Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with HMAC created using Crypto-JS #1

Open
PradeepAnde opened this issue Jun 7, 2016 · 3 comments
Open

Issue with HMAC created using Crypto-JS #1

PradeepAnde opened this issue Jun 7, 2016 · 3 comments

Comments

@PradeepAnde
Copy link

Hi,
We are using Crypto-js to create HMAC and send the request to the Proxy.

The HMAC which is created using JAVA "hmac-edge-callout.jar" is different.

       data = CryptoJS.enc.Utf8.parse(data);
        var hashSign = CryptoJS.HmacSHA512(data, apiSecret);

var buffer = new Buffer(hashSign);
var toBase64 = buffer.toString('base64');
@DinoChiesa
Copy link
Collaborator

Is it an HMAC 512 in the server? I think it might be HMAC 256. Can you check?

-DC

On Jun 6, 2016, at 8:30 PM, PradeepAnde [email protected] wrote:

Hi,
We are using Crypto-js to create HMAC and send the request to the Proxy.

The HMAC which is created using JAVA "hmac-edge-callout.jar" is different.

   data = CryptoJS.enc.Utf8.parse(data);
    var hashSign = CryptoJS.HmacSHA512(data, apiSecret);

var buffer = new Buffer(hashSign);
var toBase64 = buffer.toString('base64');


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@DinoChiesa
Copy link
Collaborator

I should have mentioned:

I've used crypto-JS in multiple different clients against this code and it works.
But you need to make sure the bit strength is correct on both sides.

-DC

On Jun 6, 2016, at 8:30 PM, PradeepAnde [email protected] wrote:

Hi,
We are using Crypto-js to create HMAC and send the request to the Proxy.

The HMAC which is created using JAVA "hmac-edge-callout.jar" is different.

   data = CryptoJS.enc.Utf8.parse(data);
    var hashSign = CryptoJS.HmacSHA512(data, apiSecret);

var buffer = new Buffer(hashSign);
var toBase64 = buffer.toString('base64');


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@PradeepAnde
Copy link
Author

PradeepAnde commented Jun 7, 2016
edited
Loading

We are using SHA512. Below is the code. Can you please post cryptoJS code.

We are creating HMAC using crypto-JS and sending the request to Proxy. We have created a Java call out using "hmac-edge-callout.jar" to verify the HMAC.

I am new to APIGEE, any suggestions will be helpful. Please find below code.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout async="false" continueOnError="false" enabled="false" name="JC-Verify-HMAC">
    <DisplayName>JC Verify HMAC</DisplayName>
    <Properties>
        <!-- name of the variable that holds the key //{verifyapikey.verify-api-key.client_secret}-->
        <Property name="key">{.client_secret}</Property>
        <Property name="algorithm">SHA-512</Property>
        <Property name="string-to-sign"> {request.verb}{client.scheme}://{request.header.host}{message.uri}{request.content}</Property>
        <Property name="hmac-base64">{request.header.Authorization}</Property>
        <Property name="debug">true</Property>
    </Properties>
    <FaultRules>
        <FaultRule name="rule1">
            <Step>
                <Name>RF-invalid-hmac</Name>
            </Step>
            <Condition>hmac.error != null</Condition>
        </FaultRule>
    </FaultRules>
    <ClassName>com.apigee.callout.hmac.HmacCreatorCallout</ClassName>
    <ResourceURL>java://hmac-edge-callout.jar</ResourceURL>
</JavaCallout>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DinoChiesa @PradeepAnde