Re: [graylog2] Re: Authenticate using SSL_CLIENT_S_DN_CN / REMOTE_USER or generate a cookie manually

Wed, 11 Jun 2014 05:37:26 -0700 

Hi,

Hooray! I was finally able to do this. Thanks a lot :) I think I'll make up 
the code and release it later~

On Tuesday, June 10, 2014 4:57:33 PM UTC+3, Kay Röpke wrote:
>
> Hi! 
>
> I believe this is the Play framework signing the entire cookie. 
> The relevant code looks like: 
> /** 
>    * Signs the given String with HMAC-SHA1 using the application’s secret 
> key. 
>    * 
>    * By default this uses the platform default JSSE provider.  This 
> can be overridden by defining 
>    * `application.crypto.provider` in `application.conf`. 
>    * 
>    * @param message The message to sign. 
>    * @return A hexadecimal encoded signature. 
>    */ 
>   def sign(message: String): String = { 
>     secret.map(secret => sign(message, 
> secret.getBytes("utf-8"))).getOrElse { 
>       throw new PlayException("Configuration error", "Missing 
> application.secret") 
>     } 
>   } 
>
>   /** 
>    * Signs the given String with HMAC-SHA1 using the given key. 
>    * 
>    * By default this uses the platform default JSSE provider.  This 
> can be overridden by defining 
>    * `application.crypto.provider` in `application.conf`. 
>    * 
>    * @param message The message to sign. 
>    * @param key The private key to sign with. 
>    * @return A hexadecimal encoded signature. 
>    */ 
>   def sign(message: String, key: Array[Byte]): String = { 
>     val mac = provider.map(p => Mac.getInstance("HmacSHA1", 
> p)).getOrElse(Mac.getInstance("HmacSHA1")) 
>     mac.init(new SecretKeySpec(key, "HmacSHA1")) 
>     Codecs.toHexString(mac.doFinal(message.getBytes("utf-8"))) 
>   } 
>
> So you should be able to take the application.secret, use that as the 
> HmacSHA1 secret, sign the entire cookie value (incl. the cookie name 
> and '=') and prepend the sha + '-'. 
>
> What I couldn't find the code for right away is how the cookie value 
> is generated if it is a map. But I think that's not relevant here. 
>
> Hope that helps! 
>
> Kay 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to