Hmm, I finally got a different error message (after days of trying). I re-read the documentation here:
http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html and realized I might need to use this method: encodeBase64String which returns a string. The method I had been using was giving me bytes instead of a string. Now the API servers at Omniture tell me: {\"error\":\"The nonce (ZTQxNWI4ZTU0YTQyMGEwZjRmZTY0ZTU0Nzc4MzgzZTQ=) has already been used\"}"} If anyone can suggest a better way to generate a random string, I would be grateful. On Mar 4, 1:31 pm, larry google groups <lawrencecloj...@gmail.com> wrote: > So, right now I am using this code: > > (let [username (get-in @um/interactions [:omniture-api- > credentials :username]) > secret (get-in @um/interactions [:omniture-api-credentials :shared- > secret]) > nonce (DigestUtils/md5Hex (str (math/round (* (rand 1 ) 1000000)))) > nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) > date-formatter (new SimpleDateFormat "yyyy-MM-dd'T'HH:mm:ss") > formatter gmt-timezone) > created (.format date-formatter (new Date)) > digest-as-string (apply str nonce created secret) > digest (.digest (java.security.MessageDigest/getInstance "sha1") > (.getBytes digest-as-string)) > digest-base64 (Base64/encodeBase64 digest) > header (apply str " UsernameToken Username=\"" username "\" > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\" > Created=\"" created "\"")] > header) > > but when I print the header to the terminal, I still see values that > should be base64 but are not: > > PasswordDigest="[B@3652831e" Nonce="[B@631e426e" Created="2\ > 013-03-04T13:26:21" > > The classes I'm using are, I think, fairly standard: > > (java.security MessageDigest) > (org.apache.commons.codec.binary Base64) > (org.apache.commons.codec.digest DigestUtils) > > What am I doing wrong? > > On Mar 4, 1:20 pm, Frank Siebenlist <frank.siebenl...@gmail.com> > wrote: > > > > > > > > > Not sure if it's helpful in this context, but I've been playing with a more > > functional > > message-digest/secure-hashing interface recently. > > > Please take a look at: > > >https://github.com/franks42/clj.security.message-digest > > > It's still a little raw, and probably more "educational" than practical > > right now, > > but my hope was that if could clarify some of the message-digesting > > workings. > > > Would love to get some feedback... > > > Enjoy, Frank. > > > On Mar 4, 2013, at 10:09 AM, larry google groups > > <lawrencecloj...@gmail.com> wrote: > > > >>> nonce (DigestUtils/md5Hex (random-string 32)) > > >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) > > > >> Is this used somewhere? > > > > Yes, at the end, everything gets pulled together in a big string, > > > which is added as a header to the POST request: > > > > header (apply str " UsernameToken Username=\"" username "\" > > > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\" > > > Created=\"" created "\"") > > > > As the developer from Omniture told me: > > > > "The nonce is transmitted in the header as base64 encoded. However, > > > the digest is formed with the raw binary version (aka decoded) version > > > of the string. The concept you have to understand is that the > > > authorization server is re-performing these critical steps on the back > > > end. If a step isn't done exactly in the client, the digest will > > > mismatch and cause an auth failure." > > > > On Mar 4, 12:49 pm, Aaron Cohen <aa...@assonance.org> wrote: > > >> On Mon, Mar 4, 2013 at 11:12 AM, larry google groups < > > > >> lawrencecloj...@gmail.com> wrote: > > >>>> expects its argument to be a byte array: > > >>>http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.... > > > >>>> which can be obtained from a string using String#getBytes. > > > >>> I appreciate your suggestion. For most of the attempts that I have > > >>> made, I have used this code: > > > >>> nonce (DigestUtils/md5Hex (random-string 32)) > > >>> nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) > > > >> Is this used somewhere? > > > >>> date-formatter (new SimpleDateFormat "yyyy-MM-dd'T'HH:mm:ss'Z'") > > >>> created (.format date-formatter (new Date)) > > >>> digest-as-string (apply str nonce created secret) > > > >> (str binary-array) returns the toString of the array, which is something > > >> like "[B@5d5d0293". That has nothing to do with the contents of the > > >> array. > > >> I think you want the base64 encoded string here. > > > >> --Aaron > > > > -- > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "Clojure" group. > > > To post to this group, send email to clojure@googlegroups.com > > > Note that posts from new members are moderated - please be patient with > > > your first post. > > > To unsubscribe from this group, send email to > > > clojure+unsubscr...@googlegroups.com > > > For more options, visit this group at > > >http://groups.google.com/group/clojure?hl=en > > > --- > > > You received this message because you are subscribed to the Google Groups > > > "Clojure" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to clojure+unsubscr...@googlegroups.com. > > > For more options, visithttps://groups.google.com/groups/opt_out. -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
