mercredi 5 août 2015

hmac nsdictionary - express req.body


i am trying to do a generic - hmac verification with an iOS app and an express node.js app.

generating the hmac using given samples at: http://ift.tt/1P42qG1

having the following problem: subclassed AFHTTPRequestOperationManager to gain access to POST: i want to hmac the nsdictionary parameters.

so convert the nsdicionary to json - hmac it - and set hmac header in request. on the receiver side, i use crypto-js and express to access the req.body - and hmac the json object.

problem is! - thos keys are not in same oder, even if i force the sort on the keys in nsdictionary, the transoformed json does not come in the order way.

after hours of googling i accepted that json objects cannot be orderd, in an reliable way.

so what is the best-practice to hmac an nsdictionary, by ignoring the order? (i could hmac on only a few keys, but that would be way to less generic, mean adding a dictionary key would require code change in ios and express)

generating the hmac only based on the URI - works fine, but its a way to open :)

UPDATE: to be a bit more specific.

on the app i transform my nsdictionary to json by and then calculate the hmac of the json_string

NSDicationary * dic = @{@"key1", "value1",@"key2", "value2"} 
NSData *jsonData = [NSJSONSerialization dataWithJSONObject:dic
                                                       options:(NSJSONWritingOptions)    (prettyPrint ? NSJSONWritingPrettyPrinted : 0)
                                                         error:&error];

NSString * json_str = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding]

and i do a AFNetworking POST request calling passing my nsdictionary as parameters:

- (AFHTTPRequestOperation *)POST:NSString *)URLString parameters:(id)parameters   success:(void (^)(AFHTTPRequestOperation *operation,id responseObject))success failure:(void (^)(AFHTTPRequestOperation *operation, NSError *error))failure

on the receiver app (node.js/express) i get the ctx.req.body containing the javascript object from the POST request -> but here it does not have the same order as in the json encoded string from the app (and i have not found a way to preserve order)

as i am not knowing what keys are in nsdicationary a static key-hmac would not work.

regards helmut



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)