RE: guacamole-auth-json is not working

[Prashant K]

Hello Friends,
I am trying to use the guacamole-auth-json in the C# code, but the signing 
using the HMAC (-sha256 -mac HMAC) seems to be giving different results than 
the one obtained from the encrypt-json.sh

I am pasting the sample C# code:

public class MyHmac
    {
        static void CreateToken(string message, string secret)
        {
            var encoding = new System.Text.ASCIIEncoding();
            byte[] keyByte = encoding.GetBytes(secret);
            byte[] messageBytes = encoding.GetBytes(message);
            using (var hmacsha256 = new HMACSHA256(keyByte))
            {
                byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
                Console.WriteLine("Base64 String:  " + 
Convert.ToBase64String(hashmessage));
                Console.ReadLine();
            }
        }

        static void Main(string[] args)
        {
            // Secret Key same as in the Guacamole properties
            const string secret_key = "4c0b569e4c96df157eee1b65dd0e4d41";
            string json_data = 
System.IO.File.ReadAllText(@"D:\QCAP\Guacamole\json1.txt");
            CreateToken(json_data, secret_key);
        }
    }

To match the logic I am only using sign() function and commented the encrypt() 
function in the encrypt-json.sh file and removed binary parameter from the sign 
function but the output is still different.
Output from encrypt-json.sh:
Base64 String:  udV2lZWy669GwqRLVjGQ6ue9t9q+5BCS65G6x+I6h7w=

Output from C# code:
HMAC-SHA256(authpwd.json)= 
5ee6d6b014497be01754e3d16a5164c95d2246d92e640dc3931d8f8810799e79

Please suggest what is wrong here?

Regards,
Prashant
From: Prashant K
Sent: Wednesday, September 2, 2020 12:45 AM
To: user@guacamole.apache.org
Subject: RE: guacamole-auth-json is not working

Thanks a ton Nick, you made my day ☺

Regards,
Prashant
From: Nick Couchman <vn...@apache.org<mailto:vn...@apache.org>>
Sent: Wednesday, September 2, 2020 12:28 AM
To: user@guacamole.apache.org<mailto:user@guacamole.apache.org>
Subject: Re: guacamole-auth-json is not working

On Tue, Sep 1, 2020 at 2:49 PM Prashant K 
<prashan...@agreeya.com<mailto:prashan...@agreeya.com>> wrote:
Here:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/guacamole-auth-json-Questions-td3214.html

Mike you replied in above thread:
If you mean you are providing JSON like:

{
    'username' : 'foo',
    'password' : 'bar
}

this is not working because it is invalid. There is no password property:


You are confusing JSON authentication module properties with connection 
parameters.  You would do something like this:

 {
        "username" : "administrator",
        "expires" : "1599764011",
        "connections" : {
            "SQLDB" : {
                "protocol" : "rdp",
                "parameters" : {
                    "hostname" : "10.9.31.85",
                    "ignore-cert" : "true",
                    "port" : "3389",
                    "username" : "windowsuser",
                    "password" : "SuperSecretPassword"
                }
            }
        }
    }

The first "username" field is the username for Guacamole; the second username 
field and matching password field is the connection parameter.  Guacamole 
username is not the same as the connection username/password.

-Nick