Here is the code that calls three functions from my custom java class:
QAndroidJniObject datafile = QAndroidJniObject::fromString(path);
QAndroidJniObject password = QAndroidJniObject::fromString("asimpletest");
QAndroidJniObject::callStaticObjectMethod("org/qcolocrypt/AESCrypt",
"AESCryptInit",
"(Ljava/lang/String;Ljava/lang/String;)V;",
password.object<jstring>(),
datafile.object<jstring>());
QAndroidJniObject decrypted_data = QAndroidJniObject::callStaticObjectMethod("org/qcolocrypt/AESCrypt",
"decrypt",
"()Ljava/lang/String;");
QAndroidJniObject fname = QAndroidJniObject::callStaticObjectMethod("org/qcolocrypt/AESCrypt",
"getFilename",
"()Ljava/lang/String;");
QAndroidJniObject status = QAndroidJniObject::callStaticObjectMethod("org/qcolocrypt/AESCrypt",
"getStatus",
"()Ljava/lang/String;");
Here is the java code for three of these functions:
The non working one:
public static void AESCryptInit (String passwd, String datafile){
// Initializing variables.
rawdata = null;
status = "";
fileName = datafile;
Log.i("[QCOLOCRYPT]","The filename is " + datafile);
// Transforming the passwd to 16 bytes.
try {
MessageDigest digester = MessageDigest.getInstance("MD5");
InputStream in = new ByteArrayInputStream(Charset.forName(encoding).encode(passwd).array());
byte[] buffer = new byte[NCHARS];
int byteCount;
while ((byteCount = in.read(buffer)) > 0) {
digester.update(buffer, 0, byteCount);
}
keyBytes = digester.digest();
}
catch(Exception e){
status = "Error in key generation: " + e.toString();
}
// Initilizing the crypto engine
try {
cipher = Cipher.getInstance(algorithm);
}
catch(Exception e){
status = "Error in intialization: " + e.toString();
}
secretKeySpec = new SecretKeySpec(keyBytes, "AES");
ivParameterSpec = new IvParameterSpec(keyBytes);
}
And two that work
// Getting status
public static String getStatus(){return status;}
public static String getFilename() {
Log.i("[QCOLOCRYPT]","Getting the file name");
return "The Filename is: " + fileName;
}
The non-working function is not being called because its debug message is NOT being printed, while I get the log message AND the return values of the other two. Logcat does not seem to show any errors, so I'm at a loss. Am I calling it wrong?
Ok, so this isn't exactly an answer. It's more of a workaround, I got the function to work, but the only way I could do it is by returning a String. I've tried with an Integer using (Arguments)I; as the signature but I had the same problem. I modified the Java function to return a status string, changed the signature to reflect that, and everything worked perfectly. Though its weird.
Related
public static String buildSignAndUrl(long partnerId, String secret, String path){
long timestamp = System.currentTimeMillis() / 1000L;
String base_String = String.format("%s%s%s", partnerId, path, timestamp);
byte[] baseStringBytes;
byte[] partner_key;
BigInteger sign = null;
try{
baseStringBytes = base_String.getBytes(StandardCharsets.UTF_8);
partner_key = secret.getBytes(StandardCharsets.UTF_8);
Mac mac = Mac.getInstance(HmacAlgorithms.HMAC_SHA_256.toString());
SecretKeySpec secret_key = new SecretKeySpec(partner_key, HmacAlgorithms.HMAC_SHA_256.toString());
mac.init(secret_key);
sign = new BigInteger(mac.doFinal(baseStringBytes));
} catch (Exception e){
e.printStackTrace();
}
String url = SANDBOX_HOST + path + String.format("?partner_id=%s×tamp=%s&sign=%s",
partnerId, timestamp, String.format("%032x", sign));
return url;
}
// Why use this url to send a post may cause "Wrong sign"? the timestamp in url and the timestamp to calculate a sign are same;
I need to convert string into base64 under Oreo api level.
I have the following code:
public String genAuthKey(String u, String p){
user = u;
pass = p;
key = user+":"+pass;
byte[] encodedBytes = new byte[0];
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
encodedBytes = Base64.getEncoder().encode(key.getBytes());
Log.e("VERSION IS","O");
}else{
encodedBytes = Base64.getEncoder().encodeToString(key.getBytes()).getBytes();
Log.e("VERSION LESS","O");
}
Log.e("key",new String(encodedBytes,Charset.forName("UTF-8")));
return new String(encodedBytes, Charset.forName("UTF-8"));
}
In else condition, I need code to convert and send the data properly. How can I do that?
first add this import
import android.util.Base64;
then replace your method with a version agnostic variant
public String genAuthKey(String u, String p) {
user = u;
pass = p;
key = user + ":" + pass;
byte[] encodedBytes = Base64.encode(key.getBytes(), Base64.DEFAULT);
Log.e("key", new String(encodedBytes, StandardCharsets.UTF_8));
return new String(encodedBytes, StandardCharsets.UTF_8);
}
Enjoy!
Try this code for encoding kotlin:
var encodedString = Base64.encode("Your String", Base64.DEFAULT).toString(Charsets.UTF_8)
and for decoding:
var decodedString = Base64.decode(encodedString, Base64.DEFAULT).toString(Charsets.UTF_8)
I have a pdf Document and that need to be digitally signed and the signature is provided by external service. I don't have the certificate chain prior to initiate the signature. I tried the following code but getting SigDict/Contents illegal data message.
source to create document hash and post that to external service to sign it
InputStream data = null;
DocumentSignStatus documentSignStatus = new DocumentSignStatus();
int contentEstimated = 8192;
PdfReader reader = new PdfReader(requestParams.getDocumentToBeSigned());
try {
reader.unethicalreading = true;
int pdfPagenumber = 1;
if((Integer)requestParams.getSignPageNo() == null || requestParams.getSignPageNo()==0 ){
//pdfPagenumber = 1; // Default signature on first page.
pdfPagenumber = reader.getNumberOfPages(); // Sign on last page
}else {
pdfPagenumber = requestParams.getSignPageNo();
}
PdfSignatureAppearance appearance = null;
ByteArrayOutputStream os = null;
os = new ByteArrayOutputStream ();
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0', null, true);
Calendar cal = Calendar.getInstance();
appearance = stamper.getSignatureAppearance();
appearance.setSignDate(cal);
appearance.setAcro6Layers(false);
appearance.setReason("Test Signature");
appearance.setLocation("India");
appearance.setImage(null);
appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
Rectangle rect = requestParams.getRect();
appearance.setVisibleSignature(rect, pdfPagenumber, null);
HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>();
exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2));
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
dic.setReason(appearance.getReason());
dic.setLocation(appearance.getLocation());
dic.setContact(appearance.getContact());
dic.setDate(new PdfDate(appearance.getSignDate()));
appearance.setCryptoDictionary(dic);
appearance.preClose(exc);
data = appearance.getRangeStream();
MessageDigest messageDigest;
String provider = null;
String hashAlgorithm = DigestAlgorithms.SHA256;
if (provider == null){
messageDigest = MessageDigest.getInstance(hashAlgorithm);
}else {
messageDigest = MessageDigest.getInstance(hashAlgorithm,provider);
}
int read = 0;
byte[] buff = new byte[contentEstimated];
while ((read = data.read(buff, 0, contentEstimated)) > 0)
{
messageDigest.update(buff,0,read);
}
byte[] hashDigest = messageDigest.digest();
byte[] documentHash = org.bouncycastle.util.encoders.Hex.encode(hashDigest);
//eSign Start
String hashdocument = new String(documentHash, "UTF-8");
System.out.println("Document Hash :"+hashdocument);
//Generate Sign Request XML for external source to sign the document hash
String eSignXmlStr = esignXML.generateEsignXML20(hashdocument,requestParams.getAadhaarNo());
String eSignSignedXML = myXMLSigner.signXML(eSignXmlStr, true);
System.out.print("sign request xml: " + eSignSignedXML);
// sign request xml generation complete
documentSignStatus.setSignedXML(eSignSignedXML);
session.put("hashdocument", documentHash);
session.put("appearance", appearance);
session.put("baos", os);
}catch(Exception e) {
e.printStackTrace();
}
return documentSignStatus;
Following is the source to attach the PKCS7 response to pdf to complete the signature procedure and get the signed pdf.
byte[] hashdocument = (byte[])session.get("hashdocument");
PdfSignatureAppearance appearance = (PdfSignatureAppearance)session.get("appearance");
ByteArrayOutputStream os = (ByteArrayOutputStream)session.get("baos");
//Get signed response xml
InputStream x = request.getInputStream();
String responseXML = IOUtils.toString(x, "UTF-8");
System.out.print("REsponse:" + responseXML);
//parse the xml and get pkcs7 data
String pkcs7asString = getPKCS7DataFromDigitalSignatureResponse(responseXML);
byte[] signedDocByte = org.bouncycastle.util.encoders.Base64.decode(pkcs7asString);
//////////////////// ADD SIGNED BYTES/HASH TO PDF DOCUMENT.
int contentEstimated = 8129;
byte[] paddedSig = new byte[contentEstimated];
System.arraycopy(signedDocByte, 0, paddedSig, 0, signedDocByte.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true));
try {
appearance.close(dic2);
} catch (DocumentException e) {
e.printStackTrace();
}
try(OutputStream outputStream = new FileOutputStream("/SignTest2.0.pdf")) {
os.writeTo(outputStream);
}
os.close();
The method getPKCS7DataFromDigitalSignatureResponse(responseXML) is used to parse the external service response it returns a PKCS7 as String.
I tried to figure out the problem but couldn't find the root cause.
can anyone help to sort out this issue. Using itext version 5.4.5 copy od signed document is PDF with Signature Problem
I found the root cause of the issue, I made a small mistake, the content estimation variable in not correct in above source due to that paddedSig was not created properly.
Wrong value as shown in above source. int contentEstimated = 8129;
Correct Value is int contentEstimated = 8192;
Rest of the code is fine.
I'm using Play framework to develop consumer for Instagram real-time API. But still could not perform x-hub-signature verification properly. So, how can we perform Instagram x-hub-signature verification using Java and Play framework?
Here is my current code:
From the Play framework, I obtain the JSON payload using this method:
public static Result receiveInstaData(){
JsonNode json = request().body().asJson();
//obtain the x-hub-signature from the header
//obtain the corresponding client secret
VerificationResult verificationResult =
SubscriptionUtil.verifySubscriptionPostSignature(
clientSecret, json.toString(), xHubSignature);
if(verificationResult.isSuccess()){
//do something
}
}
Then inside the SubscriptionUtil, I perform verification using this following code:
public static VerificationResult verifySubscriptionPostSignature(String clientSecret, String rawJsonData, String xHubSignature) {
SecretKeySpec keySpec;
keySpec = new SecretKeySpec(clientSecret.getBytes("UTF-8"), HMAC_SHA1);
Mac mac;
mac = Mac.getInstance(HMAC_SHA1);
mac.init(keySpec);
byte[] result;
result = mac.doFinal(rawJsonData.getBytes("UTF-8"));
String encodedResult = Hex.encodeHexString(result);
return new VerificationResult(encodedResult.equals(xHubSignature), encodedResult);
}
I created a standalone Python script that copies the instagram-python implementation and both of them produce the same results for the same clientSecret and jsonString. Maybe I should provide with raw binary data instead of String.
If let's say we need a raw binary data for JSON request, then I need to create my custom BodyParser to parse the JSON request to raw binary data[5]
References:
[1-4]http://pastebin.com/g4uuDwzn (SO doesn't allow me to post more than 2 links, so I put all the references here. The links contain the signature verification in Ruby, Python and PHP)
[5]https://groups.google.com/forum/#!msg/play-framework/YMQb6yeDH5o/jU8FD--yVPYJ
[6]My standalone python script:
#! /usr/bin/env python
import sys
import hmac
import hashlib
hc_client_secret = "myclientsecret"
hc_raw_response = "[{\"subscription_id\":\"1\",\"object\":\"user\",\"object_id\":\"1234\",\"changed_aspect\":\"media\",\"time\":1297286541},{\"subscription_id\":\"2\",\"object\":\"tag\",\"object_id\":\"nofilter\",\"changed_aspect\":\"media\",\"time\":1297286541}]"
client_secret = hc_client_secret
raw_response = hc_raw_response
if len(sys.argv) != 3:
print 'Usage verify_signature <client_secret> <raw_response>.\nSince the inputs are invalid, use the hardcoded value instead!'
else:
client_secret = sys.argv[1]
raw_response = sys.argv[2]
print "client_secret = " + client_secret
print "raw_response = " + raw_response
digest = hmac.new(client_secret.encode('utf-8'), msg=raw_response.encode('utf-8'), digestmod=hashlib.sha1).hexdigest()
print digest
Finally I managed to find the solution. For the Controller in Play Framework, we need to use BodyParser.Raw so the we can extract the payload request as raw data, i.e. array of bytes.
Here's the code for the controller in Play Framework:
#BodyParser.Of(BodyParser.Raw.class)
public static Result receiveRawInstaData(){
Map<String, String[]> headers = request().headers();
RawBuffer jsonRaw = request().body().asRaw();
if(jsonRaw == null){
logger.warn("jsonRaw is null. Something is wrong with the payload");
return badRequest("Expecting serializable raw data");
}
String[] xHubSignature = headers.get(InstaSubscriptionUtils.HTTP_HEADER_X_HUB_SIGNATURE);
if(xHubSignature == null){
logger.error("Invalid POST. It does not contain {} in its header", InstaSubscriptionUtils.HTTP_HEADER_X_HUB_SIGNATURE);
return badRequest("You are not Instagram!\n");
}
String json;
byte[] jsonRawBytes;
jsonRawBytes = jsonRaw.asBytes();
json = new String(jsonRawBytes, StandardCharsets.UTF_8);
try {
String clientSecret = InstaSubscriptionUtils.getClientSecret(1);
VerificationResult verificationResult = SubscriptionUtil.verifySubscriptionPostRequestSignature
(clientSecret,jsonRawBytes, xHubSignature[0]);
if(verificationResult.isSuccess()){
logger.debug("Signature matches!. Received signature: {}, calculated signature: {}", xHubSignature[0], verificationResult.getCalculatedSignature());
}else{
logger.error("Signature doesn't match. Received signature: {}, calculated signature: {}", xHubSignature[0], verificationResult.getCalculatedSignature());
return badRequest("Signature does not match!\n");
}
} catch (InstagramException e) {
logger.error("Instagram exception.", e);
return internalServerError("Internal server error. We will attend to this problem ASAP!");
}
logger.debug("Received xHubSignature: {}", xHubSignature[0]);
logger.info("Sucessfully received json data: {}", json);
return ok("OK!");
}
And for the code for method verifySubscriptionPostRequestSignature in SubscriptionUtil
public static VerificationResult verifySubscriptionPostRequestSignature(String clientSecret, byte[] rawJsonData, String xHubSignature) throws InstagramException{
SecretKeySpec keySpec;
keySpec = new SecretKeySpec(clientSecret.getBytes(StandardCharsets.UTF_8), HMAC_SHA1);
Mac mac;
try {
mac = Mac.getInstance(HMAC_SHA1);
mac.init(keySpec);
byte[] result = mac.doFinal(rawJsonData);
String encodedResult = Hex.encodeHexString(result);
return new VerificationResult(encodedResult.equals(xHubSignature), encodedResult);
} catch (NoSuchAlgorithmException e) {
throw new InstagramException("Invalid algorithm name!", e);
} catch (InvalidKeyException e){
throw new InstagramException("Invalid key: " + clientSecret, e);
}
}
I implemented this solution in jInstagram, here is the link to the source code: SubscriptionUtil
I am trying to parse the facebook signed_request in 32 bit operating system.
The java code for parsing signed_request in 64 bit operating system works fine.
When I am using the modified code in 32 bit operating system,
it gives the following error 'Unexpected character (£) at position 0'.
Please help me to identify the issue.
if (request.getParameter("signed_request") != null)
{
signed_request = request.getParameter("signed_request");
//out.print("<br>signed_request: "+signed_request);
try
{
System.out.println("signed_request"+signed_request);
System.out.println("signed_request1");
fb_data = parse_signed_request(signed_request, secretKey);
}
catch(Exception e)
{
System.out.println("error"+e);
}
}
public static Map parse_signed_request(String input, String secret) throws Exception {
return parse_signed_request(input, secret, 3600);
}
public static Map parse_signed_request(String input, String secret, int max_age) throws Exception {
String[] split = input.split("[.]", 2);
String encoded_sig = split[0];
String encoded_envelope = split[1];
JSONParser parser = new JSONParser();
Map envelope = (Map) parser.parse(new String(base32_url_decode(encoded_envelope)));
String algorithm = (String) envelope.get("algorithm");
if (!algorithm.equals("HMAC-SHA256")) {
throw new Exception("Invalid request. (Unsupported algorithm.)");
}
if (((Long) envelope.get("issued_at")) < System.currentTimeMillis() / 1000 - max_age) {
throw new Exception("Invalid request. (Too old.)");
}
byte[] key = secret.getBytes();
SecretKey hmacKey = new SecretKeySpec(key, "HMACSHA256");
Mac mac = Mac.getInstance("HMACSHA256");
mac.init(hmacKey);
byte[] digest = mac.doFinal(encoded_envelope.getBytes());
if (!Arrays.equals(base32_url_decode(encoded_sig), digest)) {
throw new Exception("Invalid request. (Invalid signature.)");
}
return envelope;
}
Use base64 method to decode the JSON object. No need to modify it to base32 as it has no co-relation with the O.S. architecture.
Correcting the flaw:
Map envelope = (Map) parser.parse(new String(base64_url_decode(encoded_envelope)));