How do you sign a header using MAC Access Authentication on Android?

2018-06-16 23:27:40

I'm trying to sign an http header using the MAC Access Authentication on Android. I'm using the IETF draft #2 as located here:

http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02 (1)

Using the draft's example, the variables are:

   MAC key identifier: h480djs93hd8
   MAC key: 489dks293j39
   MAC algorithm: hmac-sha-1
   Timestamp: 1336363200
   Nonce: dj83hs9s

the following is the normalized string:

 1336363200n
 dj83hs9sn
 GETn
 /resource/1?b=1&a=2n
 example.comn
 80n
 n

I using the following method to encode the mac header:

private String calculateMAC(final String macAlgorithm, final String normalizedString, final String keyString) {
    try {
        final SecretKeySpec keySpec = new SecretKeySpec((keyString).getBytes("UTF-8"), macAlgorithm);
        final Mac mac = Mac.getInstance(macAlgorithm);
        mac.init(keySpec);

        return Base64.encodeToString(mac.doFinal(normalizedString.getBytes("UTF-8")), Base64.NO_WRAP);
    } catch (final Exception e) {
        Log.e("Error", e.toString());
        return null;
    }
}

The problem I have is that the draft says that the resulting MAC is " bhCQXTVyfj5cmA9uKkPFx1zeOXM= ". But whatever I'm trying (different encoding, difference library, etc), I always have " 6T3zZzy2Emppni6bzL7kdRxUWL4= ". Why??

(1) The latest draft (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-03) does not have an example. So it's harder to follow.

I tried the same example on two different platforms (php and C#) and it appear that the example is incorrect (it is a draft after all). The correct output really is " 6T3zZzy2Emppni6bzL7kdRxUWL4= ".

Other have seen the same issue

链接地址: http://www.djcxy.com/p/48010.html

上一篇: OAuth2.0隐式授予流程。为什么使用url散列碎片？

下一篇: 如何在Android上使用MAC访问验证签名标题？