05-24-2019, 12:20 AM
(05-23-2019, 09:19 AM)info@a-dato.net Wrote: I can't say why the hash calculated using OpenSSL is different. All I know is that it works.
Like I said, HMAC-SHA1 by itself cannot produce such a long hash. Are you perhaps actually showing the COMPLETE OAuth signature after EVERYTHING is hashed and concatenated together? That is a very different thing than just hashing individual values by themselves. Start with hashing 1 value and make sure it hashes correctly, then another value, and another as needed until you read the final result. Find a decent OAuth example that shows you what the intermediate hashes should be at each step, not just what the input and final result are.
(05-23-2019, 09:19 AM)info@a-dato.net Wrote: I updated my test application so that I have an OpenSLL and Indy version of the hashing algorithm (see file OAuth1SignatureMethod_RSA_SHA1). The hash being calculated is very different and the Indy hash is not working (Jira returns an HTTP 500).
Well, considering that Indy uses OpenSSL internally by default, the hashes should be identical. Which likely means either you are not actually hashing the same input data, or you are not using the hash algorithms correctly.
(05-23-2019, 09:19 AM)info@a-dato.net Wrote: I built this application based on this manual: https://developer.atlassian.com/cloud/ji...ntication/
If you want you can check it out.
If you do, please compile this application (I use Delphi 10.3.1), then press the button labeled '#1: Get Request-Token and Auth-Code'. This should open the login window for Jira.
You can also check 'Use indy' and then try again. This will result in a Http 500 exception.
Internally, TIdHMACSHA1 uses OpenSSL's HMAC functions (specifically, HMAC_CTX_init(), HMAC_Init_ex(EVP_sha1), HMAC_Update(), and HMAC_Final()), rather than the Digest Signing functions that your OpenSSL code is using. If you use the HMAC functions in your code, are you able to get a result that Jira accepts?