Constructing Gigya Signature on Android Base64 encoding problems

Question

Hi I'm having problems creating a Gygia signature. I've tryed everything on this post and I am almost sure my problem resides in wich Base64 I'm using. Here is what i got right now.

Both methods give me wrong keys

static String sign(String timestamp, String uid, String key) {
    String baseString = timestamp + "_" + uid;
    String lRet = "";
    byte[] baseBytes;
    try {
        baseBytes = baseString.getBytes("UTF-8");

        byte[] secretKeyBytes = org.apache.commons.codec.binary.Base64
                .decodeBase64(key.getBytes());
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(new SecretKeySpec(secretKeyBytes, "HmacSHA1"));
        byte[] signatureBytes = mac.doFinal(baseBytes);
        byte[] encodedSign = org.apache.commons.codec.binary.Base64
                .encodeBase64(signatureBytes);
        lRet = new String(encodedSign, "UTF-8");
    } catch (Exception e) {
        e.printStackTrace();
    }
    return lRet;
}

The other implementation I tried is this one but my signature includes characters like '/' and '+' and Gigya kicks it back.

private String constructSignature(String timestamp, String UID, String pKey) {

    // Construct a "base string" for signing
    String baseString = timestamp + "_" + UID;

    // Convert the base string into a binary array
    byte[] binaryBaseString = ConvertUTF8ToBytes(baseString);

    // Convert secretKey from BASE64 to a binary array
    byte[] binaryKey = ConvertFromBase64ToBytes(pKey);

    // Use the HMAC-SHA1 algorithm to calculate the signature
    byte[] binarySignature = hmacsha1(baseString, binaryKey);

    // Convert the signature to a BASE64
    String signature = ConvertToBase64(binarySignature);

    return signature;
}

private byte[] ConvertUTF8ToBytes(String pString) {
    try {
        return pString.getBytes("UTF-8");
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    }
    return null;
}

private byte[] ConvertFromBase64ToBytes(String pBase64String) {
    return android.util.Base64.decode(pBase64String,
            android.util.Base64.DEFAULT);
}

private String ConvertToBase64(byte[] data) {
    String retString = android.util.Base64.encodeToString(data, android.util.Base64.DEFAULT);
    return retString;
}

I've gone up and down this code quite a bit, I've used commons.codec Base64 and also the Gigya version with no luck. Any pointers will be greatly apreciated. Regards

The error I get back from Gigya with the bad key is:

errorCode:400006
errorMessage:Invalid parameter value
errorDetails:Invalid argument: invalid signature
data:{"statusCode":400,"errorMessage":"Invalid parameter 
value","errorCode":400006,"callId":"0106c32c05e14afba1fc93ae0659bb69",
"errorDetails":"Invalid argument: invalid signature","statusReason":"Bad Request"}

What is the error you're getting back? – Rotem Hermon Aug 07 '13 at 10:44 — Rotem Hermon, Aug 07 '13 at 10:44
I added the error on the question. Thanks – Aerim Aug 07 '13 at 15:22 — Aerim, Aug 07 '13 at 15:22

score 1 · Accepted Answer · edited May 23 '17 at 11:56

Well after reading the post I mentioned I found on the accepted answer the SigUtils class wich basically does all the work for you... took me a while and I hope i didn't waste anyones time. Heres how to generate the key:

String lSig  = SigUtils.getOAuth1Signature(query+"_"+expTime, lHashedKey);

And to validate:

boolean valid = SigUtils.validateUserSignature(expTime, query, lHashedKey, lSig);

Constructing Gigya Signature on Android Base64 encoding problems

1 Answers1