Develop Reference

Why does HERE oauth2 token request api return 401300 with Rails but works fine with Postman?

When calling the HERE authentication service (https://account.api.here.com/oauth2/token) from one of the controllers of the RoR APP (Rails 5.0.6/ruby 2.6.1) I get a 401: "401300 Signature mismatch. Authorization signature or client credential is wrong"
The Key, secret, Authorization header, content type, request body etc ... are the same as the ones used by Postman.
Postman always returns a 200 OK but the rails app systematically returns "401"
Any suggestions on what the problem is?
def fetch_new_token
# URL
api_url = 'https://account.api.here.com/oauth2/token'
# VERSION
api_version='1.0'
# GRANT TYPE
api_grant_type_for_req_body='grant_type=client_credentials'
#KEY
api_access_key_id = CGI.escape(ENV['my_access_key_id'])
#SECRET
api_access_key_secret = CGI.escape(ENV['my_access_key_secret'])
#NONCE
draft_api_nonce= [('a'..'z'), ('A'..'Z')].map(&:to_a).flatten
api_nonce=(0...20).map { draft_api_nonce[rand(draft_api_nonce.length)] }.join
#TMESTAMP
api_timestamp = (Time.now).strftime('%s')
#NORMALIZED URL
api_url_normalized = CGI.escape(api_url)
#SIGNING METHOD
api_signature_method= CGI.escape('HMAC-SHA256')
#OAUTH PARAMETERS BASE STRING
api_parameters_string=('consumer_key='+api_access_key_id+'&nonce='+api_nonce+'&signature_method='+api_signature_method+'&timestamp='+api_timestamp+'&'+'version=1.0')
#ENCODED BASE STRING
api_normalized_string = 'POST&'+api_url_normalized+'&'+api_grant_type_for_req_body+CGI.escape('&'+api_parameters_string)
#SIGNNG KEY
api_signing_key = api_access_key_secret+'&'
#SIGNATURE
digest = OpenSSL::Digest.new('sha256')
api_signature = OpenSSL::HMAC.hexdigest(digest, api_normalized_string, api_signing_key)
# convert the HASHING result to a URL ENCODED base64 string.
api_signature_encoded = (Base64.strict_encode64(api_signature))
# AUTHORIZATION STRING - ESCAPED
api_authorization_string = ('OAuth consumer_key="'+api_access_key_id+'",signature_method="'+api_signature_method+'",timestamp="'+CGI.escape(api_timestamp)+'",nonce="'+CGI.escape(api_nonce)+'",version="'+CGI.escape(api_version)+'",signature="'+CGI.escape(api_signature_encoded)+'"')
# FARADAY OBJECT
connect_token_request = Faraday.new(url: 'https://account.api.here.com') do |faraday|
faraday.response :logger, nil, bodies: true
faraday.request :json
faraday.headers['Accept'] = 'application/json'
faraday.headers['Content-Type'] = 'application/x-www-form-urlencoded'
faraday.headers['Authorization'] = api_authorization_string
faraday.adapter Faraday.default_adapter
end
# FARADAY POST
response_token_request= connect_token_request.post('/oauth2/token', 'grant_type=client_credentials' )
# CHECK THE RESULT
puts response_token_request.body
#json = JSON.parse(response_token_request.body)
req_status = #json['httpStatus']
puts "The status returned in the body is:::: #{req_status}"
puts "===== ///// ======"
puts "===== ///// ======"
req_error_code = #json['errorCode']
puts "The ERROR CODE returned in the body is:::: #{req_error_code}"
end

I don't know RoR but I had the same problem in Javascript and this script solved my problem:
const axios = require('axios')
const cryptoJS = require('crypto-js');
const btoa = require('btoa');
exports.getToken = (app_key, app_secret) => {
let url = "https://account.api.here.com/oauth2/token";
let key = encodeURI(app_key);
let secret = encodeURI(app_secret);
let nonce = btoa(Math.random().toString(36)).substring(2, 13);
let timestamp = Math.floor(Date.now()/1000);
let normalizedUrl = encodeURIComponent(url);
let signing_method = encodeURI("HMAC-SHA256");
let sig_string = "oauth_consumer_key="
.concat(key)
.concat("&oauth_nonce=")
.concat(nonce)
.concat("&oauth_signature_method=")
.concat(signing_method)
.concat("&oauth_timestamp=")
.concat(timestamp)
.concat("&").concat("oauth_version=1.0");
let normalised_string = "POST&".concat(normalizedUrl).concat("&").concat(encodeURIComponent(sig_string));
let signingKey = secret.concat("&");
let digest = cryptoJS.HmacSHA256(normalised_string, signingKey);
let signature = cryptoJS.enc.Base64.stringify(digest);
let auth = 'OAuth oauth_consumer_key="'
.concat(key)
.concat('",oauth_signature_method="')
.concat(signing_method)
.concat('",oauth_signature="')
.concat(encodeURIComponent(signature))
.concat('",oauth_timestamp="')
.concat(timestamp)
.concat('",oauth_nonce="')
.concat(nonce)
.concat('",oauth_version="1.0"')
return axios({
method: 'post',
url: url,
data: JSON.stringify({grantType: "client_credentials"}),
headers: {
'Content-Type': "application/json",
'Authorization': auth
}
});
}

How to decode ion_binary of Amazon QLDB in ruby

I was playing with QLDB of Amazon with ruby and used the aws-sdk-qldb and aws-sdk-qldbsession gem. I was getting result as IonBinary. But not able to decode and parse it.
Following is the code
cred = Aws::Credentials.new(ENV['AWS_ACCESS_KEY'], ENV['AWS_SECRET_ACCESS_KEY'])
qldb_session_client = Aws::QLDBSession::Client.new(region: 'ap-southeast-1', credentials: cred)
start_session_req = Aws::QLDBSession::Types::StartSessionRequest.new
start_session_req.ledger_name = 'ledger-test'
command_request = Aws::QLDBSession::Types::SendCommandRequest.new
command_request.start_session = start_session_req
resp = qldb_session_client.send_command(command_request)
session_token = resp.start_session.session_token
command_request = Aws::QLDBSession::Types::SendCommandRequest.new
command_request.session_token = session_token
command_request.start_transaction = Aws::QLDBSession::Types::StartTransactionRequest.new
resp = qldb_session_client.send_command(command_request)
transaction_id = resp.start_transaction.transaction_id
command_request = Aws::QLDBSession::Types::SendCommandRequest.new
command_request.session_token = session_token
command_request.execute_statement = Aws::QLDBSession::Types::ExecuteStatementRequest.new
command_request.execute_statement.transaction_id = transaction_id
command_request.execute_statement.statement = 'select * from testing'
resp = qldb_session_client.send_command(command_request)
now if I use the following code
resp.execute_statement.first_page.values[0]
I get
{:ion_binary=>"\xE0\x01\x00\xEA\xEE\x9A\x81\x83\xDE\x96\x87\xBE\x93\x89firstname\x88lastname\xDE\x9D\x8A\x8Dtesting first\x8B\x8Ctesting last", :ion_text=>"[FILTERED]"}
I am not able to decode this ion_binary using binary parser.

Decoding the stream is likely to be done with Aws::EventStream::Decoder#decode. That said, somewhat like below should work.
Aws::EventStream::Decoder.new.decode(
StringIO.new(result[:ion_binary])
)

Getting a bad decrypt error in ruby

I am using this snippet to extend the String class in Rails:
require 'openssl'
class String
def encrypt(key)
cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').encrypt
key = cipher.random_key
cipher.key = key
s = cipher.update(self) + cipher.final
s.unpack('H*')[0].upcase
end
def decrypt(key)
cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').decrypt
key = cipher.random_key
cipher.key = key
s = [self].pack("H*").unpack("C*").pack("c*")
cipher.update(s) + cipher.final
end
end
However when de-crypting the string I get the "Bad decrypt error":
puts plain = 'confidential' # confidential
puts key = 'secret' # secret
puts cipher = plain.encrypt(key) # 5C6D4C5FAFFCF09F271E01C5A132BE89
puts cipher.decrypt(key) # BAD DECRYPT
I tried adding padding like this to the decrypt action (Similar SO question here):
cipher.padding = 0
The error goes away but I am getting gibberish instead.

Even if you are passing key (secret) to the encrypt & decrypt functions, you are redefining key again with the below mentioned code.
key = cipher.random_key
You should be using same key for both encrypt & decrypt.
Try the below code snippet:
require 'openssl'
class String
def encrypt(key)
cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').encrypt
cipher.key = (Digest::SHA1.hexdigest key)[0..23]
s = cipher.update(self) + cipher.final
s.unpack('H*')[0].upcase
end
def decrypt(key)
cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').decrypt
cipher.key = (Digest::SHA1.hexdigest key)[0..23]
s = [self].pack("H*").unpack("C*").pack("c*")
cipher.update(s) + cipher.final
end
end
puts plain = 'confidential' # confidential
puts key = 'secret' # secret
puts cipher = plain.encrypt(key) # 5C6D4C5FAFFCF09F271E01C5A132BE89
puts cipher.decrypt(key) # confidential

How to push key and value to an empty hash with a loop in Ruby on rails

I want to use Bing search results for my webpage. To use their json data I found this solution:
new_bing_results = bing_results[0][:Web]
result = { }
result[:title] = new_bing_results[0][:Title]
result[:description] = new_bing_results[0][:Description]
result[:url] = new_bing_results[0][:Url]
result[:display_url] = new_bing_results[0][:DisplayUrl]
result[:title1] = new_bing_results [1][:Title]
result[:description1] = new_bing_results [1][:Description]
result[:url1] = new_bing_results [1][:Url]
result[:display_url1] = new_bing_results [1][:DisplayUrl]
result[:title2] = new_bing_results [2][:Title]
result[:description2] = new_bing_results [2][:Description]
result[:url2] = new_bing_results [2][:Url]
result[:display_url2] = new_bing_results [2][:DisplayUrl]
....
result
How can I create a loop that is doing the same thing 50 times without having to repeat the same code.
I tried this but only get errors:
new_bing_results = bing_results[0][:Web]
$i = 0
$num = 50
result2 = {}
while $i < $num do
result[:title$i] = new_bing_results[$i][:Title]
......
end
result
The problem is that I do not find a solution for adding my $i number to the key result[:title] as in the value new_bing_results[$i][:Title]

This should do the trick
result = {}
50.times do |i|
result["title#{i}".to_sym] = new_bing_results[i][:Title]
result["description#{i}".to_sym] = new_bing_results[i][:Description]
result["url#{i}".to_sym] = new_bing_results[i][:Url]
result["display_url#{i}".to_sym] = new_bing_results[i][:DisplayUrl]
end
50.times will run from 0 to 49 and you can use interpolation to avoid the repetition.

You can use .to_sym method. For example:
new_bing_results = [{Title: "Title"}]
result = {}
result["title#{i}".to_sym] = new_bing_results[i][:Title]
result
=> {:title0=>"Title"}

You can use string interpolation and then the to_sym method.
result = {}
50.times do |n|
result["title#{n}".to_sym] = new_bing_results[n][:Title]
end

rails saml how to decrypt xml?

I'm doing an SAML AUTHENTIFICATION, and when I received the xml, a part of it is ecrypted. This is the part I need (contains name, email etc.)
For that I have a private key to decrypt it, but I don't have any idea how to do that.
I am here:
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
response.settings = set_settings
doc = Nokogiri::XML(response.response)
document = XMLSecurity::Document.new(doc)
### NOT USED HERE
formated_cert = OneLogin::RubySaml::Utils.format_cert(CONFIG_CERTIFICATE)
cert = OpenSSL::X509::Certificate.new(formated_cert)
formated_private_key = OneLogin::RubySaml::Utils.format_private_key(CONFIG_PRIVATE_KEY)
private_key = OpenSSL::PKey::RSA.new(formated_private_key)
### NOT USED HERE
ret = doument.decrypt!(settings) rescue nil # PROBLEME HERE, DONT WORK
def set_settings
settings = OneLogin::RubySaml::Settings.new
...
settings.security[:digest_method] = XMLSecurity::Document::SHA1
settings.security[:signature_method] = XMLSecurity::Document::SHA1
...
settings.certificate = CONFIG_CERTIFICATE
settings.private_key = CONFIG_PRIVATE_KEY
end
and so, ret is suposed to be a decrypted xml that I can use, but it always stays at nil (rescue nil, to avoid 500)
I use OneLogin::RubySaml and XMLSecurity
but I have no idea what I've done wrong,
anybody ?

finally, I succeeded to fix the problem :
Here the solution:
response.settings = saml_settings
enc_key = REXML::XPath.first(response.document, "//xenc:EncryptedKey//xenc:CipherData/xenc:CipherValue").text
enc_value = REXML::XPath.first(response.document, "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue").text
private_key = OpenSSL::PKey::RSA.new(CONFIG_PRIVATE_KEY)
data_key = private_key.private_decrypt(Base64.decode64(enc_key), OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
actual_output = decrypt_cipher_data(data_key, enc_value)
clean_output = actual_output.slice(0..(actual_output.index('</Assertion>') + '</Assertion>'.length-1))
so clean_output is the final xml decrypted, ready to use

Because I can't comment on your question #ReggieB, here's where the source of #F4ke's answer I think https://gist.github.com/sheeley/7044243
For the decryption part
def decrypt_cipher_data(key_cipher, cipher_data)
cipher_data_str = Base64.decode64(cipher_data)
mcrypt_iv = cipher_data_str[0..15]
cipher_data_str = cipher_data_str[16..-1]
cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
cipher.decrypt
cipher.padding = 0
cipher.key = key_cipher
cipher.iv = mcrypt_iv
result = cipher.update(cipher_data_str)
result << cipher.final
end
enc_key = REXML::XPath.first(response.document, "//xenc:EncryptedKey//xenc:CipherData/xenc:CipherValue").text
enc_value = REXML::XPath.first(response.document, "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue").text
private_key = OpenSSL::PKey::RSA.new(CONFIG_PRIVATE_KEY)
data_key = private_key.private_decrypt(Base64.decode64(enc_key), OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
actual_output = decrypt_cipher_data(data_key, enc_value)
clean_output = actual_output.slice(0..(actual_output.index('</Assertion>') + '</Assertion>'.length-1))