available only from 9.4M6 and we're on M4....
0 Likes
Reply
SASKiwi
PROC Star SASKiwi
PROC Star

Re: UTF-8 Byte Array and Base64 Decode?

Posted 09-03-2020 06:25 PM (2517 views)  |   In reply to SteveNZ

@SteveNZ - The MD5 function works great for anonymising IDs and we are on 9.4M2. We do something like this:

Client_Key = md5(cats('ClientID', Client_ID)),$hex10.);
0 Likes
Reply
ChrisNZ
Tourmaline | Level 20 ChrisNZ
Tourmaline | Level 20

Re: UTF-8 Byte Array and Base64 Decode?

Posted 09-03-2020 09:09 PM (2504 views)  |   In reply to SASKiwi

SHA256 is safer than MD5.

MD5 vulnerabilities have been discovered, so it is no longer recommended for that cryptography.

0 Likes
Reply

hackathon24-white-horiz.png

The 2025 SAS Hackathon has begun!

It's finally time to hack! Remember to visit the SAS Hacker's Hub regularly for news and updates.

Latest Updates

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 5 replies
  • ‎09-01-2020 07:07 PM
  • 2656 views
  • 0 likes
  • 3 in conversation