I have been having problems making an API call to Omniture. I have
exchanged a dozen emails with a developer at Omniture, and he gave me
the impression that I was constructing my security codes incorrectly.
So now I am confronting my ignorance over how Java handles certain
conversions.
The developer at Omniture sent me this explanation in an email:
" The security digest is formed from a sha1 hash of the following
string concatenation:
digest = sha1( Binary Nonce + Created Time String + API Secret Hex
String (32 bytes) ) "
I have been struggling with this for several days and I have tried at
least (literally) 200 variations on this bit of code:
(let [username (get-in @um/interactions [:omniture-api-
credentials :username])
secret (get-in @um/interactions [:omniture-api-
credentials :shared-secret])
nonce (DigestUtils/md5Hex (random-string 32))
nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce))
date-formatter (new SimpleDateFormat "yyyy-MM-
dd'T'HH:mm:ss'Z'")
created (.format date-formatter (new Date))
digest-as-string (apply str (.getBytes nonce) created secret)
digest (.digest (java.security.MessageDigest/getInstance "sha1")
digest-as-string)
header (apply str " UsernameToken Username=\"" username "\"
PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\"
Created=\"" created "\"")]
header)
This version gives me:
"Exception in the main function: " #<ClassCastException
java.lang.ClassCastException: java.lang.String cannot be cast to [B>
For a long time I was using this for the last 3 lines:
digest-as-string (apply str nonce created secret)
digest (.digest (java.security.MessageDigest/getInstance "sha1")
(.getByes digest-as-string))
header (apply str " UsernameToken Username=\"" username "\"
PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\"
Created=\"" created "\"")
Here I wrapped the whole digest-as-string in (.getBytes) so there was
no Java error, but this simply did not work when I pinged Omniture.
In his email, he seems to suggest that the nonce should be binary but
that the date and the secret should be strings:
digest = sha1( Binary Nonce + Created Time String + API Secret Hex
String (32 bytes) ) "
But, as I said, when I tried this I got the ClassCastException.
No doubt some of my confusion is due to my ignorance of Java.
I was able to take their sample PHP code and get that to successfully
ping their API, however, my company has an official policy of moving
to the JVM, and of course I have a personal preference to work with
Clojure. So I'd like to figure out how to get this to work in Clojure.
(Needless to say that Omniture doesn't offer sample code in Clojure.)
I have been using clj-http to make the actual POST calls to Omniture.
Since I am on a Mac, I have been using the excellent Charles network
debugger ( http://www.charlesproxy.com/ ) to watch the actual posts
being made. Everything looks correct, except that in the end the
requests fails, apparently because the digest is malformed.
Any suggestions?
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
