6. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 4/5/2017 4:21:38 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

6.1 Files compared

#	Location	File	Last Modified
1	C:\working_scrub\Unredacted\Direct Code Base\DSM_Bld2_Source_Code_CIF_2017-02-14\api_build02-sprint01\application\views\api\onboarding\services	automatic_reply_retrieve.php	Fri Oct 21 18:34:06 2016 UTC
2	eHX-CIF.zip\eHX-CIF\Direct Code Base\DSM_Bld2_Source_Code_CIF_2017-02-14\api_build02-sprint01\application\views\api\onboarding\services	automatic_reply_retrieve.php	Mon Apr 3 13:54:43 2017 UTC

6.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	2	288
Changed	1	2
Inserted	0	0
Removed	0	0

6.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

6.4 Active regular expressions

No regular expressions were active.

6.5 Comparison detail

	1	<?php
	2	/**
	3	* @packag e direct-a s-a-servic e
	4	* @subpac kage views
	5	* @fileso urce
	6	/ /* */
	7
	8	$this->loa d->view('a pi/header' );
	9	$this->loa d->view('a pi/nav');
	10	?>
	11	<h1><a hre f="/onboar ding/docum entation/" class="un derline">D ocumentati on</a> &ra rr; /direc t/automati c_reply/re trieve - G ET</h1>
	12	<p>
	13	The Au tomatic Re ply servic e allows a uthorized applicatio ns to retr ieve an “O ut of Offi ce” messag e for a ma ilbox and can access ed by send ing a GET request to direct/au tomatic_re ply/find
	14	</p>
	15	<h3>Authen tication</ h3>
	16	<p>
	17	The AP I authenti cation uti lized is b ased upon hash messa ge authent ication co de (HMAC). HMAC is a n authenti cation met hod that c ombines a cryptograp hic hash f unction wi th a secre t cryptogr aphic key. After the successfu l registra tion of an applicati on on the API, a pub lic and pr ivate key like the e xample bel ow will be provision ed for its use.
	18	</p>
	19	<p class=" code">
	20	Public Key: eca4 15a13daaec 88cabba68b 81a2149c97 800864acd9 ef0e15b5b8 426de2464d
	21	<br/>P rivate Key : 0097cd10 9a3b72df1f 988e4a6e3e 344ecc02cd ab9a03736b c12463b7d1 b889a8
	22	</p>
	23	<p>
	24	On eve ry request that an a pplication sends to the API th ey must in clude an A uthorizati on header. The autho rization h eader is a string th at the API will util ize to con firm the i dentity, a nd the mes sage conte nt, of the sender. T he authori zation hea der consis ts of thre e parts. T he first p art is the API ident ifier, rep resented b y the word "DAAS", w hich stand s for Dire ct as a Se rvice. The API ident ifier is f ollowed by a space t hat separa tes it fro m the iden tifying co ntent. The identifyi ng content consists of the uni que public key and t he base64 encoded HM AC hash ge nerated by the reque st content and the p rivate key , delimite d by a col on. An exa mple of th e authoriz ation head er is belo w.
	25	</p>
	26	<p class=" code">
	27	Author ization: D AAS eca415 a13daaec88 cabba68b81 a2149c9780 0864acd9ef 0e15b5b842 6de2464d: Y2UwOTMwNG RmYzhlNTQ0 YTZiODlmMD kwYWQzOWY1 ODZmNzI4OT E5NTc3ZTYy YWE2M2EwNT hlMGIzMTZk ZTZlZA==
	28	</p>
	29	<p>
	30	The HM AC string is generat ed by runn ing an HMA C hash fun ction on a plain tex t string a nd the app lication's private k ey. The pl ain text s tring that must be h ashed usin g HMAC is constructe d as follo ws:
	31	<ul>
	32	<li>HT TP Request Type</li>
	33	<li>Da te</li>
	34	<li>Co ntent-MD5 (Optional) </li>
	35	<li>Co ntent Type (Not incl uding boun dary)</li>
	36	<li>UR I</li>
	37	</ul>
	38	These valu es are sep arated by new line c haracters ("\n"). An example o f the plai n text str ing is bel ow:
	39	</p>
	40	<p class=" code">
	41	GET\n0 6/03/2013 12:13:56 E ST\niB94ga wbwUSiZy5F uruIOQ==\n /direct/au tomatic_re ply/retrie ve/format/ json?mailb ox=1
	42	</p>
	43	<p>
	44	The st ring above is hashed with the applicatio n's privat e key usin g the SHA- 256 algori thm. A sni ppet of Ja vaScript c ode showin g an examp le of this is shown below:
	45	</p>
	46	<p class=" code">
	47	var ha shString = CryptoJS. HmacSHA256 ("GET\n06/ 03/2013 12 :13:56 EDT \niB94gawb wUSiZy5Fur uIOQ==\n/d irect/auto matic_repl y/retrieve /format/js on?mailbox =1,"0097cd 109a3b72df 1f988e4a6e 3e344ecc02 cdab9a0373 6bc12463b7 d1b889a8") ;
	48	<br/>v ar base64 = encode64 (""+hashSt ring);
	49	<br/>v ar authori zation = " DAAS eca41 5a13daaec8 8cabba68b8 1a2149c978 00864acd9e f0e15b5b84 26de2464d: "+base64;
	50	</p>
	51	<p>
	52	In the example a bove the C ontent MD5 is provid ed but thi s is an op tional fie ld. If the Content M D5 header is not spe cified the n the hash should no t have the MD5 speci fied eithe r.
	53	</p>
	54	<h3>Header s</h3>
	55	<div class ="column">
	56	<div c lass="left ">
	57	<u l>
	58	<li>Auth orization< /li>
	59	<p>
	60	The first requ ired heade r is the A uthorizati on header covered in the Authe ntication section at the top o f this pag e.
	61	</p>
	62	<li>Date or X-Daas -Date</li>
	63	<p>
	64	The second req uired head er that mu st be incl uded is th e Date hea der. Some browsers w ill not le t an appli cation spe cify the D ate header programma tically, s o in this case it is also acce ptable to use the X- Daas-Date header as the API wi ll interpr et them in terchangea bly. This header sho uld be pop ulated wit h the curr ent date a nd time, i n any stan dard forma t (includi ng time zo ne informa tion if no t time zon e agnostic ), when th e POST req uest is su bmitted. T he value s upplied in the Date header mus t match th e value us ed in the creation o f the hash string fo r the Auth orization header.
	65	</p>
	66	</ ul>
	67	</div>
	68	<div c lass="righ t">
	69	<u l>
	70	<li>Cont ent-Type</ li>
	71	<p>
	72	The final requ ired heade r for POST requests is the Con tent-Type. The Conte nt-Type he ader must match the Content-Ty pe provide d in the h ash string for the A uthorizati on header except the hash stri ng does no t include the bounda ry paramet er of the Content-Ty pe if ther e is one ( i.e. appli cation/x-w ww-form-ur lencoded C ontent-Typ e).
	73	</p>
	74	<li>Cont ent-Md5</l i>
	75	<p>
	76	The optional h eader is t he Content -Md5 heade r. This he ader shoul d contain an MD5 has h of the e ntire POST body. If this heade r is speci fied then it must al so be incl uded in th e hash str ing for th e Authoriz ation head er. When p rovided, t his serves as an ext ra securit y precauti on above a nd beyond TLS to ens ure the PO ST request sent has not been m odified in transit.
	77	</p>
	78	</ ul>
	79	</div>
	80	</div>
	81	<h3>Argume nts</h3>
	82	<p>
	83	There are 4 argu ments that can be se nt to the retrieve a utomatic r eply web s ervice.
	84	</p>
	85	<div class ="column">
	86	<div c lass="left ">
	87	<u l>
	88	<li>Mail box</li>
	89	<p>
	90	Mailbox Th is is a re quired fie ld which i dentifies which mail box’s mess ages shoul d be retur ned. This is the loc al portion of the Di rect addre ss, i.e., test.user@ direct. DNS is the Dir ect addres s so that passed val ue you wou ld test.us er.
	91	</p>
	92	<li>Cont ent</li>
	93	<p>
	94	Cont ent This i s a requir ed field w hich is th e message body of th e Automati c Reply me ssages.
	95	</p>
	96	</ ul>
	97	</div>
	98	<div c lass="righ t">
	99	<u l>
	100	<li>Star t_at</li>
	101	<p>
	102	This is an opt ional fiel d which in cludes the current s tart date/ time or la ter date/t ime in ord er to send the autom atic reply message t o users.
	103	</p>
	104	<li>End_ at</li>
	105	<p>
	106	This is an opt ional fiel d which in cludes the current e nd date/ti me or date /time afte r the star t date in order to s end the au tomatic re ply messag es to user s.
	107	</p>
	108	</ ul>
	109	</div>
	110	</div>
	111	<h3>Exampl e Response </h3>
	112	<ul>
	113	<li>Su ccess</li>
	114	<ul>
	115	<l i>HTTP-200 , {“reques t_id”:4, “ content”: “sample me ssage for automatic reply”,“ma ilbox_id”: ”2”,”start _at”: “140 3203517”,” end_at”:” 1403203533 ”}
	116	</ li>
	117	</ul>
	118	<li>Er ror</li>
	119	<ul>
	120	<l i>
	121	HTTP-401 , {"reques t_id":5,"m essage":"A ccess Deni ed. Use No t Authoriz ed."}
	122	</ li>
	123	<l i>
	124	HTTP-403 , {"reques t_id":5,"m essage":"A ccess Deni ed. Use No t Authoriz ed."}
	125	</ li>
	126	<l i>
	127	HTTP-403 , {"reques t_id":6,"m essage":"A ccess Deni ed. User N ot Authori zed."}
	128	</ li>
	129	<l i>
	130	HTTP-422 , {"reques t_id":"886 ","fields" :["content "],"messag e":"'conte nt' is a r equired fi eld."}
	131	</ li>
	132	<l i>
	133	HTTP-422 , {"reques t_id":"894 ","message ":"'start_ at' contai ns invalid input","f ields":["s tart_at"]}
	134	</ li>
	135	</ul>
	136	</ul>
	137	<h3>Sample Code</h3>
	138	<p>
	139	Please click <a href="/onb oarding/do cumentatio n/validate _example"> here</a> t o be taken to some s ample code snippets for the va lidate web service.
	140	</p>
	141	</div>
	142	<?PHP $thi s->load->v iew('api/f ooter'); ? >
	143	</div>
	144	</body>
	145	</html>