HMACSHA1 in Rails - strange result

StackOverflow https://stackoverflow.com/questions/15386122

  •  23-03-2022
  •  | 
  •  

Question

I am trying to implement Single Sign On feature for Disquss. Disquss has a test console, which enables us to quickly test the values. First, we made sure that we got the hard coded values to work with the console, so we are certain we understand Disquss requirements. Next, we wanted to implement the same thing in rails, but we got issue here.

Problem is in the fact that ruby is not generating expected values, in fact it generates junk, which is totally different form the expected values:

THis is from Disquss manual:

The message body (Base64-encoded)

The message body must include the following case sensitive properties unless noted otherwise:

id - any unique user ID associated with that account within your user database. This will be used to generate a unique username to reference in the Disqus system. IDs must be completely unique; if you're using multiple datastores locally, for example, make sure not to re-use IDs when passing them to Disqus as that will result in account conflicts.
username - The displayed name for that account
email - The registered email address for that account
avatar (optional) - A link to that user's avatar
url (optional) - A link to the user's website

HMAC-SHA1 signature

Generated using HMAC->SHA1(secret_key, message + ' ' + timestamp)

Following that example we devised thew following rails code (it is still in testing phase, hence the puts):

secret_key = "12312312312312312312312312312312312312312312312312"
  digest  = OpenSSL::Digest::Digest.new('sha1')
  puts  @disqus_timestamp = Date.today.to_time.to_i
  puts  @disqus_serializer_message = {"id"=> session[:frontend_user].to_s,"username"=>@fuser.username,"email"=>@fuser.email }.to_json
  puts  @disqus_message = Base64.encode64(@disqus_serializer_message)      
  puts  @disqus_signature  = OpenSSL::HMAC.digest(digest,secret_key,@disqus_message + ' '+ @disqus_timestamp.to_s )
  puts  @sso_payload = ""
  puts "END"

We should get three values: 1. JSON serialized in format such as:

eyJ1c2VybmFtZSI6InZlZHJhbiBtYXJpY2V2aWMiLCJpZCI6IjgiLCJlbWFp bCI6IndleC5hbHBoYUBnbWFpbC5jb20ifQ==

Json Works

  1. Computed HMAC: We are getting this type of format:

5œ[ƒmò Ø™`Õ„Öù©≠∆8

but we should be getting something in this format:

4683eff451100191c60d2a0f0e72f3a6d15db950

I tried different things, but to no avail. What might be the problem?

Was it helpful?

Solution

OpenSSL::HMAC.digest outputs the raw bytes, whereas you appear to want the hexadecimal representation

OpenSSL::HMAC.hexdigest will output in hex format. You can of course convert it yourself too:

arbitary_data.unpack('H*').first

will hex-encode all the bytes.

OTHER TIPS

I was having similar problems, and using the Disqus SSO Debuger at http://disqus.com/api/sso/ I determined that the message was getting a line break added when doing the Base64 encoding.

Referencing base64 encode length parameter

I changed 

puts  @disqus_message = Base64.encode64(@disqus_serializer_message)

to

puts  @disqus_message = Base64.strict_encode64(@disqus_serializer_message)

And now its working just fine.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top