I'm trying to port the following Java code to C#, but so far it still says that the signature is invalid.
private static String generateSignStr(Map<String, String> params, String key) {
StringBuilder sb = new StringBuilder();
params.entrySet().stream().sorted(Map.Entry.comparingByKey()).forEach(entry -> {
if (sb.length() > 0) {
sb.append('&');
}
sb.append(entry.getKey()).append('=');
sb.append(entry.getValue());
});
sb.append('&').append("api_secret")
.append('=').append(key);
return sb.toString();
}
private static String sign(String target) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
log.error("Fail to get MD5 instance");
return null;
}
md.update(target.getBytes());
byte[] dg = md.digest();
StringBuilder output = new StringBuilder(dg.length * 2);
for (byte dgByte : dg) {
int current = dgByte & 0xff;
if (current < 16) {
output.append("0");
}
output.append(Integer.toString(current, 16));
}
return output.toString();
}
private static string GenerateSign(Dictionary<string, object> query, string apiSecret)
{
var sb = new StringBuilder();
var queryParameterString = string.Join("&",
query.Where(kvp => !string.IsNullOrWhiteSpace(kvp.Value.ToString()))
.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}"));
sb.Append(queryParameterString);
if (sb.Length > 0)
{
sb.Append('&');
}
sb.Append("api_secret=").Append(apiSecret);
return sb.ToString();
}
private static string Sign(string source)
{
using var md5 = MD5.Create();
var sourceBytes = Encoding.UTF8.GetBytes(source);
var hash = md5.ComputeHash(sourceBytes);
return BitConverter.ToString(hash).Replace("-", string.Empty).ToLowerInvariant();
}
Edit:
This fixed it. However, it would be nice if someone knows a way to lexicographically sort the dictionary inside that method just like the Java code.
var #params = new Dictionary<string, object>
{
{ "api_key", _apiKey },
{ "req_time", now },
{ "op", "sub.personal" }
};
var javaSorted = #params.OrderBy(item => item.Key, StringComparer.Ordinal)
.ToDictionary(i => i.Key, i => i.Value);
var signature = Sign(GenerateSign(javaSorted, _apiSecret));
In GenerateSign method you can just create instance of SortedDictionary based on dictionary passed as parameter:
private static string GenerateSign(Dictionary<string, object> query, string apiSecret)
{
var sortedDict = new SortedDictionary<string, object>(query, StringComparer.Ordinal);
// rest of the method
}
Or you can do even better (note the important change from Dictionary to IDictionary):
private static string GenerateSign(IDictionary<string, object> query, string apiSecret)
{
query = new SortedDictionary<string, object>(query, StringComparer.Ordinal);
// rest of the method
}
Related
I am a newbie to Encryption algos and C# code.
I am trying to get some data which is being encrypted decrypted using RSA algo in C# code. Below is C# code. I can't find any similar library in Java, can you help me with getting a java equivalent for the same.
public byte[] Encrypt(byte[] data, string keyContainerName, bool doOaepPadding = false)
{
return DoCryptoTransformation(data, true, keyContainerName, doOaepPadding);
}
public byte[] Decrypt(byte[] data, string keyContainerName, bool doOaepPadding = false)
{
return DoCryptoTransformation(data, false, keyContainerName, doOaepPadding);
}
private byte[] DoCryptoTransformation(byte[] data, bool encryption, string keyContainerName,
bool doOaepPadding = false)
{
try
{
byte[] processedData;
RSACryptoServiceProvider.UseMachineKeyStore = true;
CspParameters cspParams = CreateCspParameters(keyContainerName);
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cspParams))
{
processedData = encryption ? rsa.Encrypt(data, doOaepPadding) : rsa.Decrypt(data, doOaepPadding);
}
return processedData;
}
catch (CryptographicException ex)
{
string message = string.Format("RsaCryptoProvider: Failed to {0} data.", encryption ? "encrypt" : "decrypt");
Logger.Error("{0}. Exception details: {1}", message, ex);
throw new CryptoProviderException(message, ex);
}
}
private static CspParameters CreateCspParameters(string keyContainerName)
{
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = keyContainerName;
cspParams.Flags |= CspProviderFlags.UseExistingKey;
cspParams.Flags |= CspProviderFlags.UseMachineKeyStore;
return cspParams;
}
}
The methods used which I want to redefine implementation for in java:
var previousKey = _encryptionService.RsaDecrypt(Key, CoreSettings.Instance.KeyContainerName);
Thanks for help!
I want to generate a SAS token for access to my blob container where are some of my media files.
So I created a class SharedAccessSignature.java with this code:
public class SharedAccessSignature
{
private final String signature;
private final String signedPermission;
private final String signedStart;
private final String signedExpiry;
private final String signedIdentifier;
private final String signedIp;
private final String signedProtocol;
private final String signedVersion;
private final String signedResource;
private SharedAccessSignature(SasBuilder builder)
{
signedPermission = formatAsUrlParameter("sp", builder.signedPermission);
signedStart = formatAsUrlParameter("st", builder.signedStart);
signedExpiry = formatAsUrlParameter("se", builder.signedExpiry);
signedIdentifier = formatAsUrlParameter("si", builder.signedIdentifier);
signedIp = formatAsUrlParameter("sip", builder.signedIp);
signedProtocol = formatAsUrlParameter("spr", builder.signedProtocol);
signedVersion = formatAsUrlParameter("sv", builder.signedVersion);
signedResource = formatAsUrlParameter("sr", builder.signedResource);
signature = "sig=" + new SasBuilder().encodeUtf8(builder.signature);
}
private String formatAsUrlParameter(String parameterKey, String parameterValue)
{
if (StringUtils.isNotBlank(parameterValue))
{
return parameterKey + "=" + parameterValue + "&";
}
return "";
}
#Override
public String toString()
{
return new StringBuilder()
.append(signedVersion)
.append(signedResource)
.append(signedStart)
.append(signedExpiry)
.append(signedPermission)
.append(signedIp)
.append(signedProtocol)
.append(signedIdentifier)
.append(signature)
.toString();
}
public static class SasBuilder
{
private String signature = "";
private String signedPermission = "";
private String signedStart = "";
private String signedExpiry = "";
private String canonicalizedResource = "";
private String signedIdentifier = "";
private String signedIp = "";
private String signedProtocol = "";
private String signedVersion = "";
private String signedResource = "";
public SasBuilder signedVersion(String signedVersion)
{
this.signedVersion = signedVersion;
return this;
}
public SasBuilder signedPermission(String signedPermission)
{
this.signedPermission = signedPermission;
return this;
}
public SasBuilder canonicalizedResource(String canonicalizedResource)
{
this.canonicalizedResource = canonicalizedResource;
return this;
}
public SasBuilder signedIp(String signedIp)
{
this.signedIp = signedIp;
return this;
}
public SasBuilder signedProtocol(String signedProtocol)
{
this.signedProtocol = signedProtocol;
return this;
}
public SasBuilder signedIdentifier(String signedIdentifier)
{
this.signedIdentifier = signedIdentifier;
return this;
}
public SasBuilder signedExpiry(String signedExpiry)
{
this.signedExpiry = signedExpiry;
return this;
}
public SasBuilder signedStart(String signedStart)
{
this.signedStart = signedStart;
return this;
}
public SasBuilder signedResource(String signedResource)
{
this.signedResource = signedResource;
return this;
}
public SharedAccessSignature build()
{
String toBeAsEnvironmentVariable_securityKey = "....";
signature = generateSasSignature(toBeAsEnvironmentVariable_securityKey, stringToSign());
checkPreconditions();
return new SharedAccessSignature(this);
}
private String generateSasSignature(String key, String input)
{
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256");
Encoder encoder = Base64.getEncoder();
Mac sha256_HMAC = null;
String hash = null;
try
{
sha256_HMAC = Mac.getInstance("HmacSHA256");
sha256_HMAC.init(secret_key);
hash = new String(encoder.encode(sha256_HMAC.doFinal(input.getBytes("UTF-8"))));
}
catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException | UnsupportedEncodingException e)
{
e.printStackTrace();
}
return hash;
}
private String stringToSign()
{
StringBuilder strToSign = new StringBuilder();
strToSign.append(signedPermission).append("\n");
strToSign.append(signedStart).append("\n");
strToSign.append(signedExpiry).append("\n");
strToSign.append(canonicalizedResource).append("\n");
strToSign.append(signedIdentifier).append("\n");
strToSign.append(signedIp).append("\n");
strToSign.append(signedProtocol).append("\n");
strToSign.append(signedVersion).append("\n");
strToSign.append("").append("\n");
strToSign.append("").append("\n");
strToSign.append("").append("\n");
strToSign.append("").append("\n");
strToSign.append("");
return strToSign.toString();
}
private void checkPreconditions()
{
if (StringUtils.isBlank(signedVersion) || StringUtils.isBlank(signedResource) || StringUtils.isBlank(signedPermission) || StringUtils.isBlank(signedExpiry) || StringUtils.isBlank(signature))
{
throw new IllegalStateException("SAS Builder: SignedVersion, signedResource, SignedPermission, SignedExpiry, Signature must be set.");
}
}
private String encodeUtf8(String textToBeEncoded)
{
try
{
return URLEncoder.encode(textToBeEncoded, "UTF-8");
}
catch (UnsupportedEncodingException e)
{
e.printStackTrace();
}
return textToBeEncoded;
}
}
}
And then I try to generate a SAS token like this:
SharedAccessSignature s = new SharedAccessSignature.SasBuilder()
.signedPermission("rwd")
.signedStart("2018-01-31T10:48:41Z")
.signedExpiry("2018-04-06T18:48:41Z")
.signedVersion("2015-04-05")
.signedResource("b")
.canonicalizedResource("/blob/myaccount")
.signedProtocol("https")
.build();
outcome:
sv=2015-04-05&sr=b&st=2018-01-31T10:48:41Z&se=2018-04-06T18:48:41Z&sp=rwd&spr=https&sig=kd09Y%2FTL5V%2F570VWRuEfq7XbEHvcgo4Z%2F2y9t4OswY8%3D
GET request:
https://account.blob.core.cloudapi.de/container/filename.mp4?sv=2015-04-05&sr=b&st=2018-01-31T10:48:41Z&se=2018-04-06T18:48:41Z&sp=rwd&spr=https&sig=kd09Y%2FTL5V%2F570VWRuEfq7XbEHvcgo4Z%2F2y9t4OswY8%3D
But as I am sending that request with this generated token there commes this Error from azure:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rwd 2018-01-31T10:48:41Z
2018-04-06T18:48:41Z /blob/globalweb/..... https 2015-04-05
</AuthenticationErrorDetail>
</Error>
EDIT:
I am desperate... I don´t understand it... What is wrong on this "string-to-sign"? Why the "Signature did not match"?
--------
rwd\n
2018-01-31T10:48:41Z\n
2018-04-06T18:48:41Z\n
/blob/globalweb/videos-martindale\n
\n
\n
https\n
2015-04-05\n
\n
\n
\n
\n
-------
//link: https://globalweb.blob.core.cloudapi.de/videos-martindale/somevideo.mp4?sv=2015-04-05&sr=c&st=2018-01-31T10:48:41Z&se=2018-04-06T18:48:41Z&sp=rwd&spr=https&sig=kd09Y%2FTL5V%2F570VWRuEfq7XbEHvcgo4Z%2F2y9t4OswY8%3D
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:644e47a6-001e-0050-3f20-abc0f0000000 Time:2018-02-21T14:31:10.9429817Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rwd 2018-01-31T10:48:41Z 2018-04-06T18:48:41Z /blob/globalweb/videos-martindale https 2015-04-05
</AuthenticationErrorDetail>
</Error>
The main problem is on you generateSasSignature method. It should decode the key from Base64. Like the following:
public static String generateSasSignature(String key, String input) {
SecretKeySpec secret_key = new SecretKeySpec(Base64.getDecoder().decode(key), "HmacSHA256");
Encoder encoder = Base64.getEncoder();
Mac sha256_HMAC = null;
String hash = null;
try {
sha256_HMAC = Mac.getInstance("HmacSHA256");
sha256_HMAC.init(secret_key);
hash = new String(encoder.encode(sha256_HMAC.doFinal(input.getBytes("UTF-8"))));
}
catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException | UnsupportedEncodingException e) {
e.printStackTrace();
}
return hash;
}
Then, assuming you're interested in having access to the container called mycontainer, this is how you should do:
SharedAccessSignature s = new SharedAccessSignature.SasBuilder()
.signedPermission("rwd")
.signedStart("2018-01-31T10:48:41Z")
.signedExpiry("2018-04-06T18:48:41Z")
.signedVersion("2015-04-05")
.signedResource("c") // <<---- note here
.canonicalizedResource("/blob/globalweb/mycontainer") // No ending slash!
.signedProtocol("https")
.build();
However, if you want to generate an Account SAS, the following code does the trick:
public static void main(String[] args) throws UnsupportedEncodingException {
String accountName = "globalweb";
String signedPermissions = "rl"; //read and list
String signedService = "b"; //blob
String signedResType = "sco"; //service, container, objects
String start = "2018-02-22T17:16:25Z";
String expiry = "2018-02-28T01:16:25Z";
String signedIp = "";
String protocol = "https";
String signedVersion = "2017-07-29";
String stringToSign =
accountName + "\n" +
signedPermissions + "\n" +
signedService + "\n" +
signedResType + "\n" +
start + "\n" +
expiry + "\n" +
signedIp + "\n" +
protocol + "\n" +
signedVersion + "\n";
//outputs SAS Token
System.out.println(
"?sv="+signedVersion +
"&ss="+signedService +
"&srt="+signedResType +
"&sp="+signedPermissions +
"&st="+start+
"&se="+expiry+
"&spr="+protocol+
"&sig="+
URLEncoder.encode(SasBuilder.generateSasSignature(MY_KEY_BASE64, stringToSign), "UTF-8"));
}
Got this same error which led me to this post:
403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
In my case I had an EncodeURI() on the already encoded uri.
Removing this also fixed the error.
Please try this if you are using 12.5. I was able to get this working with the following:
try {
//Authenticate
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(this.getAzureAccountName(), this.getAzureAccountKey());
//Get the Blob Service Client
BlobServiceClient client = new BlobServiceClientBuilder()
.endpoint(this.getAzureEndPoint())
.credential(credential)
.buildClient();
//Get the blobContainerClient
BlobContainerClient blobContainerClient =
blobServiceClient.get().getBlobContainerClient(containerName);
BlockBlobClient blockBlobClient = blobContainerClient
.getBlobClient(bolbName)
.getBlockBlobClient();
//Setting Account Permission
AccountSasPermission permissions = new AccountSasPermission()
.setListPermission(true)
.setReadPermission(true);
//Following line is required if signature to be generated at container level
//AccountSasResourceType resourceTypes = new AccountSasResourceType().setContainer(true);
//In case you want to generate the signature at the object level use
AccountSasResourceType resourceTypes = new AccountSasResourceType().setObject(true);
AccountSasService services = new AccountSasService().setBlobAccess(true).setFileAccess(true);
//Valid for 2 days starting today
OffsetDateTime expiryTime = OffsetDateTime.now().plus(Duration.ofDays(2));
AccountSasSignatureValues sasValues =
new AccountSasSignatureValues(expiryTime, permissions, services, resourceTypes);
String sasToken = blobServiceClient.get().generateAccountSas(sasValues);
sasToken = blockBlobClient.getBlobUrl()+"?"+sasToken;
System.out.println("URL to get view the Blob in Browser "+sasToken);
} catch (Exception e) {
log.error("Error = {}",e.getMessage());
}
Hi can anyone help me how to write the below code in java
$timestamp = time();
$uri = "https://sample.json";
$password = "*********";
$security_token = sha1($timestamp.$uri.$password);
Thanks for any help.
Could the following code be what you are looking for?
public class Main {
public static void main(String[] args) {
long timestamp = System.currentTimeMillis();
String uri = "https://sample.json";
String password = "*********";
String message = (timestamp + uri + password);
System.out.println("message: " + message);
try {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
byte[] securityToken = messageDigest.digest(message.getBytes());
System.out.println("SHA-1 Hex: " + bytesToHex(securityToken));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static String bytesToHex(byte[] in) {
final StringBuilder builder = new StringBuilder();
for(byte b : in) {
builder.append(String.format("%02x", b));
}
return builder.toString();
}
}
It outputs:
message: 1456907866378https://sample.json*********
SHA-1 Hex: 3a5b2e4857e7ebc9fea31d5a52b5d1fbaef59f53
I need help to convert this code to Java for password comparison and it must run on Android.
I am specially confused in how to add the salt given in this C# Code here:
Code C#
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace CMS.Core.Utility
{
public sealed class CMSHashManager
{
private static readonly string _salt = "3D5900AE-111A-45BE-96B3-D9E4606CA793";
private static readonly int _hashIterationsMax = 10;
private CMSHashManager()
{
}
#region Public Methods
//Gets the salted hash value with predetermined iterations.
public static string GetPasswordHash(string plaintextPassword)
{
string hashData = plaintextPassword;
for (int hashLimit = 0; hashLimit < _hashIterationsMax; hashLimit++)
hashData = GetHash(_salt + hashData);
return hashData;
}
//Verifies the hash
public static bool VerifyHashedPassword(string plaintextPassword, string encryptedPassword)
{
string hashData = GetPasswordHash(plaintextPassword);
return encryptedPassword.Equals(hashData);
}
#endregion Public Methods
#region Private Methods
//Gets the hash value of the data using SHA512Managed
private static string GetHash(string unhashedData)
{
byte[] hashData = Encoding.UTF8.GetBytes(unhashedData);
// on server 2003 or higher, can use SHA512CryptoServiceProvider
//SHA512CryptoServiceProvider sha512CryptoServiceProvider = new SHA512CryptoServiceProvider();
SHA512Managed sha512CryptoServiceProvider = new SHA512Managed();
hashData = sha512CryptoServiceProvider.ComputeHash(hashData);
sha512CryptoServiceProvider.Clear();
return Convert.ToBase64String(hashData);
}
#endregion Private Methods
}
}
I have already written this java method which creates a MD5 hash:
Code Java
public String getMD5Password(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException{
MessageDigest digest = java.security.MessageDigest.getInstance("SHA-512");
digest.update(password.getBytes("UTF-16LE"));
byte messageDigest[] = digest.digest();
// Create Hex String
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < messageDigest.length; i++) {
String h = Integer.toHexString(0xFF & messageDigest[i]);
while (h.length() < 2)
h = "0" + h;
hexString.append(h);
}
return hexString.toString();
}
Test
For testing purposes you can use the following case:
plaintext:12345
Encrypted:NgkuakH7UsCQwGHMQOhVXI3nW6M+1AtREY4Qx35osQo87p/whZIzy8cZU7+R7XnmyzgMzLWSvX+rTiWzfGTPsA==
I tried to reproduce your code.
For the password test it produces the following BASE64 output
Q0Y2QkI0MTBFRUJFOTAyNkU1OUZGMUNGMzU0NkYzMkI3NDZFMzE5RjQzNTc0MDM5QjU2MUI2NEQxOTQzNzRGMDRENDM0QzMyQjg3MjMwQkM1N0I0ODFDRDlEODlBNjMxQjMyNjRGQjNBQjAwMEYwNjk5Rjc0NUNEQjgzMzY1RkM=
I used the following code:
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
//import javax.xml.bind.DatatypeConverter;
import android.util.Base64;
public class Support {
private static final String SALT = "3D5900AE-111A-45BE-96B3-D9E4606CA793";
private static final int MAX_HASH_ITERATIONS = 10;
public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException {
String result = Support.GetPasswordHash("test");
System.out.println(result);
}
public static String GetPasswordHash(String plaintextPassword) throws NoSuchAlgorithmException, UnsupportedEncodingException {
String hashData = plaintextPassword;
for (int hashLimit = 0; hashLimit < MAX_HASH_ITERATIONS; hashLimit++) {
hashData = GetHash(SALT + hashData);
}
return hashData;
}
//Gets the hash value of the data using SHA512Managed
private static String GetHash(String unhashedData) throws NoSuchAlgorithmException, UnsupportedEncodingException {
return getMD5Password(unhashedData);
}
//Verifies the hash
public static boolean VerifyHashedPassword(String plaintextPassword, String encryptedPassword) throws NoSuchAlgorithmException, UnsupportedEncodingException {
String hashData = GetPasswordHash(plaintextPassword);
return encryptedPassword.equals(hashData);
}
public static String getMD5Password(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException{
MessageDigest digest = java.security.MessageDigest.getInstance("SHA-512");
digest.update(password.getBytes("UTF-16LE"));
byte messageDigest[] = digest.digest();
StringBuilder sb = new StringBuilder();
for(int iPos = 0; iPos < messageDigest.length; iPos++) {
String h = Integer.toHexString(0xFF & messageDigest[iPos]);
while (h.length() < 2) {
h = "0" + h;
}
sb.append(h);
}
String md5String = sb.toString().toUpperCase();
String res = Base64.encodeToString(md5String.getBytes(), Base64.DEFAULT);
return res;
}
}
I have following code written in Java
Mac mac = Mac.getInstance("HmacSHA1");
String secretKey ="sKey";
String content ="Hello";
byte[] secretKeyBArr = secretKey.getBytes();
byte[] contentBArr = content.getBytes();
SecretKeySpec secret_key = new SecretKeySpec(secretKeyBArr,"HmacSHA1");
byte[] secretKeySpecArr = secret_key.getEncoded();
mac.init(secret_key);
byte[] final = mac.doFinal(contentBArr);
I want to make same example in C#. So, I wrote following code
HMACSHA1 hmacsha1 = new HMACSHA1();
string secretKey = "sKey";
string content = "Hello";
byte[] secretKeyBArr = Encoding.UTF8.GetBytes(secretKey);
byte[] contentBArr = Encoding.UTF8.GetBytes(content);
hmacsha1.Key = secretKeyBArr;
byte[] final = hmacsha1.ComputeHash(contentBArr);
Final results are not equal. secretKeyBArr and contentBArr are byte array and their values are same in both example. What is unknown is SecretKeySpec passed to mac.init(). So, what is equivalent same class in C#?
The results are identical, but Java uses signed bytes while C# uses unsigned bytes by default.
Furthermore, SecretKeySpec itself normally does not change the underlying data. You need to e.g. put a DES key specification in a SecretKeyFactory to make sure that the parity bits are set correctly (in the resulting SecretKey). So there is no need for an equivalent as the class itself does very little except wrapping the data.
I'm implementing a credit card payment method form a provider (cardinity) that doesn't provide a .net implementation. I'm looking for similar stuff and end-up writing my own as my google skills seem to be ....
What I need is the base64 string of javax.crypto.mac
I am supporting the following methods:
enum EncryptionMethods
{
None=0,
HMACSHA1,
HMACSHA256,
HMACSHA384,
HMACSHA512,
HMACMD5
}
I have implemented the code you have above, the SecretKeySpec and the Mac the following way (you need System.Security.Cryptography.ProtectedData):
internal class Protected
{
private Byte[] salt = Guid.NewGuid().ToByteArray();
protected byte[] Protect(byte[] data)
{
try
{
return ProtectedData.Protect(data, salt, DataProtectionScope.CurrentUser);
}
catch (CryptographicException)//no reason for hackers to know it failed
{
return null;
}
}
protected byte[] Unprotect(byte[] data)
{
try
{
return ProtectedData.Unprotect(data, salt, DataProtectionScope.CurrentUser);
}
catch (CryptographicException)//no reason for hackers to know it failed
{
return null;
}
}
}
internal class SecretKeySpec:Protected,IDisposable
{
readonly EncryptionMethods _method;
private byte[] _secretKey;
public SecretKeySpec(byte[] secretKey, EncryptionMethods encryptionMethod)
{
_secretKey = Protect(secretKey);
_method = encryptionMethod;
}
public EncryptionMethods Method => _method;
public byte[] SecretKey => Unprotect( _secretKey);
public void Dispose()
{
if (_secretKey == null)
return;
//overwrite array memory
for (int i = 0; i < _secretKey.Length; i++)
{
_secretKey[i] = 0;
}
//set-null
_secretKey = null;
}
~SecretKeySpec()
{
Dispose();
}
}
internal class Mac : Protected,IDisposable
{
byte[] rawHmac;
HMAC mac;
public Mac(SecretKeySpec key, string data)
{
switch (key.Method)
{
case EncryptionMethods.HMACMD5:
mac = new HMACMD5(key.SecretKey);
break;
case EncryptionMethods.HMACSHA512:
mac = new HMACSHA512(key.SecretKey);
break;
case EncryptionMethods.HMACSHA384:
mac = new HMACSHA384(key.SecretKey);
break;
case EncryptionMethods.HMACSHA256:
mac = new HMACSHA256(key.SecretKey);
break;
case EncryptionMethods.HMACSHA1:
mac = new HMACSHA1(key.SecretKey);
break;
default:
throw new NotSupportedException("not supported HMAC");
}
rawHmac = Protect( mac.ComputeHash(Cardinity.ENCODING.GetBytes(data)));
}
public string AsBase64()
{
return System.Convert.ToBase64String(Unprotect(rawHmac));
}
public void Dispose()
{
if (rawHmac != null)
{
//overwrite memory address
for (int i = 0; i < rawHmac.Length; i++)
{
rawHmac[i] = 0;
}
//release memory now
rawHmac = null;
}
mac?.Dispose();
mac = null;
}
~Mac()
{
Dispose();
}
}
I have implemented this in an OAuthSigner class the following way:
public override string ComputeSignature(string plainTextToEncode, string consumerSecret)
{
var key = PercentEncode(consumerSecret) + "&";
try
{
using (var secretKey = new SecretKeySpec(key.GetBytes(), EncryptionMethods.HMACSHA1))
using (Mac mac = new Mac(secretKey, plainTextToEncode))
{
return mac.AsBase64();
}
}
finally
{
key = null;//free memory, remove sensitive data
}
}
Then, it's not what you ask for but I need a helper method as I am sending my text to a web service that goes like this and I include it as some might copy the code:
public static String PercentEncode(string textToEncode)
{
return string.IsNullOrEmpty(textToEncode)
?""
: UrlEncoder.Default.Encode(Cardinity.ENCODING.GetString(Cardinity.ENCODING.GetBytes(textToEncode)))
.Replace("+", "%20").Replace("*", "%2A")
.Replace("%7E", "~");
}
The class UrlEncoder comes from System.Text.Encodings.Web, you may have to add a reference.
The class named Cardinity implements a "short-cut" to the Encoding that I use for Cardinity
public abstract class Cardinity
{
...
public static String API_BASE = "https://api.cardinity.com";
public static String API_VERSION = "v1";
public static String VERSION = "0.1";
public static String ENCODING_CHARSET = "UTF-8";
public static Encoding ENCODING => Encoding.UTF8;
}
as Java uses string.GetBytes a lot, I have added an extension method for this that I call above in the key.GetBytes(), here is the extension code:
public static byte[] GetBytes(this string sender)=>
Cardinity.ENCODING.GetBytes(sender);
My test method, I have copied the values from Cardinity API passes without any issues.
private OAuthSigner signer;
public HmacOAuthSigner_Test()
{
signer = new HmacOAuthSigner();
}
[TestMethod]
public void Test_HmacOAuthSigner_ComputeSignature_DefaultText()
{
var expects = "PxkffxyQh6jsDNcgJ23GpAxs2y8=";
var test_data = "justsomerandommessage";
var secretkey = "yvp0leodf231ihv9u29uuq6w8o4cat9qz2nkvs55oeu833s621";
var actual = signer.ComputeSignature(test_data, secretkey);
Assert.AreEqual(expects, actual, $"Expecting {test_data} to return {expects} received {actual}");
}
The whole implementation of the HmacOAuthSigner is here, it implements an abstract class with the PercentEncode method in it.
public class HmacOAuthSigner : OAuthSigner
{
public override string ComputeSignature(string signatureBaseString, string consumerSecret)
{
var key = PercentEncode(consumerSecret) + "&";
var secretKey = new SecretKeySpec(key.GetBytes(), EncryptionMethods.HMACSHA1);
using (Mac mac = new Mac(secretKey, signatureBaseString))
{
return mac.AsBase64();
}
}
public override string GetSignatureMethod()
{
return "HMAC-SHA1";
}
}
and the abstract class that I use as a contract for all the implementations:
public abstract class OAuthSigner
{
/// <summary>
/// Signature method used
/// </summary>
/// <returns>a string that tells the implementation method</returns>
public abstract string GetSignatureMethod();
/// <summary>
/// computes the signature that is used with the encryption based on the keys provided by cardinity
/// </summary>
/// <param name="signatureBaseString">The secret string that services as a base</param>
/// <param name="consumerSecret">The consumer key as specified in the API settings</param>
/// <returns>signature string computed by the provided parameters using the signature method</returns>
public abstract string ComputeSignature(String signatureBaseString, String consumerSecret);
/// <summary>
/// Encode a string into a format expected by Cardinity
/// </summary>
/// <param name="textToEncode">The text that is to be encoded</param>
/// <returns>web encoded string ready for using to send to Cardinity</returns>
public static String PercentEncode(string textToEncode)
{
return string.IsNullOrEmpty(textToEncode)
?""
: UrlEncoder.Default.Encode(Cardinity.ENCODING.GetString(Cardinity.ENCODING.GetBytes(textToEncode)))
.Replace("+", "%20").Replace("*", "%2A")
.Replace("%7E", "~");
}
}