I keep trying different things, but I feel like I'm missing some obvious mistake. Right now my code includes this function:
(defn sha1 [string] ;; 2013-03-04 - this function comes from here: ;; https://github.com/dmitriy-kiriyenko/clojure-api-quiz/blob/master/src/clojure_api_quiz/sha1_url.clj (apply str (map (partial format "%02x") (.digest (doto (java.security.MessageDigest/getInstance "SHA-1") .reset (.update (.getBytes string))))))) And then I create the headers like this: (let [username (get-in @um/interactions [:omniture-api- credentials :username]) secret (get-in @um/interactions [:omniture-api- credentials :shared-secret]) random-number (math/round (* (rand 1 ) 1000000)) nonce (DigestUtils/md5Hex (str random-number)) nonce-encoded-base64 (base64-encode (.getBytes nonce)) date-formatter (new SimpleDateFormat "yyyy-MM- dd'T'HH:mm:ss") created (.format date-formatter (new Date)) digest-as-string (apply str nonce created secret) digest (sha1 digest-as-string) digest-base64 (base64-encode (.getBytes digest)) header (apply str " UsernameToken Username=\"" username "\" PasswordDigest=\"" digest-base64 "\" Nonce=\"" nonce- encoded-base64 "\" Created=\"" created "\"")] header) Which gives me, in part: PasswordDigest="ZDk4NGZlMjgxMDZhMWIxZjZmZGMzYWYwZTY5Mjc1YTY\ xNjc1ODA0Yg==" Nonce="ODlmOTY5MGRkMTczZTlkMDU4ZWY0M2JkYTQ5NjFmMzc=" Which still fails to correctly authenticate. On Mar 4, 10:47 am, larry google groups <lawrencecloj...@gmail.com> wrote: > I have been having problems making an API call to Omniture. I have > exchanged a dozen emails with a developer at Omniture, and he gave me > the impression that I was constructing my security codes incorrectly. > So now I am confronting my ignorance over how Java handles certain > conversions. > > The developer at Omniture sent me this explanation in an email: > > " The security digest is formed from a sha1 hash of the following > string concatenation: > digest = sha1( Binary Nonce + Created Time String + API Secret Hex > String (32 bytes) ) " > > I have been struggling with this for several days and I have tried at > least (literally) 200 variations on this bit of code: > > (let [username (get-in @um/interactions [:omniture-api- > credentials :username]) > secret (get-in @um/interactions [:omniture-api- > credentials :shared-secret]) > nonce (DigestUtils/md5Hex (random-string 32)) > nonce-encoded-base64 (Base64/encodeBase64 (.getBytes nonce)) > date-formatter (new SimpleDateFormat "yyyy-MM- > dd'T'HH:mm:ss'Z'") > created (.format date-formatter (new Date)) > digest-as-string (apply str (.getBytes nonce) created secret) > digest (.digest (java.security.MessageDigest/getInstance "sha1") > digest-as-string) > header (apply str " UsernameToken Username=\"" username "\" > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\" > Created=\"" created "\"")] > header) > > This version gives me: > > "Exception in the main function: " #<ClassCastException > java.lang.ClassCastException: java.lang.String cannot be cast to [B> > > For a long time I was using this for the last 3 lines: > > digest-as-string (apply str nonce created secret) > digest (.digest (java.security.MessageDigest/getInstance "sha1") > (.getByes digest-as-string)) > header (apply str " UsernameToken Username=\"" username "\" > PasswordDigest=\"" digest "\" Nonce=\"" nonce-encoded-base64 "\" > Created=\"" created "\"") > > Here I wrapped the whole digest-as-string in (.getBytes) so there was > no Java error, but this simply did not work when I pinged Omniture. > > In his email, he seems to suggest that the nonce should be binary but > that the date and the secret should be strings: > > digest = sha1( Binary Nonce + Created Time String + API Secret Hex > String (32 bytes) ) " > > But, as I said, when I tried this I got the ClassCastException. > > No doubt some of my confusion is due to my ignorance of Java. > > I was able to take their sample PHP code and get that to successfully > ping their API, however, my company has an official policy of moving > to the JVM, and of course I have a personal preference to work with > Clojure. So I'd like to figure out how to get this to work in Clojure. > (Needless to say that Omniture doesn't offer sample code in Clojure.) > > I have been using clj-http to make the actual POST calls to Omniture. > Since I am on a Mac, I have been using the excellent Charles network > debugger (http://www.charlesproxy.com/) to watch the actual posts > being made. Everything looks correct, except that in the end the > requests fails, apparently because the digest is malformed. > > Any suggestions? -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
