locked
Amazon Product API - WinJS - WinRT Cryptography question

    Question

  • I am following:

    http://docs.aws.amazon.com/AWSECommerceService/latest/DG/rest-signature.html

    And trying to use ItemSearch Example:

    But my signature is not matching their example...

    Any ideas?

            var associateTag = "mytag-20";
            var accessKeyId = 'AKIAIOSFODNN7EXAMPLE';
            var secretAccessKey = "1234567890"
            var service = 'AWSECommerceService';
            var operation = "ItemSearch";
            var actor = "Johnny Depp";
            var responseGroup = "ItemAttributes,Offers,Images,Reviews,Variations";
            var version = "2009-01-01";
            var searchIndex = "DVD";
            var sort = "salesrank";
            var timeStamp = '2009-01-01T12:00:00Z';
            var protocall = "http://";
            var domain = "ecs.amazonaws.co.uk";
            var filePath = "/onca/xml";

            var queryStringHashTable = {
                Actor: encodeURIComponent(actor),
                AWSAccessKeyId: encodeURIComponent(accessKeyId),
                AssociateTag: encodeURIComponent(associateTag),
                Operation: encodeURIComponent(operation),
                ResponseGroup: encodeURIComponent(responseGroup),
                SearchIndex: encodeURIComponent(searchIndex),
                Service: encodeURIComponent(service),
                Sort: encodeURIComponent(sort),
                Timestamp: encodeURIComponent(timeStamp),
                Version: encodeURIComponent(version)
            };

            var queryStringParts = [];
            for (var name in queryStringHashTable) {
                queryStringParts.push(name + "=" + queryStringHashTable[name]);
            }

            // Must be sorted your parameter/value pairs by byte value (not alphabetically, lowercase parameters will be listed after uppercase ones).
            queryStringParts = queryStringParts.sort();

            var queryStringPart = queryStringParts.join("&");
            var stringToHash = "GET\n" + domain + "\n" + filePath + "\n" + queryStringPart;

            // StringToHash is correct:
            // GET
            // ecs.amazonaws.co.uk
            // /onca/xml
            // AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Actor=Johnny%20Depp&Associate
            // Tag=mytag-20&Operation=ItemSearch&ResponseGroup=ItemAttributes%2C
            // Offers%2CImages%2CReviews%2CVariations&SearchIndex=DVD&Service=AW
            // SECommerceService&Sort=salesrank&Timestamp=2009-01-01T12%3A00%3A0
            // 0Z&Version=2009-01-01        

            var correctStringToHash = "GET\n" + 
                "ecs.amazonaws.co.uk\n" +
                "/onca/xml\n" +
                "AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Actor=Johnny%20Depp&Associate" +
                "Tag=mytag-20&Operation=ItemSearch&ResponseGroup=ItemAttributes%2C" +
                "Offers%2CImages%2CReviews%2CVariations&SearchIndex=DVD&Service=AW" +
                "SECommerceService&Sort=salesrank&Timestamp=2009-01-01T12%3A00%3A0" +
                "0Z&Version=2009-01-01";

            if (stringToHash.localeCompare(correctStringToHash) !== 0) {
                // Invalid
                debugger;
            }

            //8.Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above with our "dummy" Secret Access Key: 1234567890. 
            // For more information about this step, see documentation and code samples for your programming language. 

            var secretKeyBuffer = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(secretAccessKey, Windows.Security.Cryptography.BinaryStringEncoding.utf8);
            var messageBuffer = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(stringToHash, Windows.Security.Cryptography.BinaryStringEncoding.utf8);

            // MacAlgorithmProvider docs: http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.macalgorithmprovider.aspx
            var macAlgorithmProvider = Windows.Security.Cryptography.Core.MacAlgorithmProvider.openAlgorithm(Windows.Security.Cryptography.Core.MacAlgorithmNames.hmacSha256);
            var key = macAlgorithmProvider.createKey(secretKeyBuffer);
            var signatureBuffer = Windows.Security.Cryptography.Core.CryptographicEngine.sign(key, messageBuffer);
            if (signatureBuffer.length !== macAlgorithmProvider.macLength) {
                debugger;
            }
            var hashResult = Windows.Security.Cryptography.CryptographicBuffer.encodeToBase64String(signatureBuffer);

            // Check if its valid:
            var valid = Windows.Security.Cryptography.Core.CryptographicEngine.verifySignature(key, messageBuffer, signatureBuffer);
            if (!valid) {
                debugger;
            }

            var correctHashResult = "TuM6E5L9u%2FuNqOX09ET03BXVmHLVFfJIna5cxXuHxiU%3D";
            if (hashResult.localeCompare(correctHashResult) !== 0) {
                // desired fake hash:
                //TuM6E5L9u%2FuNqOX09ET03BXVmHLVFfJIna5cxXuHxiU%3D
                // Hash I am getting:
                //gvUAOpZzdMvq%2Bv3HoCicJCczrSiIfzwbDnKMETTP0Ws%3D
                debugger;
            }

            var baseUrl = protocall + domain + filePath;
            var url = baseUrl + "?" + queryStringPart + "&Signature=" + encodeURIComponent(hashResult);

            WinJS.xhr({ url: url }).then(parseAmazonRequestSuccess, parseAmazonRequestError);

            function parseAmazonRequestSuccess(request) {
                debugger;
            }

            function parseAmazonRequestError(request) {
                debugger;
            }


    • Edited by Cobra Tap Friday, July 26, 2013 6:25 AM
    Thursday, July 25, 2013 2:40 AM

Answers

  • I tried using their ScratchPad site.

    I noticed that I need to change: AWSAccessKeyId: encodeURIComponent(accessKeyId), to: SubscriptionId: encodeURIComponent(accessKeyId),

    However the Hash still wasn't matching with scratch pad's hash.
    Even when I copy their TimeStamp...

    Also I just ignored the hash mismatch and it started to work :-) so oh well.

    • Marked as answer by Cobra Tap Friday, July 26, 2013 6:28 AM
    Friday, July 26, 2013 6:27 AM