Iam having a fun time with implementing SHA1 and HMAC methods in a iPhone Applecation. I need to access a webservice(which i do not controll) and they require both SHA1 and HMAC encryption.
For my SHA1 in base64 I use the following approach.
-(NSString*)sha1ith64Base:(NSString *)stringtoencode
{
unsigned char result[CC_SHA1_DIGEST_LENGTH];
const char *cStr = [stringtoencode UTF8String];
CC_SHA1(cStr, strlen(cStr), result);
NSData *pwHashData = [[NSData alloc] initWithBytes:result l开发者_JAVA百科ength: sizeof result];
NSString *base64 = [Base64 encode:pwHashData];
NSLog(@"SHA1 in base64 %@",base64);
return base64;
}
For my HMAC I am using the following approach:
- (NSString *) encodeWithHmacsha1:(NSString *)k0:(NSString*)m0
{
const char *cKey = [k0 cStringUsingEncoding:NSASCIIStringEncoding];
const char *cData = [m0 cStringUsingEncoding:NSASCIIStringEncoding];
unsigned char cHMAC[CC_SHA1_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA1, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
NSString *s = [NSString stringWithFormat:
@"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
cHMAC[0], cHMAC[1], cHMAC[2], cHMAC[3], cHMAC[4],
cHMAC[5], cHMAC[6], cHMAC[7],
cHMAC[8], cHMAC[9], cHMAC[10], cHMAC[11], cHMAC[12],
cHMAC[13], cHMAC[14], cHMAC[15],
cHMAC[16], cHMAC[17], cHMAC[18], cHMAC[19]
];
NSLog(@"HMAC in hex %@",s);
return s;
}
But my actually question is there any way I can test these methods locally and not up gainst the webservice - so I can rule out errors from the wbservice.
regards
SOLVED: for testing my implementations I use the following method - hopes this can help someone, one day.
-(void)testEncryptions
{
NSString *key = @"Jefe";
NSString *data = @"what do ya want for nothing?";
NSString *digestAnswerHMAC =@"effcdf6ae5eb2fa2d27416d5f184df9c259a7c79";
NSString *digestAnswerSHA1HEX =@"cb5551f403fac5fd3d6d1b6329993c3848c468ce";
NSString *disgest64base=@"SmVmZQ==";
NSData *stringBytes = [key dataUsingEncoding: NSUTF8StringEncoding];
NSString *hash = [Base64 encode:stringBytes];
//////
NSLog(@"testing encryptions");
NSLog(@"testing HMAC encryptions is :%@ should be :%@",[self encodeWithHmacsha1:key :data],digestAnswerHMAC);
NSLog(@"testing SHA1 in HEX encryption is :%@ should be :%@",[self sha1:key],digestAnswerSHA1HEX);
NSLog(@"testing base64 is :%@ should be :%@",hash,disgest64base);
NSLog(@"testing sha1 in 64 1234 is %@ and should be cRDtpNCeBiql5KOQsKVyrA0sAiA=",[self sha1ith64Base:@"1234"]);
}
In order to test your key hashing methods you will need to establish a known set of test data. That way you know what the expected output will be based on some matching input. You can get a lot of different standard test data from RFC2202
Testing your implementations would therefore be easily handled by a few unit tests which compares these well-known data sets.
If you want to test that you are actually encoding the query to the webservice and handling the response correctly you could look into some kind of stub or mock testing. Again you will need to establish a known set of input data and expected output.
Once you have this reference test set you can implement a custom NSURLProtocol which will act as the real webservice but instead provide you with the "reference" response. I have a detailed description of this topic on my blog:
- UsingNSURLProtocol for Injecting Test Data
精彩评论