[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Handle-info] Authentication HS_SECKEY/PUBKEY via Authorization:Handle

Hi there!.


I'm trying to use REST API through Java Http-request but so far I'm doing something wrong because I'm not able to do it. I think the error is related with the encryption algorithms/libs.


Here is what I do, considering I would like to authenticate in the Handle 55555/ADMIN, with the password "admin".


1º Make a Authorization basic request to get the 401 response code, getting the sessions id and the nonce parameters:


WWW-Authenticate   Basic realm="handle"
WWW-Authenticate   Handle sessionId="1tqk8ujryccel1y0hmtguqxjct", nonce="0K8M9tweMjqguVkD7NGtWA==", error="Identity not verified"

2º Now, taking sessionId and the nonce, construct the new authorization request with the different parameters specified in the documentation:
2.1- sessionId = "1tqk8ujryccel1y0hmtguqxjct" (match session id get in the first request)
2.2- id="300:55555/ADMIN" 
In this point, y already use id="300%3A55555/ADMIN" but doesn't work
2.3. type="HS_SECKEY"
2.4. cnonce = "sCXDGrQTeYTL+LMhTPTJpw=="

I used this source code to generate cnonce, using bouncycastel lib to get the cnonce Base64 string:
byte[] b = new byte[16];
 new Random().nextBytes(b);
 String cnonce=org.bouncycastle.util.encoders.Base64.toBase64String(b);
2.5. alg = "SHA1"
2.6. signature =jgrVoaw8D4MI3QROaRWoEDzyVEY="

For the signature I tried different strings:
String aux = password.concat(header.getNonce()).concat(header.getCnonce()).concat(password);
String aux2 = password+"+"+header.getNonce()+"+"+header.getCnonce()+"+"+password;
String aux3 = password+header.getNonce()+header.getCnonce()+password;
 I already tried concatenating the bytes of each string:
ByteArrayOutputStream outputStream = new ByteArrayOutputStream( );
outputStream.write(password.getBytes(Common.DEFAULT_ENCODING));
outputStream.write(header.getNonce().getBytes(Common.DEFAULT_ENCODING));
outputStream.write(header.getCnonce().getBytes(Common.DEFAULT_ENCODING));
outputStream.write(password.getBytes(Common.DEFAULT_ENCODING));
And finally, the application of SHA1 using bouncycastle lib to one of the previous strings (aux,aux2, aux3):
SHA1Digest digest = new SHA1Digest();

digest.update(t.getBytes(Common.DEFAULT_ENCODING), 0, t.getBytes().length);
byte[] digestOctets = new byte[digest.getDigestSize()];
digest.doFinal(digestOctets, 0);

return org.bouncycastle.util.encoders.Base64.toBase64String(digestOctets);
Returning the String that represents the signature showed above.
Making this request I get again not just 401 error code, I already get a new sessionId and a new nonce parameter.
Any idea? Probably one the encryptiong methods that I'm using isn't the right one?
Best regards!


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info