This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

my code gives the wrong hash value  RSS feed

 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I'm trying to follow directions to generate a hash of a string to get the "digestValue" portion of a digitally signed XML file.

the code below works and gives me a string. but the string doesn't match the digestValue in the xml example file, part of which is given below.
I guess my main question: Is MessageDigest the correct class to be using in this situation?




xml file I'm trying to match:


finally, here are the instructions I am trying to follow:
1) Apply a hash algorithm over the specified content to be digitally signed. In this case, the content to be signed is <wsu:Timestamp>. The hash algorithm that is used is SHA-1. The result of the hashing operation is stored in the DigestValue. The SHA-1 hash value is 160 bits in length and when converted into Base64 it is precisely 28 characters, which is exactly what you see in DigestValue.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could it be a matter of whitespace? In the Java app, you're concatenating the elements w/o line breaks, while the XML you quote has them, as well as leading spaces in the two lines in the middle.
 
Robin Wilson
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is almost certainly related to whitespace... The information you are supposed to be hashing is explicitly the 4 lines specified. However, you are manually selecting 4 separate strings, without getting all the whitespace in the 4 specified lines. You are missing "\n" at the end of the first 3 lines, then " " at the beginning of lines 2 and 3... That does make a difference.

(Keep in mind that simply because you can't see a character doesn't mean it isn't there - and if it is there, it has a value that will significantly alter the resulting hash value. We see a file as a series of independent "lines" of data. The computer sees a file as a continuous stream of bit (bytes), including the bytes that represent line breaks and leading/trailing spaces.)
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you, guys.
That was it.
In fact, there is a step called "canonicalization" or "c14n" that I was missing. It must be done when signing things. This is handled by the WSS4J libraries and it strips whitespace before signing an element.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!