2

I am trying to take some working python code and convert it to java for my usage. The python code below produces the correct signature. The java code using the same key, salt, produces something different and I am at a loss for why. In the Java code I am using the key generated in python (_key) to create the signature.

What I don't understand is, if I print the value of _key in python I get "34ee7983-5ee6-4147-aa86-443ea062abf774493d6a-2a15-43fe-aace-e78566927585". Now if I take that and place it directly into the hmac(new) call I get a different result than if I just leave the _key variable. I assume this has something to do with encoding of some type but I am at a loss. 

_s1 = base64.b64decode('VzeC4H4h+T2f0VI180nVX8x+Mb5HiTtGnKgH52Otj8ZCGDz9jRW'
                       'yHb6QXK0JskSiOgzQfwTY5xgLLSdUSreaLVMsVVWfxfa8Rw==')
_s2 = base64.b64decode('ZAPnhUkYwQ6y5DdQxWThbvhJHN8msQ1rqJw0ggKdufQjelrKuiG'
                       'GJI30aswkgCWTDyHkTGK9ynlqTkJ5L4CiGGUabGeo8M6JTQ==')

# bitwise and of _s1 and _s2 ascii, converted to string
_key = ''.join([chr(ord(c1) ^ ord(c2)) for (c1, c2) in zip(_s1, _s2)])

@classmethod
def get_signature(cls, song_id, salt=None):
    """Return a (sig, salt) pair for url signing."""

    if salt is None:
        salt = str(int(time.time() * 1000))

    mac = hmac.new(cls._key, song_id, sha1)
    mac.update(salt)
    sig = base64.urlsafe_b64encode(mac.digest())[:-1]

    return sig, salt

This is my Java code. I think ultimately my issue is how I am handling or encoding the AA_KEY but I cannot figure it out.

private static final String AA_KEY = "34ee7983-5ee6-4147-aa86-443ea062abf774493d6a-2a15-43fe-aace-e78566927585";

public void someFunc(String songId) {

  salt = "1431875768596"
  String sig = hmacSha1(songId + salt, AA_KEY);
  sig =  StringUtils.replaceChars(sig, "+/=", "-_.");
}

static String hmacSha1(String value, String key) {
    try {
        // Get an hmac_sha1 key from the raw key bytes
        byte[] keyBytes = key.getBytes();           
        SecretKeySpec signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");

        // Get an hmac_sha1 Mac instance and initialize with the signing key
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);

        // Compute the hmac on input data bytes
        byte[] rawHmac = mac.doFinal(value.getBytes());

        return Base64.encodeBytes(rawHmac);

    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

I found a couple of similar questions but they didn't help me figure it out sadly. Thanks!

Python HMAC-SHA256 signature differs from PHP signature

Python HMAC-SHA1 vs Java HMAC-SHA1 different results

Community
  • 1
  • 1
Nate Schwartz
  • 21
  • 1
  • So I actually figured this out finally. I don't really understand it, but I noticed when I printed the key in python it always added a new line. So I just added \n at the end of the key in Java and suddenly it all worked. Not sure why that new line character is there but glad it is finally working! – Nate Schwartz May 18 '15 at 07:10

0 Answers0