Great! Could you link to it from the issue https://github.com/Graylog2/graylog2-web-interface/issues/560 ? Maybe we can either integrate something, or at the very least point people to it.
Many thanks! On Wed, Jun 11, 2014 at 2:36 PM, Егор Морозов <[email protected]> wrote: > Hi, > > Hooray! I was finally able to do this. Thanks a lot :) I think I'll make up > the code and release it later~ > > > On Tuesday, June 10, 2014 4:57:33 PM UTC+3, Kay Röpke wrote: >> >> Hi! >> >> I believe this is the Play framework signing the entire cookie. >> The relevant code looks like: >> /** >> * Signs the given String with HMAC-SHA1 using the application’s secret >> key. >> * >> * By default this uses the platform default JSSE provider. This >> can be overridden by defining >> * `application.crypto.provider` in `application.conf`. >> * >> * @param message The message to sign. >> * @return A hexadecimal encoded signature. >> */ >> def sign(message: String): String = { >> secret.map(secret => sign(message, >> secret.getBytes("utf-8"))).getOrElse { >> throw new PlayException("Configuration error", "Missing >> application.secret") >> } >> } >> >> /** >> * Signs the given String with HMAC-SHA1 using the given key. >> * >> * By default this uses the platform default JSSE provider. This >> can be overridden by defining >> * `application.crypto.provider` in `application.conf`. >> * >> * @param message The message to sign. >> * @param key The private key to sign with. >> * @return A hexadecimal encoded signature. >> */ >> def sign(message: String, key: Array[Byte]): String = { >> val mac = provider.map(p => Mac.getInstance("HmacSHA1", >> p)).getOrElse(Mac.getInstance("HmacSHA1")) >> mac.init(new SecretKeySpec(key, "HmacSHA1")) >> Codecs.toHexString(mac.doFinal(message.getBytes("utf-8"))) >> } >> >> So you should be able to take the application.secret, use that as the >> HmacSHA1 secret, sign the entire cookie value (incl. the cookie name >> and '=') and prepend the sha + '-'. >> >> What I couldn't find the code for right away is how the cookie value >> is generated if it is a map. But I think that's not relevant here. >> >> Hope that helps! >> >> Kay > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
