Java Code Examples for org.apache.commons.codec.digest.HmacUtils#hmacSha1Hex()
The following examples show how to use
org.apache.commons.codec.digest.HmacUtils#hmacSha1Hex() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: GitEventHandler.java From echo with Apache License 2.0 | 6 votes |
|
private boolean hasValidGitHubSecureSignature(GitEvent gitEvent, Trigger trigger) {
String header =
gitEvent.getDetails().getRequestHeaders().get(GITHUB_SECURE_SIGNATURE_HEADER).get(0);
log.debug("GitHub Signature detected. " + GITHUB_SECURE_SIGNATURE_HEADER + ": " + header);
String signature = StringUtils.removeStart(header, "sha1=");
String computedDigest = HmacUtils.hmacSha1Hex(trigger.getSecret(), gitEvent.getRawContent());
// TODO: Find constant time comparison algo?
boolean digestsMatch = signature.equalsIgnoreCase(computedDigest);
if (!digestsMatch) {
log.warn("Github Digest mismatch! Pipeline NOT triggered: " + trigger);
log.debug("computedDigest: " + computedDigest + ", from GitHub: " + signature);
}
return digestsMatch;
}
Example 2
| Source File: COSSigner.java From markdown-image-kit with MIT License | 4 votes |
|
public String buildAuthorizationStr(HttpMethodName methodName, String resouce_path,
Map<String, String> headerMap, Map<String, String> paramMap, COSCredentials cred,
Date expiredTime) {
if (isAnonymous(cred)) {
return null;
}
Map<String, String> signHeaders = buildSignHeaders(headerMap);
// 签名中的参数和http 头部 都要进行字符串排序
TreeMap<String, String> sortedSignHeaders = new TreeMap<>();
TreeMap<String, String> sortedParams = new TreeMap<>();
sortedSignHeaders.putAll(signHeaders);
sortedParams.putAll(paramMap);
String qHeaderListStr = buildSignMemberStr(sortedSignHeaders);
String qUrlParamListStr = buildSignMemberStr(sortedParams);
String qKeyTimeStr, qSignTimeStr;
qKeyTimeStr = qSignTimeStr = buildTimeStr(expiredTime);
String signKey = HmacUtils.hmacSha1Hex(cred.getCOSSecretKey(), qKeyTimeStr);
String formatMethod = methodName.toString().toLowerCase();
String formatUri = resouce_path;
String formatParameters = formatMapToStr(sortedParams);
String formatHeaders = formatMapToStr(sortedSignHeaders);
String formatStr = new StringBuilder().append(formatMethod).append(LINE_SEPARATOR)
.append(formatUri).append(LINE_SEPARATOR).append(formatParameters)
.append(LINE_SEPARATOR).append(formatHeaders).append(LINE_SEPARATOR).toString();
String hashFormatStr = DigestUtils.sha1Hex(formatStr);
String stringToSign = new StringBuilder().append(Q_SIGN_ALGORITHM_VALUE)
.append(LINE_SEPARATOR).append(qSignTimeStr).append(LINE_SEPARATOR)
.append(hashFormatStr).append(LINE_SEPARATOR).toString();
String signature = HmacUtils.hmacSha1Hex(signKey, stringToSign);
String authoriationStr = new StringBuilder().append(Q_SIGN_ALGORITHM_KEY).append("=")
.append(Q_SIGN_ALGORITHM_VALUE).append("&").append(Q_AK).append("=")
.append(cred.getCOSAccessKeyId()).append("&").append(Q_SIGN_TIME).append("=")
.append(qSignTimeStr).append("&").append(Q_KEY_TIME).append("=").append(qKeyTimeStr)
.append("&").append(Q_HEADER_LIST).append("=").append(qHeaderListStr).append("&")
.append(Q_URL_PARAM_LIST).append("=").append(qUrlParamListStr).append("&")
.append(Q_SIGNATURE).append("=").append(signature).toString();
return authoriationStr;
}
Example 3
| Source File: COSSigner.java From cos-java-sdk-v5 with MIT License | 4 votes |
|
public String buildPostObjectSignature(String secretKey, String keyTime, String policy) {
String signKey = HmacUtils.hmacSha1Hex(secretKey, keyTime);
String stringToSign = DigestUtils.sha1Hex(policy);
return HmacUtils.hmacSha1Hex(signKey, stringToSign);
}
Example 4
| Source File: COSSigner.java From cos-java-sdk-v5 with MIT License | 4 votes |
|
public String buildAuthorizationStr(HttpMethodName methodName, String resouce_path,
Map<String, String> headerMap, Map<String, String> paramMap, COSCredentials cred,
Date expiredTime) {
if (isAnonymous(cred)) {
return null;
}
Map<String, String> signHeaders = buildSignHeaders(headerMap);
// 签名中的参数和http 头部 都要进行字符串排序
TreeMap<String, String> sortedSignHeaders = new TreeMap<>();
TreeMap<String, String> sortedParams = new TreeMap<>();
sortedSignHeaders.putAll(signHeaders);
sortedParams.putAll(paramMap);
String qHeaderListStr = buildSignMemberStr(sortedSignHeaders);
String qUrlParamListStr = buildSignMemberStr(sortedParams);
String qKeyTimeStr, qSignTimeStr;
qKeyTimeStr = qSignTimeStr = buildTimeStr(expiredTime);
String signKey = HmacUtils.hmacSha1Hex(cred.getCOSSecretKey(), qKeyTimeStr);
String formatMethod = methodName.toString().toLowerCase();
String formatUri = resouce_path;
String formatParameters = formatMapToStr(sortedParams);
String formatHeaders = formatMapToStr(sortedSignHeaders);
String formatStr = new StringBuilder().append(formatMethod).append(LINE_SEPARATOR)
.append(formatUri).append(LINE_SEPARATOR).append(formatParameters)
.append(LINE_SEPARATOR).append(formatHeaders).append(LINE_SEPARATOR).toString();
String hashFormatStr = DigestUtils.sha1Hex(formatStr);
String stringToSign = new StringBuilder().append(Q_SIGN_ALGORITHM_VALUE)
.append(LINE_SEPARATOR).append(qSignTimeStr).append(LINE_SEPARATOR)
.append(hashFormatStr).append(LINE_SEPARATOR).toString();
String signature = HmacUtils.hmacSha1Hex(signKey, stringToSign);
String authoriationStr = new StringBuilder().append(Q_SIGN_ALGORITHM_KEY).append("=")
.append(Q_SIGN_ALGORITHM_VALUE).append("&").append(Q_AK).append("=")
.append(cred.getCOSAccessKeyId()).append("&").append(Q_SIGN_TIME).append("=")
.append(qSignTimeStr).append("&").append(Q_KEY_TIME).append("=").append(qKeyTimeStr)
.append("&").append(Q_HEADER_LIST).append("=").append(qHeaderListStr).append("&")
.append(Q_URL_PARAM_LIST).append("=").append(qUrlParamListStr).append("&")
.append(Q_SIGNATURE).append("=").append(signature).toString();
return authoriationStr;
}
