So, right now I am using this code:
(let [username (get-in @um/interactions [:omniture-api-
credentials :username])
secret (get-in @um/interactions [:omniture-api-credentials :shared-
secret])
nonce (DigestUtils/md5Hex (str (math/round (* (rand 1 ) 1000000))))
nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce))
date-formatter (new SimpleDateFormat "yyyy-MM-dd'T'HH:mm:ss")
formatter gmt-timezone)
created (.format date-formatter (new Date))
digest-as-string (apply str nonce created secret)
digest (.digest (java.security.MessageDigest/getInstance "sha1")
(.getBytes digest-as-string))
digest-base64 (Base64/encodeBase64 digest)
header (apply str " UsernameToken Username=\"" username "\"
PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\"
Created=\"" created "\"")]
header)
but when I print the header to the terminal, I still see values that
should be base64 but are not:
PasswordDigest="[B@3652831e" Nonce="[B@631e426e" Created="2\
013-03-04T13:26:21"
The classes I'm using are, I think, fairly standard:
(java.security MessageDigest)
(org.apache.commons.codec.binary Base64)
(org.apache.commons.codec.digest DigestUtils)
What am I doing wrong?
On Mar 4, 1:20 pm, Frank Siebenlist <frank.siebenl...@gmail.com>
wrote:
> Not sure if it's helpful in this context, but I've been playing with a more
> functional
> message-digest/secure-hashing interface recently.
>
> Please take a look at:
>
> https://github.com/franks42/clj.security.message-digest
>
> It's still a little raw, and probably more "educational" than practical right
> now,
> but my hope was that if could clarify some of the message-digesting workings.
>
> Would love to get some feedback...
>
> Enjoy, Frank.
>
> On Mar 4, 2013, at 10:09 AM, larry google groups <lawrencecloj...@gmail.com>
> wrote:
>
>
>
>
>
>
>
> >>> nonce (DigestUtils/md5Hex (random-string 32))
> >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce))
>
> >> Is this used somewhere?
>
> > Yes, at the end, everything gets pulled together in a big string,
> > which is added as a header to the POST request:
>
> > header (apply str " UsernameToken Username=\"" username "\"
> > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\"
> > Created=\"" created "\"")
>
> > As the developer from Omniture told me:
>
> > "The nonce is transmitted in the header as base64 encoded. However,
> > the digest is formed with the raw binary version (aka decoded) version
> > of the string. The concept you have to understand is that the
> > authorization server is re-performing these critical steps on the back
> > end. If a step isn't done exactly in the client, the digest will
> > mismatch and cause an auth failure."
>
> > On Mar 4, 12:49 pm, Aaron Cohen <aa...@assonance.org> wrote:
> >> On Mon, Mar 4, 2013 at 11:12 AM, larry google groups <
>
> >> lawrencecloj...@gmail.com> wrote:
> >>>> expects its argument to be a byte array:
> >>>http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest....
>
> >>>> which can be obtained from a string using String#getBytes.
>
> >>> I appreciate your suggestion. For most of the attempts that I have
> >>> made, I have used this code:
>
> >>> nonce (DigestUtils/md5Hex (random-string 32))
> >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce))
>
> >> Is this used somewhere?
>
> >>> date-formatter (new SimpleDateFormat "yyyy-MM-dd'T'HH:mm:ss'Z'")
> >>> created (.format date-formatter (new Date))
> >>> digest-as-string (apply str nonce created secret)
>
> >> (str binary-array) returns the toString of the array, which is something
> >> like "[B@5d5d0293". That has nothing to do with the contents of the array.
> >> I think you want the base64 encoded string here.
>
> >> --Aaron
>
> > --
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Clojure" group.
> > To post to this group, send email to clojure@googlegroups.com
> > Note that posts from new members are moderated - please be patient with
> > your first post.
> > To unsubscribe from this group, send email to
> > clojure+unsubscr...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/clojure?hl=en
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "Clojure" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to clojure+unsubscr...@googlegroups.com.
> > For more options, visithttps://groups.google.com/groups/opt_out.
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
