Hi, Hooray! I was finally able to do this. Thanks a lot :) I think I'll make up the code and release it later~
On Tuesday, June 10, 2014 4:57:33 PM UTC+3, Kay Röpke wrote: > > Hi! > > I believe this is the Play framework signing the entire cookie. > The relevant code looks like: > /** > * Signs the given String with HMAC-SHA1 using the application’s secret > key. > * > * By default this uses the platform default JSSE provider. This > can be overridden by defining > * `application.crypto.provider` in `application.conf`. > * > * @param message The message to sign. > * @return A hexadecimal encoded signature. > */ > def sign(message: String): String = { > secret.map(secret => sign(message, > secret.getBytes("utf-8"))).getOrElse { > throw new PlayException("Configuration error", "Missing > application.secret") > } > } > > /** > * Signs the given String with HMAC-SHA1 using the given key. > * > * By default this uses the platform default JSSE provider. This > can be overridden by defining > * `application.crypto.provider` in `application.conf`. > * > * @param message The message to sign. > * @param key The private key to sign with. > * @return A hexadecimal encoded signature. > */ > def sign(message: String, key: Array[Byte]): String = { > val mac = provider.map(p => Mac.getInstance("HmacSHA1", > p)).getOrElse(Mac.getInstance("HmacSHA1")) > mac.init(new SecretKeySpec(key, "HmacSHA1")) > Codecs.toHexString(mac.doFinal(message.getBytes("utf-8"))) > } > > So you should be able to take the application.secret, use that as the > HmacSHA1 secret, sign the entire cookie value (incl. the cookie name > and '=') and prepend the sha + '-'. > > What I couldn't find the code for right away is how the cookie value > is generated if it is a map. But I think that's not relevant here. > > Hope that helps! > > Kay > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.