Exemple #1
   * This method implements the {@code P_SHA-1} function as defined in the <i>RFC 2246 - The TLS
   * Protocol Version 1.0 Section 5. HMAC and the pseudorandom function</i>:
   * <pre>
   * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
   *                        HMAC_hash(secret, A(2) + seed) +
   *                        HMAC_hash(secret, A(3) + seed) + ...
   * Where + indicates concatenation.
   * A() is defined as:
   *    A(0) = seed
   *    A(i) = HMAC_hash(secret, A(i-1))
   * </pre>
   * @param secret a {@code byte[]} that represents the HMAC secret.
   * @param seed a {@code byte[]} that represents the seed to be used.
   * @param requiredSize an {@code int} that specifies the size (in bytes) of the result.
   * @return a {@code byte[]} containing the result of the {@code P_SHA-1} function.
   * @throws NoSuchAlgorithmException if an error occurs while creating the {@code Mac} instance.
   * @throws InvalidKeyException if an error occurs while initializing the {@code Mac} instance.
  public static byte[] P_SHA1(byte[] secret, byte[] seed, int requiredSize)
      throws NoSuchAlgorithmException, InvalidKeyException {
    int offset = 0, copySize;
    byte[] result = new byte[requiredSize];
    byte[] A, partialResult;

    SecretKeySpec key = new SecretKeySpec(secret, "HMACSHA1");
    Mac mac = Mac.getInstance("HMACSHA1");

    // initialize A - A(0) = seed
    A = seed;
    while (requiredSize > 0) {
      // calculate the value of A()
      A = mac.doFinal();

      // now calculate HMAC_hash(secret, A + seed)
      partialResult = mac.doFinal();

      // copy the necessary bytes to the result.
      copySize = Math.min(requiredSize, partialResult.length);
      System.arraycopy(partialResult, 0, result, offset, copySize);
      offset += copySize;
      requiredSize -= copySize;
    return result;
Exemple #2
   * Returns a HMAC/SHA256 representation of the given string
   * @param data
   * @return
  private static String hmacsha256Representation(String data) {
    try {
      // Create the HMAC/SHA256 key from application secret
      final SecretKeySpec signingKey =
          new SecretKeySpec(pusherApplicationSecret.getBytes(), "HmacSHA256");

      // Create the message authentication code (MAC)
      final Mac mac = Mac.getInstance("HmacSHA256");

      // Process and return data
      byte[] digest = mac.doFinal(data.getBytes("UTF-8"));
      digest = mac.doFinal(data.getBytes());
      // Convert to string
      BigInteger bigInteger = new BigInteger(1, digest);
      return String.format("%0" + (digest.length << 1) + "x", bigInteger);
    } catch (NoSuchAlgorithmException nsae) {
      // We should never come here, because GAE has HMac SHA256
      throw new RuntimeException("No HMac SHA256 algorithm");
    } catch (UnsupportedEncodingException e) {
      // We should never come here, because UTF-8 should be available
      throw new RuntimeException("No UTF-8");
    } catch (InvalidKeyException e) {
      throw new RuntimeException("Invalid key exception while converting to HMac SHA256");
Exemple #3
  public void generateAndVerifySessionKey(
      ECPublicKey client_ephemeral_key,
      byte[] kdf_data,
      byte[] attestation_arguments,
      X509Certificate device_certificate,
      byte[] session_attestation)
      throws IOException {
    try {
      // SP800-56A C(2, 0, ECC CDH)
      KeyAgreement key_agreement = KeyAgreement.getInstance("ECDH");
      key_agreement.doPhase(client_ephemeral_key, true);
      byte[] Z = key_agreement.generateSecret();

      // The custom KDF
      Mac mac = Mac.getInstance(MACAlgorithms.HMAC_SHA256.getJCEName());
      mac.init(new SecretKeySpec(Z, "RAW"));
      session_key = mac.doFinal(kdf_data);

      if (device_certificate == null) {
        // Privacy enabled mode
        mac = Mac.getInstance(MACAlgorithms.HMAC_SHA256.getJCEName());
        mac.init(new SecretKeySpec(session_key, "RAW"));
        byte[] session_key_attest = mac.doFinal(attestation_arguments);

        // Verify that the session key signature is correct
        if (!ArrayUtil.compare(session_key_attest, session_attestation)) {
          throw new IOException("Verify attestation failed");
      } else {
        // E2ES mode
        PublicKey device_public_key = device_certificate.getPublicKey();

        // Verify that attestation was signed by the device key
        if (!new SignatureWrapper(
                device_public_key instanceof RSAPublicKey
                    ? AsymSignatureAlgorithms.RSA_SHA256
                    : AsymSignatureAlgorithms.ECDSA_SHA256,
            .verify(session_attestation)) {
          throw new IOException("Verify provisioning signature failed");
    } catch (GeneralSecurityException e) {
      throw new IOException(e);
  * @param privateKey
  * @param data
  * @return
  * @throws SignatureException
  * @throws NoSuchAlgorithmException
  * @throws InvalidKeyException
 private static String calculateRFC2104HMAC(String privateKey, String data)
     throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
   SecretKeySpec signingKey = new SecretKeySpec(privateKey.getBytes(), HMAC_SHA1_ALGORITHM);
   Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
   return Base64.encodeBase64String(mac.doFinal(data.getBytes()));
Exemple #5
  * Generate the mac based on HMAC_ALGORITHM
  * @param integrityKey The key used for hmac
  * @param byteCipherText the cipher text
  * @return A byte array of the HMAC for the given key & ciphertext
  * @throws NoSuchAlgorithmException
  * @throws InvalidKeyException
 public static byte[] generateMac(byte[] byteCipherText, SecretKey integrityKey)
     throws NoSuchAlgorithmException, InvalidKeyException {
   // Now compute the mac for later integrity checking
   Mac sha256_HMAC = Mac.getInstance(HMAC_ALGORITHM);
   return sha256_HMAC.doFinal(byteCipherText);
Exemple #6
 public static byte[] calculateHMac(String token, PublicKey publicKey)
     throws GeneralSecurityException {
   SecretKeySpec keySpec = new SecretKeySpec(token.getBytes(StandardCharsets.UTF_8), "RAW");
   Mac mac = Mac.getInstance("Hmac-SHA256", BouncyCastleProvider.PROVIDER_NAME);
   return mac.doFinal(getKeyIdentifier(publicKey));
  private String query(String method, HashMap<String, String> args) {
    Mac mac = null;
    SecretKeySpec key = null;
    args.put("method", method);
    long time = System.currentTimeMillis() / 1000L;
    args.put("nonce", "" + (int) (time));
    String postData = "";
    for (Iterator argumentIterator = args.entrySet().iterator(); argumentIterator.hasNext(); ) {
      Map.Entry argument = (Map.Entry) argumentIterator.next();

      if (postData.length() > 0) {
        postData += "&";
      postData += argument.getKey() + "=" + argument.getValue();
    try {
      key = new SecretKeySpec(apisecret.getBytes("UTF-8"), "HmacSHA512");
      mac = Mac.getInstance("HmacSHA512");
      URL queryUrl = new URL("https://btc-e.com/tapi/");
      HttpURLConnection connection = (HttpURLConnection) queryUrl.openConnection();
      connection.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; Java Test client)");
      connection.setRequestProperty("Key", apikey);
          "Sign", Hex.encodeHexString(mac.doFinal(postData.getBytes("UTF-8"))));
      StringWriter writer = new StringWriter();
      IOUtils.copy(connection.getInputStream(), writer, "UTF-8");
      return writer.toString();
    } catch (Exception ex) {
      utils.logger.log(true, ex.getMessage());
    return new String();
    public ImportImageBuilder withBucketUploadPolicy(final String bucket, final String prefix) {
      try {
        final AccessKey adminAccessKey = Accounts.lookupSystemAdmin().getKeys().get(0);
        final Calendar c = Calendar.getInstance();
        c.add(Calendar.HOUR, 48); // IMPORT_TASK_EXPIRATION_HOURS=48
        final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.S'Z'");
        final String expiration = sdf.format(c.getTime());
        // based on
        // http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-BundleInstance.html
        final String policy =
                "{\"expiration\":\"%s\",\"conditions\":[{\"bucket\": \"%s\"},"
                    + "[\"starts-with\", \"$key\", \"%s\"],{\"acl\":\"aws-exec-read\"}]}",
                expiration, bucket, prefix);

        final Mac hmac = Mac.getInstance("HmacSHA1");
        hmac.init(new SecretKeySpec(adminAccessKey.getSecretKey().getBytes("UTF-8"), "HmacSHA1"));

      } catch (final Exception ex) {
        throw Exceptions.toUndeclared(ex);
      return this;
  * Computes RFC 2104-compliant HMAC signature.
  * @param data the data to be signed
  * @param token the token
  * @return signature
  * @see <a href="http://oauth.net/core/1.0a/#rfc.section.9.2.1">OAuth Core - 9.2.1. Generating
  *     Signature</a>
 /*package*/ String generateSignature(String data, OAuthToken token) {
   byte[] byteHMAC = null;
   try {
     Mac mac = Mac.getInstance(HMAC_SHA1);
     SecretKeySpec spec;
     if (null == token) {
       String oauthSignature = encode(consumerSecret) + "&";
       spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
     } else {
       spec = token.getSecretKeySpec();
       if (null == spec) {
         String oauthSignature = encode(consumerSecret) + "&" + encode(token.getTokenSecret());
         spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
     byteHMAC = mac.doFinal(data.getBytes());
   } catch (InvalidKeyException e) {
   } catch (NoSuchAlgorithmException ignore) {
     // should never happen
   return BASE64Encoder.encode(byteHMAC);
  * @see #isUrlValid
  * @param url A URL for which to calculate a MAC.
  * @return The bytes of a MAC for the URL, or null if a secure MAC was not available.
 public static byte[] getMacForUrl(Context context, String url) {
   Mac mac = getMac(context);
   if (mac == null) {
     return null;
   return mac.doFinal(url.getBytes());
 public static void main(String[] args) throws Exception {
   // check args and get plaintext
   if (args.length != 1) {
     System.err.println("Usage: java MessageAuthenticationCodeExample text");
   byte[] plainText = args[0].getBytes("UTF8");
   // get a key for the HmacMD5 algorithm
   System.out.println("\nStart generating key");
   KeyGenerator keyGen = KeyGenerator.getInstance("HmacMD5");
   SecretKey MD5key = keyGen.generateKey();
   System.out.println("Finish generating key");
   // get a MAC object and update it with the plaintext
   Mac mac = Mac.getInstance("HmacMD5");
   // print out the provider used and the MAC
   System.out.println("\n" + mac.getProvider().getInfo());
   System.out.println("\nMAC: ");
   System.out.println(new String(mac.doFinal(), "UTF8"));
   * Generates encoded URL params for EB SSO url. It uses current timestamp. Generated link can be
   * useful within 60 seconds.
   * @param userId user name(aka sAMAccountName from ldap) of the user.
   * @return encoded URL params for EB SSO URL
   * @throws CannotGenerateEBSSOURLParams if there were some errors while encoding. Generally it
   *     means that there are arrors in algorithm code
  public static String generateEBSSOURLParams(String userId) {
    try {
      SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");

      String timeStamp = sdf.format(new Date());

      StringBuilder messageString = new StringBuilder(100);


      Cipher cipher = null;

      cipher = Cipher.getInstance(CIPHER_TYPE);

      byte[] seed = SecureRandom.getSeed(16);

      IvParameterSpec ips = new IvParameterSpec(seed);

          Cipher.ENCRYPT_MODE, new SecretKeySpec(KEY.getBytes(ENCODING), CIPHER_TYPE_LESS), ips);

      byte[] cryptedData = cipher.doFinal(messageString.toString().getBytes(ENCODING));

      Mac hmac = Mac.getInstance(HMAC_TYPE);
      hmac.init(new SecretKeySpec(HMAC_KEY.getBytes(ENCODING), EMPTY_STRING));

      byte[] sigCheck = hmac.doFinal(cryptedData);

      String encodedSignature =
          new BASE64Encoder().encode(sigCheck).replaceAll("\n", "").replaceAll("\r", "");

      String encodedSeed =
          new BASE64Encoder().encode(seed).replaceAll("\n", "").replaceAll("\r", "");

      String encodedCryptedData =
          new BASE64Encoder().encode(cryptedData).replaceAll("\n", "").replaceAll("\r", "");

      StringBuilder params = new StringBuilder(220);


      return URLEncoder.encode(params.toString(), ENCODING);
    } catch (Throwable e) {
          "Ups. Something wrong with generateEBSSOURLParams: userid: '"
              + userId
              + "': "
              + e.getMessage());
      return "";
Exemple #13
   * Hash a string of data using a given key with the HMAC-SHA256 algorithm
   * @param data Input data
   * @param key Key to use for hashing
   * @return Hashed output
  public static String hashHmacSha256(String data, String key) {
    Charset charset = Charset.forName("UTF-8");
    String algoName = "HmacSHA256";
    Mac algorithm = null;
    try {
      algorithm = Mac.getInstance(algoName);
    } catch (NoSuchAlgorithmException e) {
      // This should hopefully never happen
      return "hmac-sha-256-algorithm-not-found";

    byte[] byteKey = charset.encode(key).array();
    SecretKeySpec secretKey = new javax.crypto.spec.SecretKeySpec(byteKey, algoName);
    try {
    } catch (InvalidKeyException e) {
      // .. And this shouldn't really ever happen, either
      return "invalid-key-for-access-token-generation";

    final byte[] macData = algorithm.doFinal(data.getBytes());

    String result = "";
    for (final byte element : macData) {
      result += Integer.toString((element & 0xff) + 0x100, 16).substring(1);

    return result;
Exemple #14
   * makes a upload token.
   * @param data
   * @return
   * @throws AuthException
  public String signWithData(byte[] data) throws AuthException {
    byte[] accessKey = this.accessKey.getBytes();
    byte[] secretKey = this.secretKey.getBytes();

    try {
      byte[] policyBase64 = EncodeUtils.urlsafeEncodeBytes(data);

      javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
      SecretKeySpec keySpec = new SecretKeySpec(secretKey, "HmacSHA1");

      byte[] digest = mac.doFinal(policyBase64);
      byte[] digestBase64 = EncodeUtils.urlsafeEncodeBytes(digest);
      byte[] token = new byte[accessKey.length + 30 + policyBase64.length];

      System.arraycopy(accessKey, 0, token, 0, accessKey.length);
      token[accessKey.length] = ':';
      System.arraycopy(digestBase64, 0, token, accessKey.length + 1, digestBase64.length);
      token[accessKey.length + 29] = ':';
      System.arraycopy(policyBase64, 0, token, accessKey.length + 30, policyBase64.length);

      return new String(token);
    } catch (Exception e) {
      throw new AuthException("Fail to sign with data!", e);
Exemple #15
  public byte[] makeAuthToken() {

    byte[] accessKey = Config.getAccessKey().getBytes();
    byte[] secretKey = Config.getSecretKey().getBytes();
    try {
      String policyJson = this.marshal();
      byte[] policyBase64 = Client.urlsafeEncodeBytes(policyJson.getBytes());

      Mac mac = Mac.getInstance("HmacSHA1");
      SecretKeySpec keySpec = new SecretKeySpec(secretKey, "HmacSHA1");

      byte[] digest = mac.doFinal(policyBase64);
      byte[] digestBase64 = Client.urlsafeEncodeBytes(digest);
      byte[] token = new byte[accessKey.length + 30 + policyBase64.length];

      System.arraycopy(accessKey, 0, token, 0, accessKey.length);
      token[accessKey.length] = ':';
      System.arraycopy(digestBase64, 0, token, accessKey.length + 1, digestBase64.length);
      token[accessKey.length + 29] = ':';
      System.arraycopy(policyBase64, 0, token, accessKey.length + 30, policyBase64.length);

      return token;
    } catch (NoSuchAlgorithmException e) {
    } catch (InvalidKeyException e) {
    } catch (JSONException e) {
    return null;
   * From the Lucky13 paper: An individual record R (viewed as a byte sequence of length at least
   * zero) is processed as follows. The sender maintains an 8-byte sequence number SQN which is
   * incremented for each record sent, and forms a 5-byte field HDR consisting of a 1-byte type
   * field, a 2-byte version field, and a 2-byte length field. It then calculates a MAC over the
   * bytes SQN || HDR || R.
   * @param protocolVersion
   * @param contentType
   * @param data
   * @return
  public byte[] calculateMac(
      ProtocolVersion protocolVersion, ProtocolMessageType contentType, byte[] data) {

    byte[] SQN = ArrayConverter.longToUint64Bytes(sequenceNumber);
    byte[] HDR =
            ArrayConverter.intToBytes(data.length, 2));


        "The MAC was caluculated over the following data: {}",
        ArrayConverter.bytesToHexString(ArrayConverter.concatenate(SQN, HDR, data)));

    byte[] result = writeMac.doFinal();

    LOGGER.debug("MAC result: {}", ArrayConverter.bytesToHexString(result));

    // we increment sequence number for the sent records

    return result;
 private String createMac(Key secKey, String ciphertext) throws GeneralSecurityException {
   Mac mac = Mac.getInstance("HMACSHA256", PROVIDER_NAME);
   //    mac.init(new SecretKeySpec(Base64.encode(secKey.getEncoded()), "AES"));
   byte[] hmacBytes = mac.doFinal(WeaveUtil.toAsciiBytes(ciphertext));
   return WeaveUtil.toAsciiString(Hex.encode(hmacBytes));
Exemple #18
   * Generates a signature using the HMAC-SHA1 algorithm
   * @param url The full url that needs to be signed including its non OAuth url parameters
   * @param consumerSecret The consumer seceret
   * @param tokenSecret The token secret, if available. If not available pass null or an empty
   *     string
   * @param httpMethod The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)
   * @param parameters
   * @param normalizedUrl
   * @param normalizedRequestParameters
   * @return A base64 string of the hash value
  private String generateSignature(
      URL url,
      String consumerSecret,
      String tokenSecret,
      String httpMethod,
      List<QParameter> parameters,
      StringBuffer normalizedUrl,
      StringBuffer normalizedRequestParameters) {

    String signatureBase =
            url, httpMethod, parameters, normalizedUrl, normalizedRequestParameters);
    byte[] oauthSignature = null;
    try {
      Mac mac = Mac.getInstance(HMACSHA1SignatureType);
      String oauthKey =
              + "&"
              + ((tokenSecret == null || tokenSecret.equals("")) ? "" : encode(tokenSecret));
      SecretKeySpec spec = new SecretKeySpec(oauthKey.getBytes("US-ASCII"), HMACSHA1SignatureType);
      oauthSignature = mac.doFinal(signatureBase.getBytes("US-ASCII"));
    } catch (NoSuchAlgorithmException e) {
    } catch (InvalidKeyException e) {
    } catch (IllegalStateException e) {
    } catch (UnsupportedEncodingException e) {

    return Base64Encoder.encode(oauthSignature);
  private int verify_code(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException {
    byte[] data = new byte[8];
    long value = t;
    for (int i = 8; i-- > 0; value >>>= 8) {
      data[i] = (byte) value;

    SecretKeySpec signKey = new SecretKeySpec(key, CRYPTO_ALGO);
    Mac mac = Mac.getInstance(CRYPTO_ALGO);
    byte[] hash = mac.doFinal(data);

    int offset = hash[20 - 1] & 0xF;

    // We're using a long because Java hasn't got unsigned int.
    long truncatedHash = 0;
    for (int i = 0; i < 4; ++i) {
      truncatedHash <<= 8;
      // We are dealing with signed bytes:
      // we just keep the first byte.
      truncatedHash |= (hash[offset + i] & 0xFF);

    truncatedHash &= 0x7FFF_FFFF;
    truncatedHash %= 1_000_000;

    return (int) truncatedHash;
Exemple #20
   * Sign a message with a key
   * @param message The message to sign
   * @param key The key to use
   * @return The signed message (in hexadecimal)
  public static String sign(String message, byte[] key) {

    if (key.length == 0) {
      return message;

    try {
      Mac mac = Mac.getInstance("HmacSHA1");
      SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA1");
      byte[] messageBytes = message.getBytes("utf-8");
      byte[] result = mac.doFinal(messageBytes);
      int len = result.length;
      char[] hexChars = new char[len * 2];

      for (int charIndex = 0, startIndex = 0; charIndex < hexChars.length; ) {
        int bite = result[startIndex++] & 0xff;
        hexChars[charIndex++] = HEX_CHARS[bite >> 4];
        hexChars[charIndex++] = HEX_CHARS[bite & 0xf];
      return new String(hexChars);
    } catch (Exception ex) {
      throw new UnexpectedException(ex);
Exemple #21
   * 解析站内应用post的SignedRequest split为part1和part2两部分
  public String parseSignedRequest(String signed_request)
      throws IOException, InvalidKeyException, NoSuchAlgorithmException {
    String[] t = signed_request.split("\\.", 2);
    // 为了和 url encode/decode 不冲突,base64url 编码方式会将
    // '+','/'转换成'-','_',并且去掉结尾的'='。 因此解码之前需要还原到默认的base64编码,结尾的'='可以用以下算法还原
    int padding = (4 - t[0].length() % 4);
    for (int i = 0; i < padding; i++) t[0] += "=";
    String part1 = t[0].replace("-", "+").replace("_", "/");

    SecretKey key =
        new SecretKeySpec(WeiboConfig.getValue("client_SERCRET").getBytes(), "hmacSHA256");
    Mac m;
    m = Mac.getInstance("hmacSHA256");
    String part1Expect = BASE64Encoder.encode(m.doFinal());

    sun.misc.BASE64Decoder decode = new sun.misc.BASE64Decoder();
    String s = new String(decode.decodeBuffer(t[1]));
    if (part1.equals(part1Expect)) {
      return ts(s);
    } else {
      return null;
Exemple #22
  public static void jdkHMacMD5() {
    KeyGenerator keyGenerator;
    try {
      // 生成密钥
      // keyGenerator = KeyGenerator.getInstance("HmacMD5");
      // SecretKey secretKey = keyGenerator.generateKey();
      // byte[] key = secretKey.getEncoded();
      byte[] key = Hex.decodeHex(new char[] {'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a'});

      // 还原密钥
      SecretKey restoreSecretKey = new SecretKeySpec(key, "HmacMD5");

      // 实例和初始化Mac
      Mac mac = Mac.getInstance(restoreSecretKey.getAlgorithm());

      // 执行摘要
      byte[] hmacMD5Bytes = mac.doFinal(src.getBytes());
      System.out.println("jdk hmacMD5:" + Hex.encodeHexString(hmacMD5Bytes));

    } catch (NoSuchAlgorithmException e) {
    } catch (InvalidKeyException e) {
    } catch (DecoderException e) {
  protected void service(HttpServletRequest req, HttpServletResponse res)
      throws ServletException, IOException {
    String policy_document = IoUtil.readStream(req.getInputStream());
    String policy =
            .replaceAll("\n", "")
            .replaceAll("\r", "");

    Mac hmac;
    try {
      hmac = Mac.getInstance("HmacSHA1");
      String aws_secret_key = req.getParameter("aws-secret-key");

      hmac.init(new SecretKeySpec(aws_secret_key.getBytes("UTF-8"), "HmacSHA1"));
      String signature =
          BaseEncoding.base64().encode(hmac.doFinal(policy.getBytes("UTF-8"))).replaceAll("\n", "");
      res.getWriter().write("{\"signature\":\"" + signature + "\",\"policy\":\"" + policy + "\"}");
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
      throw new RuntimeException(e);
  private String generateRandomMACHash(int algorithm) throws Exception {
    // Generates a secret key
    SecretKey sk = null;
    switch (algorithm) {
      case RandomValueMeta.TYPE_RANDOM_MAC_HMACMD5:
        sk = data.keyGenHmacMD5.generateKey();
      case RandomValueMeta.TYPE_RANDOM_MAC_HMACSHA1:
        sk = data.keyGenHmacSHA1.generateKey();

    if (sk == null) {
      throw new KettleException(BaseMessages.getString(PKG, "RandomValue.Log.SecretKeyNull"));

    // Create a MAC object using HMAC and initialize with key
    Mac mac = Mac.getInstance(sk.getAlgorithm());
    // digest
    byte[] hashCode = mac.doFinal();
    StringBuilder encoded = new StringBuilder();
    for (int i = 0; i < hashCode.length; i++) {
      String _b = Integer.toHexString(hashCode[i]);
      if (_b.length() == 1) {
        _b = "0" + _b;
      encoded.append(_b.substring(_b.length() - 2));

    return encoded.toString();
  * Computes RFC 2104-compliant HMAC signature.
  * @param data the data to be signed
  * @param token the token
  * @return signature
  * @see <a href="http://oauth.net/core/1.0a/#rfc.section.9.2.1">OAuth Core - 9.2.1. Generating
  *     Signature</a>
 /* package */ String generateSignature(final String data, final OAuthToken token) {
   byte[] byteHMAC = null;
   try {
     final Mac mac = Mac.getInstance(HMAC_SHA1);
     SecretKeySpec spec;
     if (null == token) {
       final String oauthSignature = HttpParameter.encode(consumerSecret) + "&";
       spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
     } else {
       spec = token.getSecretKeySpec();
       if (null == spec) {
         final String oauthSignature =
                 + "&"
                 + HttpParameter.encode(token.getTokenSecret());
         spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
     byteHMAC = mac.doFinal(data.getBytes());
   } catch (final InvalidKeyException ike) {
     logger.error("Failed initialize \"Message Authentication Code\" (MAC)", ike);
     throw new AssertionError(ike);
   } catch (final NoSuchAlgorithmException nsae) {
     logger.error("Failed to get HmacSHA1 \"Message Authentication Code\" (MAC)", nsae);
     throw new AssertionError(nsae);
   return BASE64Encoder.encode(byteHMAC);
  // Validates HMAC-SHA1 signatures included in webhook notifications
  // to ensure notifications came from Square
  public static boolean isValidCallback(String callbackBody, String callbackSignature) {

    // Combine your webhook notification URL and the JSON body of the incoming request into a single
    // string
    String stringToSign = _webhookUrl + callbackBody;

    String result;

    // Generate the HMAC-SHA1 signature of the string, signed with your webhook signature key
    try {
      SecretKeySpec signingKey = new SecretKeySpec(_webhookSignatureKey.getBytes(), "HmacSHA1");
      Mac mac = Mac.getInstance("HmacSHA1");
      byte[] rawHmac = mac.doFinal(stringToSign.getBytes());
      result = Base64.encodeBase64String(rawHmac);
    } catch (Exception e) {
      return false;

    // Hash the two signatures a second time (to protect against timing attacks) and compare them
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-1");
      String hashedCallbackSignature = new String(digest.digest(callbackSignature.getBytes()));
      String hashedResult = new String(digest.digest(result.getBytes()));

      return hashedCallbackSignature.equals(hashedResult);
    } catch (NoSuchAlgorithmException e) {
      return false;
Exemple #27
  /** Computes a Signature for use in MTurk REST requests. */
  public static String getSignature(
      String service, String operation, String timestamp, String secretKey) throws Exception {

    Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
    mac.init(new SecretKeySpec(secretKey.getBytes(), HMAC_SHA1_ALGORITHM));
    return Base64.encodeBytes(mac.doFinal((service + operation + timestamp).getBytes()));
Exemple #28
  public void performTest() throws Exception {
    for (int i = 0; i != cipherTests.length; i += 8) {
          Hex.decode(cipherTests[i + 1]),
          Hex.decode(cipherTests[i + 2]),
          Hex.decode(cipherTests[i + 3]));

          Integer.parseInt(cipherTests[i + 4]),
          Hex.decode(cipherTests[i + 4 + 1]),
          Hex.decode(cipherTests[i + 4 + 2]),
          Hex.decode(cipherTests[i + 4 + 3]));


    Mac mac = Mac.getInstance("GOST28147MAC", "BC");

        new SecretKeySpec(

    if (!Arrays.areEqual(
        mac.doFinal(Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20")))) {
      fail("mac test falied.");
Exemple #29
  * This method: Encrypts bytes using a cipher. Generates MAC for intialization vector of the
  * cipher Generates MAC for encrypted data Returns a byte array consisting of the following
  * concatenated together: |MAC for cnrypted Data | MAC for Init Vector | Encrypted Data |
  * @param bytes The byte array to be encrypted.
  * @return the encrypted byte array.
 public byte[] encrypt(byte[] bytes) {
   byte[] securedata = null;
   try {
     // Generate IV
     SecureRandom rand = new SecureRandom();
     byte[] iv = new byte[16];
     IvParameterSpec ivspec = new IvParameterSpec(iv);
     Cipher encryptCipher = Cipher.getInstance(CIPHER_CODE);
     encryptCipher.init(Cipher.ENCRYPT_MODE, sk, ivspec);
     Mac encryptMac = Mac.getInstance(MAC_CODE);
     // encrypt the plaintext
     byte[] encdata = encryptCipher.doFinal(bytes);
     byte[] macBytes = encryptMac.doFinal(encdata);
     byte[] tmp = concatBytes(macBytes, iv);
     securedata = concatBytes(tmp, encdata);
   } catch (NoSuchAlgorithmException
       | NoSuchPaddingException
       | InvalidKeyException
       | InvalidAlgorithmParameterException
       | IllegalStateException
       | IllegalBlockSizeException
       | BadPaddingException e) {
     if (LOGGER.isLoggable(Level.SEVERE)) {
           "Unexpected exception initializing encryption." + "  No encryption will be performed.",
     return null;
   return securedata;
   * Calculate the HMAC/SHA1 on a string.
   * @param data Data to sign
   * @param passcode Passcode to sign it with
   * @return Signature
   * @throws NoSuchAlgorithmException If the algorithm does not exist. Unlikely
   * @throws InvalidKeyException If the key is invalid.
  static String encode(String awsSecretAccessKey, String canonicalString, boolean urlencode) {
    // The following HMAC/SHA1 code for the signature is taken from the
    // AWS Platform's implementation of RFC2104
    // (amazon.webservices.common.Signature)
    // Acquire an HMAC/SHA1 from the raw key bytes.
    SecretKeySpec signingKey =
        new SecretKeySpec(awsSecretAccessKey.getBytes(), HMAC_SHA1_ALGORITHM);

    // Acquire the MAC instance and initialize with the signing key.
    Mac mac = null;
    try {
      mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
    } catch (NoSuchAlgorithmException e) {
      // should not happen
      throw new RuntimeException("Could not find sha1 algorithm", e);
    try {
    } catch (InvalidKeyException e) {
      // also should not happen
      throw new RuntimeException("Could not initialize the MAC algorithm", e);

    // Compute the HMAC on the digest, and set it.
    String b64 = Base64.encodeBytes(mac.doFinal(canonicalString.getBytes()));

    if (urlencode) {
      return urlencode(b64);
    } else {
      return b64;