[oauth] RSA-SHA1 implementation for coldfusion (code for reference)

2009-07-17 Thread Sharad 

I worked on a coldfusion implementation of RSA-SHA1 signatures
(calling java methods inside coldfusion itself). Posting it here, in
case someone finds it useful, or if someone cares to embed in the code
itself. Refine it, use it, do it...

cfset rsaPrivateKey = {base 64 string of pkcs8 private key}

cfset rsaPublicKey={base 64 string of x509 public key}

cfset appSignature = #encodePercent(rsa_sha1(rsaPrivateKey,
rsaPublicKey, {url-encoded base signature string}))#

cffunction name=rsa_sha1 returntype=string access=public
descrition=RSA-SHA1 computation based on supplied private key 
supplied base signature string. Also verifies generated signatures
thru supplied public key as well.
   cfargument name=signKey type=string required=true
hint=base64 formatted PKCS8 private key
   cfargument name=signPub type=string required=true
hint=base64 formatted X509 public key
   cfargument name=signMessage type=string required=true
hint=msg to sign
   cfargument name=sFormat type=string required=false
default=iso-8859-1

   cfset var jKey = JavaCast(string, arguments.signKey)
   cfset var jPub = JavaCast(string, arguments.signPub)
   cfset var jMsg = JavaCast(string,
arguments.signMessage).getBytes(arguments.sFormat)

   cfset var key = createObject(java, java.security.PrivateKey)
   cfset var keySpec = createObject(java,
java.security.spec.PKCS8EncodedKeySpec)
   cfset var pub = createObject(java, java.security.PublicKey)
   cfset var pubSpec = createObject(java,
java.security.spec.X509EncodedKeySpec)
   cfset var keyFactory = createObject(java,
java.security.KeyFactory)
   cfset var b64dec = createObject(java, sun.misc.BASE64Decoder)

   cfset var sig = createObject(java, java.security.Signature)

   cfset var byteClass = createObject(java, java.lang.Class)
   cfset var byteArray = createObject(java,
java.lang.reflect.Array)

   cfset byteClass = byteClass.forName(JavaCast(string,
java.lang.Byte))
   cfset keyBytes = byteArray.newInstance(byteClass, JavaCast(int,
1024))
   cfset keyBytes = b64dec.decodeBuffer(jKey)
   cfset pubBytes = byteArray.newInstance(byteClass, JavaCast(int,
1024))
   cfset pubBytes = b64dec.decodeBuffer(jPub)

   cfset sig = sig.getInstance(SHA1withRSA, SunJSSE)
   cfset sig.initSign(keyFactory.getInstance(RSA).generatePrivate
(keySpec.init(keyBytes)))
   cfset sig.update(jMsg)
   cfset signBytes = sig.sign()

   cfset sig.initVerify(keyFactory.getInstance
(RSA).generatePublic(pubSpec.init(pubBytes)))
   cfset sig.update(jMsg)
   cfset verifyFlag = sig.verify(signBytes)
   cfoutputverified = #verifyFlag#br/br//cfoutput

   cfreturn ToBase64(signBytes)
/cffunction

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
OAuth group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---

[oauth] Re: C# OAuthBase.cs bug

2009-07-17 Thread jr conlin 

You may want to use the OAuthBase.UrlEncode() method for this. I know 
that C# tends to use lowercase hex for values where OAuth prefers 
uppercase. This way, you know that the signature value being generated 
will match. (Yes, I realize that the values are also read opaquely and 
case doesn't matter, but it's also good to be consistent.)



rjlopes wrote:
 Hi,

 I was testing the OAuthBase and find out a bug when using it with
 MySpace.

 The problem is that MySpace uses an url as oauth_consumer_key and the
 NormalizeRequestParameters doesn't encode the parameters values.

 The fix is really simple, just change:

 sb.AppendFormat({0}={1}, p.Name,p.Value);

 to:

 sb.AppendFormat({0}={1}, p.Name, UrlEncode(p.Value));

 

   


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
OAuth group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---

[oauth] Re: C# OAuthBase.cs bug

2009-07-17 Thread Ricardo Lopes 
What I was refering was that the consumer key is an url in the case of
myspace and the OAuthBase internaly should urlencode that values on the
NormalizeRequestParameters method.

If I am not make myself clear enough please let me know and I will post an
example.

2009/7/17 jr conlin jrcon...@gmail.com


 You may want to use the OAuthBase.UrlEncode() method for this. I know
 that C# tends to use lowercase hex for values where OAuth prefers
 uppercase. This way, you know that the signature value being generated
 will match. (Yes, I realize that the values are also read opaquely and
 case doesn't matter, but it's also good to be consistent.)



 rjlopes wrote:
  Hi,
 
  I was testing the OAuthBase and find out a bug when using it with
  MySpace.
 
  The problem is that MySpace uses an url as oauth_consumer_key and the
  NormalizeRequestParameters doesn't encode the parameters values.
 
  The fix is really simple, just change:
 
  sb.AppendFormat({0}={1}, p.Name,p.Value);
 
  to:
 
  sb.AppendFormat({0}={1}, p.Name, UrlEncode(p.Value));
 
  
 
 


 



-- 

Ricardo Lopes

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
OAuth group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~--~~~~--~~--~--~---