I have written a util class in Java for webservice call. My util class creates the password digest required for a web service call. This digest password is made up of: A digest password generated with the following algorithm: base64Encode(sha1Hash(<Nonce><TimeStamp><Secret>))
My generated password does not equal to the generated password from the vendor's tool which uses the same algorithm (I don't have access to their code so I am not sure how that is implemented). I am not sure if I did something wrong, can someone look over my code and see if I did something wrong with SHA1 encryption or Base64 encoding. Thanks for your help! Below is my code:
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Base64;
public class OminitureWSUtil {
private static MessageDigest SHA1;
static {
try {
SHA1 = MessageDigest.getInstance("SHA1");
} catch(NoSuchAlgorithmException nae) {
throw new RuntimeException(nae);
}
}
static class OmniturePasswordDigest {
private final String timestamp;
private final String nonce;
private final String secret;
private String password;
public OmniturePasswordDigest(String secret) {
Calendar c = GregorianCalendar.getInstance(TimeZone.getTimeZone("GMT+0"));
c.setTime(new Date());
//timestamp = DatatypeConverter.printDateTime(c);
//nonce = UUID.randomUUID().toString().replace("-", "");
timestamp = "2011-01-26T20:10:56Z";
nonce = "MTkyMTYwZWMzMjIzZGJmYzNiYmE5M2E5";
this.secret = secret;
}
public String getTimestamp() {
return timestamp;
}
public String getNonce() {
return nonce;
}
public String generatePassword() {
if(password == null) {
String beforeEncryption = nonce+timestamp+secret;
System.out.println("befor开发者_JAVA技巧e encryption, encoding: " + beforeEncryption);
try {
SHA1.reset();
byte[] toEncrypt = beforeEncryption.getBytes("UTF-8");
//SHA1.update(toEncrypt, 0, toEncrypt.length);
SHA1.update(beforeEncryption.getBytes());
} catch (UnsupportedEncodingException uee) {
throw new RuntimeException(uee);
}
byte[] encryptedRaw = SHA1.digest();
byte[] encoded = Base64.encodeBase64(encryptedRaw);
try {
password = new String(encoded, "UTF-8");
} catch (UnsupportedEncodingException uee) {
throw new RuntimeException(uee);
}
}
return password;
}
}
public static OmniturePasswordDigest generatePasswordDigest(String secret) {
return new OmniturePasswordDigest(secret);
}
public static void main(String[] args) {
OmniturePasswordDigest opd = generatePasswordDigest("1779ab07fb93a01e3d4a6ee174124b91");
System.out.println("nonce: " + opd.getNonce());
System.out.println("timestamp: " + opd.getTimestamp());
System.out.println("password: " + opd.generatePassword());
if("Lr+m+/6y3XUxvjd8Rtn75gqn/b4=".equals(opd.generatePassword())) {
System.out.println("all good");
} else {
System.out.println("generated password is not the same, it should be: " +
"Lr+m+/6y3XUxvjd8Rtn75gqn/b4=");
}
}
}
Race of SHA1 visible from miles away. Change the code like that:
-SHA1.reset();
+MessageDigest SHA1= (MessageDigest) OminitureWSUtil.SHA1.clone();
Reset is just not what you need; Clone is intended for such cases.
btw, throwing any exception in the class init (static{}) kills the class and partly any other class referencing that class (so the entire [web]application). It's a bad practice, since the exception (java.lang.ExceptionInInitializerError) may get trapped somewhere.
I'm guessing this is for the REST Api for Omniture? There is a working example on there site. However, your code does look right at first glance.
https://developer.omniture.com/java_rest_api
Also I don't know how you are going to use this class but SHA1 is not thread safe and if multiple thing calls generatePassword() you'll get some unexpected behavior.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论