Send an HTTP Request with Oauth Authorisation (HMAC)

Hi guys, have asked this question on the new forum too but not really sure its up and kicking too much yet?

Basically i have have a sketch that uploads a file to my Wordpress site using an HTTP Post Request, the process uses basic access authentication (Basic Auth). Now i know this is not the most secure way of completing this so i would like to use OAuth 1 authorisation instead. I have everything setup in WordPress on the server side and have most of the required parameters, the only one that is proving a problem is the request HMAC-SHA1 signature. From what i have read i should be able to import a combo of Java libraries and make use of something similar to this code on github (first and last examples).

import java.security.SignatureException;
import java.util.Base64;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

public class HMAC_SHA1 {
    public static String Signature(String xData, String AppKey) throws java.security.SignatureException {
        try {
            final Base64.Encoder encoder = Base64.getEncoder();
            // get an hmac_sha1 key from the raw key bytes
            SecretKeySpec signingKey = new SecretKeySpec(AppKey.getBytes("UTF-8"),"HmacSHA1");

            // get an hmac_sha1 Mac instance and initialize with the signing key
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(signingKey);

            // compute the hmac on input data bytes
            byte[] rawHmac = mac.doFinal(xData.getBytes("UTF-8"));
            String result = encoder.encodeToString(rawHmac);
            return result;

        } catch (Exception e) {
            throw new SignatureException("Failed to generate HMAC : "+ e.getMessage());
        }
    }
}

Only issue here is i cant figure out how to do that sadly. I have imported the required .jar files into my sketch and have copied over the code from github but after staring at it for ages i just cant figure out how i would use the HMAC_SHA1 class in my sketch with the variables/parameters i have already. I think i already have the xData and AppKey information if that makes any sense.

Any help would be really appreciated although i realise it’s a big ask, not your normal sort of processing thing.

Cheers

Answers

  • Answer ✓

    the signatures suggest

    String signature = HMAC_SHA1.Signature(xdata, appKey);
    

    if that's even what you're asking

  • Thanks koogs, that's pretty much it, i was close but not quite there.

    After trawling through the internet ive found some other info that might offer a simpler more understandable solution, im going to give that a try to see what i can do and then test it out.

  • The HMAC_SHA1 class does throw up an error while doing that though...

    the method signature cannot be declared static; static methods can only be declared a static or top level type

    While for the signature String i get the error:

    Unhandled exception type SignatureException

  • edited May 2018

    In order to have static members in your nested class HMAC_SHA1, you need to declare it static too. L-)

    Or move it to a separate ".java" tab file, so it becomes a top-level instead; which is implicitly static already. :ar!

  • Thanks GoToLoop. Will give it a try this evening, my current alternate method doesnt seem to be bearing fruit and it may be to do with the way the signature is being constructed using HMAC-SHA1. Will see what i can do.

Sign In or Register to comment.