wealdtech · jcwilson · Oct 13, 2016
diff --git a/hawk-core/src/main/java/com/wealdtech/hawk/Hawk.java b/hawk-core/src/main/java/com/wealdtech/hawk/Hawk.java
@@ -22,6 +22,7 @@
 import java.net.URI;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.MessageDigest;
 import java.util.Locale;
 
 import javax.crypto.Mac;
@@ -235,6 +236,53 @@ public static String calculateBodyMac(final HawkCredentials credentials, final S
     return calculateMac(credentials, sb.toString());
   }
 
+  /**
+   * Generate the payload hash for a body with a specific content-type
+   *
+   * @param credentials
+   *          Hawk credentials of the requestor
+   * @param contentType
+   *          the MIME content type
+   * @param body
+   *          the body
+   * @return the MAC
+   * @throws DataError
+   *           if there is an issue with the data that prevents creation of the
+   *           hash
+   */
+  public static String calculateBodyHash(final HawkCredentials credentials, final String contentType, final String body)
+  {
+    // Check that required parameters are present
+    checkNotNull(contentType, "Content type is required but not supplied");
+    checkNotNull(body, "Body is required but not supplied");
+
+    final StringBuilder sb = new StringBuilder(1024);
+    sb.append("hawk.");
+    sb.append(HAWKVERSION);
+    sb.append(".payload\n");
+    if (contentType.indexOf(';') != -1)
+    {
+      sb.append(contentType.substring(0, contentType.indexOf(';')).toLowerCase(Locale.ENGLISH));
+    }
+    else
+    {
+      sb.append(contentType.toLowerCase(Locale.ENGLISH));
+    }
+    sb.append('\n');
+    sb.append(body);
+    sb.append('\n');
+
+    try {
+      MessageDigest md = MessageDigest.getInstance(credentials.getDigestAlgorithm());
+      md.update(sb.toString().getBytes());
+      return new String(BaseEncoding.base64().encode(md.digest()));
+    }
+    catch (NoSuchAlgorithmException nsae)
+    {
+      throw new DataError.Bad("Unknown encryption algorithm", nsae);
+    }
+  }
+
   /**
    * Internal method to generate the MAC given the compiled string to sign
    *

diff --git a/hawk-core/src/main/java/com/wealdtech/hawk/HawkCredentials.java b/hawk-core/src/main/java/com/wealdtech/hawk/HawkCredentials.java
@@ -74,6 +74,11 @@ public static Algorithm parse(final String algorithm)
                                                                                         .put(Algorithm.SHA256, "HmacSHA256")
                                                                                         .build();
 
+  private static final ImmutableMap<Algorithm, String> DIGESTALGORITHMS = new ImmutableMap.Builder<Algorithm, String>()
+                                                                                        .put(Algorithm.SHA1, "SHA-1")
+                                                                                        .put(Algorithm.SHA256, "SHA-256")
+                                                                                        .build();
+
   private HawkCredentials(final String keyId, final String key, final Algorithm algorithm)
   {
     this.keyId = keyId;
@@ -127,6 +132,16 @@ public Algorithm getAlgorithm()
     return this.algorithm;
   }
 
+  /**
+   * Obtain the algorithm used to calculate the MAC
+   *
+   * @return the algorithm used to calculate the MAC
+   */
+  public String getDigestAlgorithm()
+  {
+    return DIGESTALGORITHMS.get(this.algorithm);
+  }
+
   /**
    * Obtain the algorithm used to calculate the MAC, using the name as known by
    * Java cryptography functions.

diff --git a/hawk-core/src/test/java/test/com/wealdtech/hawk/HawkTest.java b/hawk-core/src/test/java/test/com/wealdtech/hawk/HawkTest.java
@@ -101,6 +101,17 @@ public void testBodyMac() throws Exception
     assertEquals(testmac1, "w1rO8cxeoTwVmO1Weffal3VCYHBTcIxpjgQUZx01mRU=");
   }
 
+  @Test
+  public void testBodyHash() throws Exception
+  {
+    // Ensure that the body hash gives the correct result
+    // This validates the example provided at https://github.com/hueniverse/hawk#payload-validation
+    final HawkCredentials testCredentials = new HawkCredentials.Builder().keyId("test").key("mysecretkey").algorithm(Algorithm.SHA256).build();
+    final String contentType = "text/plain";
+    String testhash1 = Hawk.calculateBodyHash(testCredentials, contentType, "Thank you for flying Hawk");
+    assertEquals(testhash1, "Yi9LfIIFRtBEPt74PVmbTF/xVAwPn7ub15ePICfgnuY=");
+  }
+
   @Test
   public void testBewitValidation1() throws Exception
   {