Hi Peter, On Thu, Mar 12, 2015 at 7:02 AM, Peter Mueller <[email protected]> wrote:
> Hi, > I am emulating the FxA protocol and I have trouble authenticating a Hawk > request sent by the Desktop client to /account/keys on Server using the > standard Hawk lib. > I'm curious to know what the "standard Hawk lib" is. When I built a Java implementation, I had to grub around inside some of Eran's code to dig out some details; there was no spec. (I know of no spec now, either.) But I just rewrote this in Swift! Here's a Java implementation [1] with good piece-wise test vectors [2]. And here's a Swift implementation [3] which has not yet been tested against production endpoints. I suggest you make sure your implementation is getting my (the old spec's) test vectors correct and then verify that your computed vectors remain the same. After that, I'd appreciate additional test vectors in the form of pull requests :) Nick [1] https://github.com/mozilla-services/android-sync/blob/cdafc277cea4228f8a494498b984f979ec68be5c/src/main/java/org/mozilla/gecko/sync/net/HawkAuthHeaderProvider.java [2] https://github.com/mozilla-services/android-sync/blob/cdafc277cea4228f8a494498b984f979ec68be5c/src/test/java/org/mozilla/gecko/sync/net/test/TestHawkAuthHeaderProvider.java [3] https://github.com/ncalexan/firefox-ios/commit/546ac30f2c422afde9085809ff155a8b816b6f59 > > After reading and trying a lot I am at a loss why I don't get the > correct mac value for the following parameters and I am thankful for > comments. Using a different Hawk-lib results in the same mac, so I > somehow build the wrong normalized string, but I don't know what goes > wrong. Ideas? > > I am using the given test vectors for KeyFetchToken, therefore the key > should be: > 87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7 > > Sent Apache Authorization Header from client: > Hawk > id="3d0a7c02a15a62a2882f76e39b6494b500c022a8816e048625a495718998ba60", > ts="1426168115", nonce="PZ5oR8+A1cg=", > mac="BcLvmko79juoZDTfdHDVpi/D5logg7xg9MdcraBo3zI=" > > Here are the variables I am using: > key = "87b8937f61d38d0e29cd2d5600b3f4da0aa48ac41de36a0efe84bb4a9872ceb7"; > ts = "1426168115"; > nonce = "PZ5oR8+A1cg="; > method = "GET"; > resource = "/simplesync/account/keys"; > host = "localhost"; > port = "443"; > payload_hash = ""; // no hash given > extra = ""; > > which results in the following normalized String (without -----): > > |----------- > hawk.1.header > 1426168115 > PZ5oR8+A1cg= > GET > /simplesync/account/keys > localhost > 443 > > > > ----------- > and the following mac for my string = ||| > |NnjwluoNCZXutov27mON9WJYIoXawk5ERrEtHPvg5WY=| > > And the raw Request in full: > GET https://localhost/simplesync/account/keys HTTP/1.1 > Host: localhost > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 > Firefox/36.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: de, en-US, en > Accept-Encoding: gzip, deflate > Authorization: Hawk > id="3d0a7c02a15a62a2882f76e39b6494b500c022a8816e048625a495718998ba60", > ts="1426168115", nonce="PZ5oR8+A1cg=", > mac="BcLvmko79juoZDTfdHDVpi/D5logg7xg9MdcraBo3zI=" > Content-Type: text/plain > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > > Thanks > Peter > > > > > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev >
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
