Two methods are available for client authentication: Simple Authentication and authentication using an Authorization Signature.
using System; using System.Security.Cryptography; using System.Text; namespace MyGolfApp.Security { public class AuthorizationSigner { public static string GetSignature(string username, string password, int timestamp, string secret) { string toHash = String.Format("{0}{1}{2}", username, Convert.ToBase64String(HashSha1(password)), timestamp); return Convert.ToBase64String(HashHmac256(Encoding.UTF8.GetBytes(toHash), Encoding.UTF8.GetBytes(secret))); } private static byte[] HashHmac256(byte[] data, byte[] key) { using (var hmacAlgorithm = new HMACSHA256(key)) { hmacAlgorithm.ComputeHash(data); return hmacAlgorithm.Hash; } } private static byte[] HashSha1(string s) { SHA1 sha1 = SHA1.Create(); byte[] octets = Encoding.UTF8.GetBytes(s); byte[] hash = sha1.ComputeHash(octets); return hash; } } }
import java.security.MessageDigest; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; public class AuthorizationSigner { public static void main(String []args){ System.out.println(getSignature("UserName", "Password", "1397500408", "617e0ed8-7531-44a4-bd64-2b246291c600")); } public static String getSignature(String username, String password, String timestamp, String key){ return hmac256_thenBase64(username + sha1_thenBase64(password) + timestamp, key); } private static String sha1_thenBase64(String s){ try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] bytes = s.getBytes(("UTF-8")); md.update(bytes); byte[] digest = md.digest(); String hash = (new sun.misc.BASE64Encoder()).encode(digest); return hash; } catch(Exception e) { } return null; } private static String hmac256_thenBase64(String s, String key){ try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256"); sha256_HMAC.init(secret_key); String hash = (new sun.misc.BASE64Encoder()).encode(sha256_HMAC.doFinal(s.getBytes())); return hash; } catch(Exception e) { } return null; } }
<?php $auth = base64_encode(pack('H*', hash_hmac('sha256', 'UserName' . base64_encode(pack('H*', sha1('Password'))) . '1397500408', '617e0ed8-7531-44a4-bd64-2b246291c600'))); ?>
UserName: | |
Password: | |
ClientApplicationSecret: | |
Timestamp: | |