I have a Rest API and I need to implement Dighest Authentication with Java. The project is made with Java 1.8 and gradle, it has Spring, but I need it to be the simplest because I am not an expert on the subject and I want to only copy and paste the classes in the project.
I will receive a REQUEST with some parameters in the header, such as:
Date: Wed, 02 Nov 2016 09:17:54 GMT
X-TransferTo-Hmac: g41AgixMSFMQj0TZgyXIK6 + odCVgy76fxfGpAtWwhE8 =
And from my side what I understand is that I must create a signature to validate my hmac vs the received hmac. I already have my apiSecret or password.
An example that I found very similar to the parameters that will be sent to me are:
nonce = int ([login to view URL] ())
date = [login to view URL] (usegmt = True)
message = bytes (apikey + str (nonce) + date) .encode ('utf-8')
secret = bytes (apisecret) .encode ('utf-8')
hmac = [login to view URL] ([login to view URL] (secret, message, digestmod = [login to view URL]) .digest ())
Either way I think I should validate the signatures (hmac) and the nonce to avoid recursive attacks. ..
In general that is the project.