Trying to use ColdFusion to create HMAC-SHA1 hash for API authentication

Question

I am at my wit's end on this one, I just can't find the right combination of code to make this work. I'm trying to create an authentication digest for an API query. I've tried many CFML functions (for example: Coldfusion HMAC-SHA1 encryption and HMAC SHA1 ColdFusion), but I'm not coming up with the same results that are cited in the API documentation. Here's that example (basically elements of the request header with line breaks as delimiters.):

application/xml\nTue, 30 Jun 2009 12:10:24 GMT\napi.summon.serialssolutions.com\n/2.0.0/search\ns.ff=ContentType,or,1,15&s.q=forest\n

and here's the key:

ed2ee2e0-65c1-11de-8a39-0800200c9a66

which according to the documentation should result in:

3a4+j0Wrrx6LF8X4iwOLDetVOu4=

when the HMAC hash is converted to Base64. Any ideas would be most appreciated!

Answer 1

The problem is your input string, not the functions. The first one works fine. Though I would change the charset to UTF-8, or make it an argument. Otherwise, the results are dependent on the jvm default, which may not always be correct, and can change which would break the code.

Verify you are constructing the sample string correctly. Are you using chr(10) for new lines? Note: It must also end with a new line.

Code:

<cfscript>
    headers = [ "application/xml"
                    , "Tue, 30 Jun 2009 12:10:24 GMT"
                    , "api.summon.serialssolutions.com"
                    , "/2.0.0/search"
                    , "s.ff=ContentType,or,1,15&s.q=forest"
                ];
    theText = arrayToList(headers, chr(10)) & chr(10);
    theKey = "ed2ee2e0-65c1-11de-8a39-0800200c9a66";
    theHash = binaryEncode( hmacEncrypt(theKey, theText), "base64");
    writeDump(theHash);
</cfscript>

Result:

3a4+j0Wrrx6LF8X4iwOLDetVOu4=