7. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 4/5/2017 4:21:38 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

7.1 Files compared

#	Location	File	Last Modified
1	C:\working_scrub\Unredacted\Direct Code Base\DSM_Bld2_Source_Code_CIF_2017-02-14\api_build02-sprint01\application\views\api\onboarding\services	automatic_reply_update.php	Fri Oct 21 18:34:06 2016 UTC
2	eHX-CIF.zip\eHX-CIF\Direct Code Base\DSM_Bld2_Source_Code_CIF_2017-02-14\api_build02-sprint01\application\views\api\onboarding\services	automatic_reply_update.php	Mon Apr 3 13:54:44 2017 UTC

7.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	2	286
Changed	1	2
Inserted	0	0
Removed	0	0

7.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

7.4 Active regular expressions

No regular expressions were active.

7.5 Comparison detail

	1	<?php
	2	/**
	3	* @packag e direct-a s-a-servic e
	4	* @subpac kage views
	5	* @fileso urce
	6	/ /* */
	7
	8	$this->loa d->view('a pi/header' );
	9	$this->loa d->view('a pi/nav');
	10	?>
	11	<h1><a hre f="/onboar ding/docum entation/" class="un derline">D ocumentati on</a> &ra rr; /direc t/automati c_reply/up date - GET </h1>
	12	<p>The Aut omatic Rep ly service allows au thorized a pplication s to updat e an “Out of Office” message f or a mailb ox and can accessed by sending a GET req uest to di rect/autom atic_reply /update
	13	</p>
	14	<h3>Authen tication</ h3>
	15	<p>
	16	The AP I authenti cation uti lized is b ased upon hash messa ge authent ication co de (HMAC). HMAC is a n authenti cation met hod that c ombines a cryptograp hic hash f unction wi th a secre t cryptogr aphic key. After the successfu l registra tion of an applicati on on the API, a pub lic and pr ivate key like the e xample bel ow will be provision ed for its use.
	17	</p>
	18	<p class=" code">
	19	Public Key: eca4 15a13daaec 88cabba68b 81a2149c97 800864acd9 ef0e15b5b8 426de2464d
	20	<br/>P rivate Key : 0097cd10 9a3b72df1f 988e4a6e3e 344ecc02cd ab9a03736b c12463b7d1 b889a8
	21	</p>
	22	<p>
	23	On eve ry request that an a pplication sends to the API th ey must in clude an A uthorizati on header. The autho rization h eader is a string th at the API will util ize to con firm the i dentity, a nd the mes sage conte nt, of the sender. T he authori zation hea der consis ts of thre e parts. T he first p art is the API ident ifier, rep resented b y the word "DAAS", w hich stand s for Dire ct as a Se rvice. The API ident ifier is f ollowed by a space t hat separa tes it fro m the iden tifying co ntent. The identifyi ng content consists of the uni que public key and t he base64 encoded HM AC hash ge nerated by the reque st content and the p rivate key , delimite d by a col on. An exa mple of th e authoriz ation head er is belo w.
	24	</p>
	25	<p class=" code">
	26	Author ization: D AAS eca415 a13daaec88 cabba68b81 a2149c9780 0864acd9ef 0e15b5b842 6de2464d: Y2UwOTMwNG RmYzhlNTQ0 YTZiODlmMD kwYWQzOWY1 ODZmNzI4OT E5NTc3ZTYy YWE2M2EwNT hlMGIzMTZk ZTZlZA==
	27	</p>
	28	<p>
	29	The HM AC string is generat ed by runn ing an HMA C hash fun ction on a plain tex t string a nd the app lication's private k ey. The pl ain text s tring that must be h ashed usin g HMAC is constructe d as follo ws:
	30	<ul>
	31	<li>HT TP Request Type</li>
	32	<li>Da te</li>
	33	<li>Co ntent-MD5 (Optional) </li>
	34	<li>Co ntent Type (Not incl uding boun dary)</li>
	35	<li>UR I</li>
	36	</ul>
	37	These valu es are sep arated by new line c haracters ("\n"). An example o f the plai n text str ing is bel ow:
	38	</p>
	39	<p class=" code">
	40	GET\n0 6/03/2013 12:13:56 E ST\niB94ga wbwUSiZy5F uruIOQ==\n multipart/ form-data\ n/direct/a utomatic_r eply/updat e/format/j son
	41	</p>
	42	<p>
	43	The st ring above is hashed with the applicatio n's privat e key usin g the SHA- 256 algori thm. A sni ppet of Ja vaScript c ode showin g an examp le of this is shown below:
	44	</p>
	45	<p class=" code">
	46	var ha shString = CryptoJS. HmacSHA256 ("GET\n06/ 03/2013 12 :13:56 EDT \niB94gawb wUSiZy5Fur uIOQ==\nmu ltipart/fo rm-data\n/ direct/aut omatic_rep ly/update/ format/jso n","0097cd 109a3b72df 1f988e4a6e 3e344ecc02 cdab9a0373 6bc12463b7 d1b889a8") ;
	47	<br/>v ar base64 = encode64 (""+hashSt ring);
	48	<br/>v ar authori zation = " DAAS eca41 5a13daaec8 8cabba68b8 1a2149c978 00864acd9e f0e15b5b84 26de2464d: "+base64;
	49	</p>
	50	<p>
	51	In the example a bove the C ontent MD5 is provid ed but thi s is an op tional fie ld. If the Content M D5 header is not spe cified the n the hash should no t have the MD5 speci fied eithe r.
	52	</p>
	53	<h3>Header s</h3>
	54	<div class ="column">
	55	<div c lass="left ">
	56	<u l>
	57	<li>Auth orization< /li>
	58	<p>
	59	The first requ ired heade r is the A uthorizati on header covered in the Authe ntication section at the top o f this pag e.
	60	</p>
	61	<li>Date or X-Daas -Date</li>
	62	<p>
	63	The second req uired head er that mu st be incl uded is th e Date hea der. Some browsers w ill not le t an appli cation spe cify the D ate header programma tically, s o in this case it is also acce ptable to use the X- Daas-Date header as the API wi ll interpr et them in terchangea bly. This header sho uld be pop ulated wit h the curr ent date a nd time, i n any stan dard forma t (includi ng time zo ne informa tion if no t time zon e agnostic ), when th e POST req uest is su bmitted. T he value s upplied in the Date header mus t match th e value us ed in the creation o f the hash string fo r the Auth orization header.
	64	</p>
	65	</ ul>
	66	</div>
	67	<div c lass="righ t">
	68	<u l>
	69	<li>Cont ent-Type</ li>
	70	<p>
	71	The final requ ired heade r for POST requests is the Con tent-Type. The Conte nt-Type he ader must match the Content-Ty pe provide d in the h ash string for the A uthorizati on header except the hash stri ng does no t include the bounda ry paramet er of the Content-Ty pe if ther e is one ( i.e. appli cation/x-w ww-form-ur lencoded C ontent-Typ e).
	72	</p>
	73	<li>Cont ent-Md5</l i>
	74	<p>
	75	The optional h eader is t he Content -Md5 heade r. This he ader shoul d contain an MD5 has h of the e ntire POST body. If this heade r is speci fied then it must al so be incl uded in th e hash str ing for th e Authoriz ation head er. When p rovided, t his serves as an ext ra securit y precauti on above a nd beyond TLS to ens ure the PO ST request sent has not been m odified in transit.
	76	</p>
	77	</ ul>
	78	</div>
	79	</div>
	80	<h3>Argume nts</h3>
	81	<p>
	82	There are 4 argu ments that can be se nt to the update aut omatic rep ly web ser vice.
	83	</p>
	84	<div class ="column">
	85	<div c lass="left ">
	86	<u l>
	87	<li>Mail box</li>
	88	<p>
	89	Mailbox Th is is a re quired fie ld which i dentifies which mail box’s mess ages shoul d be retur ned. This is the loc al portion of the Di rect addre ss, i.e., test.user@ direct. DNS is the Dir ect addres s so that passed val ue you wou ld test.us er.
	90	</p>
	91	<li>Cont ent</li>
	92	<p>
	93	Cont ent This i s a requir ed field w hich is th e message body of th e Automati c Reply me ssages.
	94	</p>
	95	</ ul>
	96	</div>
	97	<div c lass="righ t">
	98	<u l>
	99	<li>Star t_at</li>
	100	<p>
	101	This is an opt ional fiel d which in cludes the current s tart date/ time or la ter date/t ime in ord er to send the autom atic reply message t o users.
	102	</p>
	103	<li>End_ at</li>
	104	<p>
	105	This is an opt ional fiel d which in cludes the current e nd date/ti me or date /time afte r the star t date in order to s end the au tomatic re ply messag es to user s.
	106	</p>
	107	</ ul>
	108	</div>
	109	</div>
	110	<h3>Exampl e Response </h3>
	111	<ul>
	112	<li>Su ccess</li>
	113	<ul>
	114	<l i>HTTP-200 , {“reques t_id”:4, “ content”: “sample me ssage for automatic reply”,“ma ilbox_id”: ”2”,”start _at”: “140 3203517”,” end_at”:” 1403203533 ”}
	115	</ li>
	116	</ul>
	117	<li>Er ror</li>
	118	<ul>
	119	<l i>
	120	HTTP-401 , {"reques t_id":5,"m essage":"A ccess Deni ed. Use No t Authoriz ed."}
	121	</ li>
	122	<l i>
	123	HTTP-403 , {"reques t_id":5,"m essage":"A ccess Deni ed. Use No t Authoriz ed."}
	124	</ li>
	125	<l i>
	126	HTTP-403 , {"reques t_id":6,"m essage":"A ccess Deni ed. User N ot Authori zed."}
	127	</ li>
	128	<l i>
	129	HTTP-422 , {"reques t_id":"886 ","fields" :["content "],"messag e":"'conte nt' is a r equired fi eld."}
	130	</ li>
	131	<l i>
	132	HTTP-422 , {"reques t_id":"894 ","message ":"'start_ at' contai ns invalid input","f ields":["s tart_at"]}
	133	</ li>
	134	</ul>
	135	</ul>
	136	<h3>Sample Code</h3>
	137	<p>
	138	Please click <a href="/onb oarding/do cumentatio n/validate _example"> here</a> t o be taken to some s ample code snippets for the va lidate web service.
	139	</p>
	140	</div>
	141	<?PHP $thi s->load->v iew('api/f ooter'); ? >
	142	</div>
	143	</body>
	144	</html>