Skip to Main Content
Forums

SQL & PL/SQL

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

HMAC-SH256 signature not getting generated properly.

Kinjan BhavsarNov 17 2023 — edited Nov 17 2023
Hi All,

I am trying to generate a HMAC-Sh256 signature using PLSQL but it's not working and I keep on getting signature mismatch error when I try to use the final generated signature.

Here is the sample code
declare

v_oauth_consumer_key varchar2(200) := 'testKey';
v_oauth_consumer_secret varchar2(200) := 'testSecret';
v_oauth_token varchar2(500);
v_oauth_secret varchar2(500);

v_oauth_signature_method varchar2(50) := urlencode ('HMAC-SHA256');
v_oauth_version varchar2(5) := urlencode ('1.0');

v_oauth_timestamp VARCHAR2 (100);
v_oauth_nonce VARCHAR2 (500);
v_oauth_base_string VARCHAR2 (2000);
-- v_oauth_key VARCHAR2 (500);
v_sig_mac RAW (2000);
v_base64_sig_mac VARCHAR2 (100);

v_random VARCHAR2(15);

v_oauth_header varchar2(4000);

v_token_ws_url varchar2(200) := 'https://account.api.here.com/oauth2/token';

v_clob CLOB;
l_param_names apex_application_global.vc_arr2;
l_param_values apex_application_global.vc_arr2;
begin
-- v_oauth_key := v_oauth_consumer_key || '&' || v_oauth_consumer_secret;

-- random oauth_nonce
select dbms_random.string('A', 15) into v_random from dual;

select urlencode(utl_encode.base64_encode(utl_I18N.string_to_raw(v_random, 'AL32UTF8'))) into v_oauth_nonce from dual;

select urlencode((SYSDATE - TO_DATE ('01-01-1970', 'DD-MM-YYYY')) * 86400) into v_oauth_timestamp from dual;

v_oauth_base_string := 'POST' || '&' || urlencode(v_token_ws_url)
|| '&' || urlencode (
'oauth_consumer_key' || '=' || v_oauth_consumer_key
|| '&' || 'oauth_nonce' || '=' || v_oauth_nonce
|| '&' || 'oauth_signature_method' || '=' || v_oauth_signature_method
|| '&' || 'oauth_timestamp' || '=' || v_oauth_timestamp
|| '&' || 'oauth_version' || '=' || v_oauth_version);

dbms_output.put_line('OAuthBaseString : ' || v_oauth_base_string);

v_sig_mac := DBMS_CRYPTO.mac (src => UTL_I18N.string_to_raw (v_oauth_base_string, 'AL32UTF8'),
typ => DBMS_CRYPTO.HMAC_SH256, 
key => UTL_I18N.string_to_raw (v_oauth_consumer_secret, 'AL32UTF8')
);
dbms_output.put_line('SigMac: ' ||v_sig_mac);

v_base64_sig_mac := UTL_RAW.cast_to_varchar2 (UTL_ENCODE.base64_encode (v_sig_mac));

dbms_output.put_line('Base64Mac: ' ||v_base64_sig_mac);

v_oauth_header := 'OAuth oauth_consumer_key="'||v_oauth_consumer_key||'",'||'oauth_signature_method="'||v_oauth_signature_method||'",'||'oauth_timestamp="'|| v_oauth_timestamp || '",'|| 'oauth_nonce="' || v_oauth_nonce || '",'||'oauth_version="' || v_oauth_version || '",'||'oauth_signature="' || urlencode (v_base64_sig_mac) || '"';

dbms_output.put_line(v_oauth_header);

Can someone suggest what am I doing wrong?

I generated similar signature for twitter api but it has both consumer token secret and token secret, but in case of here maps, I only have consumer key and consumer secret.

Thanks
This post has been answered by Kinjan Bhavsar on Nov 18 2023
Jump to Answer
Comments
Post Details
Added on Nov 17 2023
#sha256
2 comments
962 views