B4J Question Hash on nonce

[Pedro Caldeira]

Hello,
I have a Key : u7crun6Qk4g4z0qxJRAWGA==

I need to calculate a Hash of a Key like the one above to sign a Http Service authorization (SetHeader)

the Manual says:

X-ServiceAuthorization
Hash(base 64) of the nonce that was retrieved from the previous response
(hmac_sha1(<nonce>,<key supplied by SoftwareHouse>))

Help on how to do his would be appreciated

 

[Knoppi]

Your sha-1 hash for your key is 0fd29bd65a2bea6b664996e43ebbb273a55436d4
http://www.passwort-generator.org/hashgenerator.html

per code, have a look here https://www.b4x.com/android/forum/threads/cryptography-md5-sha-1-inline-java-code.52071/#content
it should also run under b4j

 

[Pedro Caldeira]

I get en error on compiling

error: package android.text does not exist
import android.text.TextUtils;

 

[Knoppi]

sorry, i havnt seen this line

import android.text.TextUtils;

 

[Knoppi]

I have modify the code
try this

Sub Process_Globals
    Private fx As JFX
    Private MainForm As Form
    Dim nativeMe As JavaObject
End Sub

Sub AppStart (Form1 As Form, Args() As String)  
    nativeMe = Me
    Dim stringToConvert As String
    stringToConvert = "This is a Security Util"

    Dim logstring As String

    logstring = nativeMe.RunMethod("getMD5",Array(stringToConvert))
    Log(logstring)
  
    logstring = nativeMe.RunMethod("getSHA1",Array(stringToConvert))
    Log(logstring)

End Sub

'Return true to allow the default exceptions handler to handle the uncaught exception.
Sub Application_Error (Error As Exception, StackTrace As String) As Boolean
    Return True
End Sub

#If Java

import java.security.MessageDigest;
import java.util.Locale;

    public static String getMD5(String text) {
        String md5 = null;
        if (text=="") {
            return md5;
        }
        MessageDigest md5Digest = null;
        try {
            md5Digest = MessageDigest.getInstance("MD5");
        } catch (Exception e) {
            e.printStackTrace();
            return md5;
        }
        char[] charArray = text.toCharArray();
        byte[] byteArray = new byte[charArray.length];

        for (int index = 0; index < charArray.length; index++) {
            byteArray[index] = (byte) charArray[index];
        }

        byte[] md5Bytes = md5Digest.digest(byteArray);
        StringBuffer hexValue = new StringBuffer();

        for (int index = 0; index < md5Bytes.length; index++) {
            int val = ((int) md5Bytes[index]) & 0xff;
            if (val < 16) {
                hexValue.append("0");
            }
            hexValue.append(Integer.toHexString(val));
        }

        md5 = hexValue.toString();
        return md5;
    }

    public static String bytes2Hex(byte[] bytes) {
        String hs = "";
        String stmp = "";
        for (int n = 0; n < bytes.length; n++) {
            stmp = (Integer.toHexString(bytes[n] & 0XFF));
            if (stmp.length() == 1) {
                hs += "0" + stmp;
            } else {
                hs += stmp;
            }
        }
        return hs.toLowerCase(Locale.ENGLISH);
    }

    public static String getSHA1(String text) {
        String sha1 = null;
        if (text=="") {
            return sha1;
        }
        MessageDigest sha1Digest = null;
        try {
            sha1Digest = MessageDigest.getInstance("SHA-1");
        } catch (Exception e) {
            return sha1;
        }
        byte[] textBytes = text.getBytes();
        sha1Digest.update(textBytes, 0, text.length());
        byte[] sha1hash = sha1Digest.digest();
        return bytes2Hex(sha1hash);
    }
#End If

 

[Pedro Caldeira]

It works.
Thanks

 

[Pedro Caldeira]

It works, but the output is not the same.
I have to mimic this. Can I do it in directly in B4J ?


Key supplied by PIE : u7crun6Qk4g4z0qxJRAWGA==

nonce : QizYxctgAj5TNxMQPLeaQg==

to obtain a new authorization Key

echo -n "QizYxctgAj5TNxMQPLeaQg==" | base64 -d \
| openssl dgst -sha1 -mac HMAC -macopt hexkey:"$(echo -n <key supplied by PIE> | base64 -d|xxd -p)" -binary \
| base64

Result : d+QeJkFLpbm2U67bWpwadZqwi9w=

 

[Knoppi]

I can not reproduce the result
my xxd knows only the parameter -ps not -p
it is possible to get a few steps between

1. decode the KeyPie with base64 ___ echo -n <key supplied by PIE> | base64 -d
   
2. something with xxd _____________ xxd -p
   
3. get SHA1 in binary format ________ openssl dgst -sha1 ... -binary
   
4. encode with base64 _____________ base64

 

[Knoppi]

I have found another variation for sha1 in the community

Sub GetSha1( Text As String) As String
    'Libs:
    'ByteConverter 1.10
    'Encryption    1.10    (from B4A, works with B4J)
    'https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/#content

    Dim md As MessageDigest
    Dim ByteCon As ByteConverter

    Dim passwordhash() As Byte
    passwordhash = md.GetMessageDigest( Text.GetBytes("UTF8"), "SHA1")

    Dim sha1string As String
    sha1string = ByteCon.HexFromBytes( passwordhash)

    Return sha1string
End Sub

 

[Pedro Caldeira]

what lib do i use for MessageDigest ?

 

[Knoppi]

'Encryption    1.10    (from B4A, works with B4J)

 

[Pedro Caldeira]

it does return a hash,but according to the example i have to supply both keys, right ?
the nonce and the Key supplied by PIE.
and it returns a key different from the format in the example.
How do I solve it ?

 

[Knoppi]

i think you need a sha-1_base64 hash, but i'm not sure.
in jStringUtils are the methods DecodeBase64 and EncodeBase64
I can not reproduce your result. see post #8

In the worst case, you must use jShell and read the hash from the terminal.

 

[Pedro Caldeira]

thats what i am going to do.
I am creating a script in bash to get the http data with curl and use openssl to generate the hash, then i just read the file with the data