Secrethash stimmt nicht für den Client überein: xyz - aws cognito degly ⇐ Java

[Anonymous]

Ich versuche, degling_user_srp_auth (Authentifizierungsfluss) zu implementieren, aber ich erhalte den folgenden Fehler. < /p>
< /blockquote>
Dies ist die Klasse mit der statischen Funktion, mit der ich den Wert Secret_hash generiert habe. < /p>

public class SecretHashGenerator {

public static String calculateSecretHash(String clientId, String clientSecret, String userName) {
final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

SecretKeySpec signingKey = new SecretKeySpec(
clientSecret.getBytes(StandardCharsets.UTF_8),
HMAC_SHA256_ALGORITHM);
try {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
mac.update(userName.getBytes(StandardCharsets.UTF_8));
byte[] rawHmac = mac.doFinal(clientId.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating ");
}
}

}
< /code>
Ich habe bereits die gleichen SecrethashGenerator -Klasse ohne Probleme implementiert. (Authentifizierungsfluss).public class SRPAuthenticator {
private static final BigInteger N = new BigInteger(
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" +
"FFFFFFFFFFFFFFFF", 16);
private static final BigInteger g = BigInteger.valueOf(2);
private static final int EPHEMERAL_KEY_LENGTH = 1024;

private final SRP6Client srpClient;
private final SecureRandom random;
private final String userPoolName;
private final String secretHash;

public SRPAuthenticator(String userPoolName, String secretHash) {
this.srpClient = new SRP6Client();
this.random = new SecureRandom();
this.userPoolName = userPoolName;
this.secretHash = secretHash;
}

private String generateTimestamp() {
SimpleDateFormat sdf = new SimpleDateFormat("EEE MMM d HH:mm:ss z yyyy", Locale.US);
sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
return sdf.format(new Date());
}

private BigInteger generatePrivateValue() {
int bytes = EPHEMERAL_KEY_LENGTH / 8;
byte[] arr = new byte[bytes];
random.nextBytes(arr);
return new BigInteger(1, arr);
}

public AuthenticationResultType authenticate(
CognitoIdentityProviderClient cognitoClient,
String clientId,
String username,
String password) throws Exception {

// Initialize SRP6 client
srpClient.init(N, g, new SHA256Digest(), random);

// Generate private value 'a' and public value 'A'
BigInteger a = generatePrivateValue();
BigInteger A = g.modPow(a, N);

// Prepare authentication parameters
Map authParams = new HashMap();
authParams.put("USERNAME", username);
authParams.put("SRP_A", A.toString(16));
authParams.put("SECRET_HASH", secretHash);
authParams.put("EMAIL", username);

// Initiate authentication request
InitiateAuthRequest initiateRequest = InitiateAuthRequest.builder()
.authFlow(AuthFlowType.USER_SRP_AUTH)
.clientId(clientId)
.authParameters(authParams)
.build();

InitiateAuthResponse initiateAuthResponse = cognitoClient.initiateAuth(initiateRequest);

// Extract challenge parameters
Map challengeParams = initiateAuthResponse.challengeParameters();
String userIdForSrp = challengeParams.get("USER_ID_FOR_SRP");
String saltHex = challengeParams.get("SALT");
String srpBHex = challengeParams.get("SRP_B");
String secretBlock = challengeParams.get("SECRET_BLOCK");
String timestamp = challengeParams.getOrDefault("TIMESTAMP", generateTimestamp());

// Convert challenge parameters
byte[] serverSalt = new BigInteger(saltHex, 16).toByteArray();
BigInteger B = new BigInteger(srpBHex, 16);

try {
// Set the client's credentials
srpClient.generateClientCredentials(
serverSalt,
userIdForSrp.getBytes(StandardCharsets.UTF_8),
password.getBytes(StandardCharsets.UTF_8)
);

// Calculate client evidence message
BigInteger S = srpClient.calculateSecret(B);
BigInteger M1 = srpClient.calculateClientEvidenceMessage();

// Calculate session key
SHA256Digest digest = new SHA256Digest();
byte[] sessionKey = new byte[digest.getDigestSize()];
digest.update(S.toByteArray(), 0, S.toByteArray().length);
digest.doFinal(sessionKey, 0);

// Generate signature
byte[] signature = calculateSignature(
sessionKey,
timestamp,
userIdForSrp,
secretBlock);

// Create challenge response parameters
Map challengeResponses = new HashMap();
challengeResponses.put("USERNAME", userIdForSrp);
challengeResponses.put("PASSWORD_CLAIM_SECRET_BLOCK", secretBlock);
challengeResponses.put("TIMESTAMP", timestamp);
challengeResponses.put("EMAIL", username);
challengeResponses.put("PASSWORD_CLAIM_SIGNATURE",
Base64.getEncoder().encodeToString(signature));
challengeResponses.put("SECRET_HASH", secretHash);
challengeResponses.put("PROOF", M1.toString(16));

// Respond to authentication challenge
RespondToAuthChallengeRequest challengeRequest = RespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.PASSWORD_VERIFIER)
.clientId(clientId)
.challengeResponses(challengeResponses)
.build();

RespondToAuthChallengeResponse challengeResponse =
cognitoClient.respondToAuthChallenge(challengeRequest);

return challengeResponse.authenticationResult();
} catch (CryptoException e) {
throw new RuntimeException("Failed to calculate SRP authentication values", e);
}
}

private byte[] calculateSignature(
byte[] key,
String timestamp,
String username,
String secretBlock) throws Exception {

Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec keySpec = new SecretKeySpec(key, "HmacSHA256");
mac.init(keySpec);

mac.update(userPoolName.getBytes(StandardCharsets.UTF_8));
mac.update(username.getBytes(StandardCharsets.UTF_8));
mac.update(Base64.getDecoder().decode(secretBlock));
mac.update(timestamp.getBytes(StandardCharsets.UTF_8));

return mac.doFinal();
}
}
< /code>

software.amazon.awssdk
cognitoidentityprovider
2.30.1


org.bouncycastle
bcprov-jdk18on
1.80

< /code>
Ich schätze Ihre Hilfe. Danke