Not sure if it's helpful in this context, but I've been playing with a more functional message-digest/secure-hashing interface recently.
Please take a look at: https://github.com/franks42/clj.security.message-digest It's still a little raw, and probably more "educational" than practical right now, but my hope was that if could clarify some of the message-digesting workings. Would love to get some feedback... Enjoy, Frank. On Mar 4, 2013, at 10:09 AM, larry google groups <lawrencecloj...@gmail.com> wrote: >>> nonce (DigestUtils/md5Hex (random-string 32)) >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) >> >> Is this used somewhere? > > Yes, at the end, everything gets pulled together in a big string, > which is added as a header to the POST request: > > header (apply str " UsernameToken Username=\"" username "\" > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\" > Created=\"" created "\"") > > As the developer from Omniture told me: > > "The nonce is transmitted in the header as base64 encoded. However, > the digest is formed with the raw binary version (aka decoded) version > of the string. The concept you have to understand is that the > authorization server is re-performing these critical steps on the back > end. If a step isn't done exactly in the client, the digest will > mismatch and cause an auth failure." > > > > On Mar 4, 12:49 pm, Aaron Cohen <aa...@assonance.org> wrote: >> On Mon, Mar 4, 2013 at 11:12 AM, larry google groups < >> >> lawrencecloj...@gmail.com> wrote: >>>> expects its argument to be a byte array: >>> http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.... >> >>>> which can be obtained from a string using String#getBytes. >> >>> I appreciate your suggestion. For most of the attempts that I have >>> made, I have used this code: >> >>> nonce (DigestUtils/md5Hex (random-string 32)) >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) >> >> Is this used somewhere? >> >>> date-formatter (new SimpleDateFormat "yyyy-MM-dd'T'HH:mm:ss'Z'") >>> created (.format date-formatter (new Date)) >>> digest-as-string (apply str nonce created secret) >> >> (str binary-array) returns the toString of the array, which is something >> like "[B@5d5d0293". That has nothing to do with the contents of the array. >> I think you want the base64 encoded string here. >> >> --Aaron > > -- > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
