List of usage examples for org.apache.commons.codec.digest HmacUtils hmacSha1Hex
public static String hmacSha1Hex(final String key, final String valueToDigest)
From source file:com.rockagen.gnext.tool.Crypto.java
/** * Hmac with sha256 hex/* w ww .j a v a 2 s .co m*/ * @param key key * @param value value * @return hmac String */ public static String hmacSha256Hex(String key, String value) { checkArguments(key, value); return HmacUtils.hmacSha1Hex(key, value); }
From source file:com.rockagen.gnext.tool.Crypto.java
/** * Hmac with sha1 hex/*ww w. ja va 2 s . c o m*/ * @param key key * @param value value * @return hmac String */ public static String hmacSha1Hex(String key, String value) { checkArguments(key, value); return HmacUtils.hmacSha1Hex(key, value); }
From source file:com.searchcode.app.service.ApiService.java
/** * Validates a request made to the API against the public key supplied, the hmac supplied and the * query string itself.// w w w. j av a2 s .c om * http://stackoverflow.com/questions/11830338/web-api-creating-api-keys * http://stackoverflow.com/questions/6312544/hmac-sha1-how-to-do-it-properly-in-java * http://stackoverflow.com/questions/3208160/how-to-generate-an-hmac-in-java-equivalent-to-a-python-example?rq=1 * */ public boolean validateRequest(String publicKey, String hmac, String query, HmacType hmacType) { ApiResult apiResult = this.api.getApiByPublicKey(publicKey); if (apiResult == null) { return false; } String myHmac; switch (hmacType) { case SHA512: myHmac = HmacUtils.hmacSha512Hex(apiResult.getPrivateKey(), query); break; default: myHmac = HmacUtils.hmacSha1Hex(apiResult.getPrivateKey(), query); break; } return myHmac.equals(hmac); }
From source file:com.netflix.spinnaker.echo.pipelinetriggers.monitor.GitEventMonitor.java
private boolean hasValidGitHubSecureSignature(TriggerEvent event, Trigger trigger) { val headers = event.getDetails().getRequestHeaders(); if (!headers.containsKey(GITHUB_SECURE_SIGNATURE_HEADER)) { return true; }/* w w w . j av a2 s . c o m*/ String header = headers.getFirst(GITHUB_SECURE_SIGNATURE_HEADER); log.debug("GitHub Signature detected. " + GITHUB_SECURE_SIGNATURE_HEADER + ": " + header); String signature = StringUtils.removeStart(header, "sha1="); String triggerSecret = trigger.getSecret(); if (StringUtils.isEmpty(triggerSecret)) { log.warn("Received GitEvent from Github with secure signature, but trigger did not contain the secret"); return false; } String computedDigest = HmacUtils.hmacSha1Hex(triggerSecret, event.getRawContent()); // TODO: Find constant time comparison algo? boolean digestsMatch = signature.equalsIgnoreCase(computedDigest); if (!digestsMatch) { log.warn("Github Digest mismatch! Pipeline NOT triggered: " + trigger); log.debug("computedDigest: " + computedDigest + ", from GitHub: " + signature); } return digestsMatch; }
From source file:com.netflix.spinnaker.echo.pipelinetriggers.eventhandlers.GitEventHandler.java
private boolean hasValidGitHubSecureSignature(GitEvent gitEvent, Trigger trigger) { String header = gitEvent.getDetails().getRequestHeaders().getFirst(GITHUB_SECURE_SIGNATURE_HEADER); log.debug("GitHub Signature detected. " + GITHUB_SECURE_SIGNATURE_HEADER + ": " + header); String signature = StringUtils.removeStart(header, "sha1="); String computedDigest = HmacUtils.hmacSha1Hex(trigger.getSecret(), gitEvent.getRawContent()); // TODO: Find constant time comparison algo? boolean digestsMatch = signature.equalsIgnoreCase(computedDigest); if (!digestsMatch) { log.warn("Github Digest mismatch! Pipeline NOT triggered: " + trigger); log.debug("computedDigest: " + computedDigest + ", from GitHub: " + signature); }//w w w . jav a 2 s. c o m return digestsMatch; }