Encryption - HMAC

Posted by goo on 04-Dec-2019 06:56

11.7

I am trying to do a test to replicate the jwt.io using Progress, This example:

I am following this example :

The code seems pretty simple, and this is what I did:

define variable oLogin         as class     oo.DataHelper.LoginHelper            no-undo.
define variable oAuth          as class     oo.DataHelper.Auth2                  no-undo.
define variable oHeader        as class     Progress.Json.ObjectModel.JsonObject no-undo.
define variable oPayload       as class     Progress.Json.ObjectModel.JsonObject no-undo.

define variable EncodedPayload as character no-undo.
define variable EncodedHeader as character no-undo.

//oLogin = new oo.DataHelper.LoginHelper().
oAuth = new oo.DataHelper.Auth2().
//oParser = new Progress.Json.ObjectModel.ObjectModelParser().

oHeader = new Progress.Json.ObjectModel.JsonObject().
oPayload = new Progress.Json.ObjectModel.JsonObject().

oHeader:Add('alg','HS256').
oHeader:Add('typ','JWT').

oPayload:Add('sub','1234567890').
oPayload:Add('name','John Doe').
oPayload:Add('iat', 1516239022).

EncodedHeader = string(oAuth:EncodeObject(oHeader)).
EncodedPayload = string(oAuth:EncodeObject(oPayload)).

MESSAGE EncodedHeader '.' EncodedPayload
VIEW-AS ALERT-BOX.

MESSAGE string(oAuth:DecodedText(EncodedHeader):GetJsonText()) skip string(oAuth:DecodedText(EncodedPayload):GetJsonText())
VIEW-AS ALERT-BOX.

MESSAGE string(oAuth:HMACSHA256('test',EncodedHeader + '.' + EncodedPayload))
VIEW-AS ALERT-BOX.

/**oAuth2.cls**/

METHOD PUBLIC LONGCHAR HMACSHA256( INPUT ipKeyString AS CHAR, INPUT ipEncodedString AS CHARACTER):

    /*------------------------------------------------------------------------------
     Purpose:
     Notes:
    ------------------------------------------------------------------------------*/
    DEFINE VARIABLE ByteArray     AS "System.Byte[]" NO-UNDO.
    DEFINE VARIABLE KeyArray      AS "System.Byte[]" NO-UNDO.
    DEFINE VARIABLE HMACByteArray AS "System.Byte[]" NO-UNDO.
    DEFINE VARIABLE oHMACSHA256   AS CLASS           System.Security.Cryptography.HMACSHA256 NO-UNDO.

    ByteArray    = System.Text.ASCIIEncoding:ASCII:GetBytes(ipEncodedString).
    KeyArray     = System.Text.ASCIIEncoding:ASCII:GetBytes(ipKeyString).

    oHMACSHA256 = NEW System.Security.Cryptography.HMACSHA256(KeyArray).
    HMACByteArray = oHMACSHA256:ComputeHash(ByteArray).

// RETURN System.Text.ASCIIEncoding:ASCII:GetString(HMACByteArray).

I need to do something like this in C#:

this.hmac2.Text = ByteToString(hashmessage);
}
public static string ByteToString(byte [] buff)
{
string sbinary="";

for (int i=0;i<buff.Length;i++)
{
sbinary+=buff[i].ToString("X2"); // hex format
}
return(sbinary);
}

But I am kind of lost here

END METHOD.

OpenEdge General - Forum

All Replies

Posted by goo on 05-Dec-2019 18:37

Anyone? I need to do this in openedge:

this.hmac2.Text = ByteToString(hashmessage);

}

public static string ByteToString(byte [] buff)

{

string sbinary="";

for (int i=0;i<buff.Length;i++)

{

sbinary+=buff[i].ToString("X2"); // hex format

}

return(sbinary);

}

Anyone having a hint?

Posted by Peter Judge on 05-Dec-2019 18:50

There are posts on Communities somewhere - OE.Development? - on how to tun a .net byte array into a memptr.

If you want an example of encoding bytes into hex, take a look at github.com/.../URI.cls

The code starting at line 1326 (https://github.com/consultingwerk/ADE-Sourcecode/blob/566ac0a6e085d6305a8f364f13a1d805d3597d2a/src/netlib/OpenEdge/Net/URI.cls#L1326) does the actual encoding.

You can do loop = 1 to extent(byte) and read and encode each byte … again the syntax might vary 'cos it's .NET but the basic principle should apply.

Posted by bronco on 05-Dec-2019 19:01

I don't really get your .NET obsession. Why not use MESSAGE-DIGEST? (11.7.4 iirc)

documentation.progress.com/.../index.html

Posted by goo on 05-Dec-2019 19:58

😊 probably because I started going that direction since I was not on the ball checking if Progress had start making this kind of tools. I also knows that several on this forum is using .net related tools to do their work. My problem is that I would like to learn more within that kind of tool use.

Thanks anyway for showing me this, still I would love to learn the small part of code that I need to make..

//Geir Otto

Posted by goo on 05-Dec-2019 20:38

I tried to use the code that you linked, but the result was a bit different than the test I have from jwt.io. I would believe that the same result:

5mhBHqs5_DTLdINd9p5m7ZJ6XD0Xc55kIaCRY5r6HRA

Should show up, but no. The result from the code was:

f483a5b595c1917eae286aa843a6e6d4d50b74bffa3dca84c5827e9e3f982955

What could be wrong?

//Geir Otto

Posted by goo on 05-Dec-2019 20:44

It seems like it is the jwt.io that gives me wrong … so that is probably based on something else that I have no clue about. The code you linked me to seems to be correct.

//Geir Otto

Posted by bronco on 06-Dec-2019 06:47

jwt.io is always right :-)

Your code outputs hex-encoded data instead of base64-encoded.

Posted by goo on 06-Dec-2019 07:30

Jeps, so then how to get from Hex to base64 ?

This thread is closed