Search code examples
javaphpsignaturegravity-forms-plugin

Gravity Forms Signature - From PHP to java

All requests from external applications are authenticated by checking an expiring signature. This is similar to the approach used by Amazon to secure access to their S3 Storage API. Once authenticated, standard WordPress and Gravity Forms role-based authorization is used to ensure that the API request is allowed to be fulfilled.

Each request at a minimum must include the following 3 query parameters:

api_key - The public API key defined on the settings page e.g. "1234"
expires - Expiration date for the request expressed as a UNIX timestamp in seconds e.g. 1369749344
signature - A URL-encoded, base64 HMAC-SHA1 hash of a colon separated string following this structure:
{api_key}:{http method}:{route}:{expires}
e.g. 1234:GET:forms/1/entries:1369749344
The signature for this request using the private key of "abcd" is uJEnk0EoQ4d3iinjFMBrBzZfH9w%3D

Sample code for generating signatures in PHP but in need in JAVA

  <?php
function calculate_signature($string, $private_key) {
    $hash = hash_hmac("sha1", $string, $private_key, true);
    $sig = rawurlencode(base64_encode($hash));
    return $sig;
}

$api_key = "1234";
$private_key = "abcd";
$method  = "GET";
$route    = "forms/1/entries";
$expires = strtotime("+60 mins");
$string_to_sign = sprintf("%s:%s:%s:%s", $api_key, $method, $route, $expires);
$sig = calculate_signature($string_to_sign, $private_key);
var_dump($sig);
?>

I Write This Code But It Not Get Me A Valid Signature

 public static void main(String[] args) throws Exception {
    Date d = new Date();
    int expire = 3600;
    int unixtime = (int) (d.getTime() / 1000);
    int future_unixtime = unixtime + expire;

    System.out.println(future_unixtime);

    String api_key = "1234";
    String private_key = "1345";
    String method = "GET";
    String route = "forms/1/entries";
    String stringToSign = api_key + ":" + method + ":" + route + ":" + future_unixtime;

    String output = calculateRFC2104HMAC(stringToSign, private_key);

    System.out.println(output);
}

public static String calculateRFC2104HMAC(String data, String key) throws Exception{
    SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA1");
    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(signingKey);
    String output = new String(Base64.getEncoder().encode(mac.doFinal(data.getBytes()))).trim();
    return java.net.URLEncoder.encode(output, "UTF-8");
}

PLZ HELP ME !

Solution

  • Here is some Solution for Java

    public class GravityManager {

public static String computeSignature(String baseString, String keyString) throws GeneralSecurityException, UnsupportedEncodingException {

    SecretKey secretKey = null;

    byte[] keyBytes = keyString.getBytes();
    secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");

    Mac mac = Mac.getInstance("HmacSHA1");

    mac.init(secretKey);

    byte[] text = baseString.getBytes();

    return new String(Base64.encodeBase64(mac.doFinal(text))).trim();
}

    }