生成“Sec-WebSocket-Accept”来自“Sec-WebSocket-Key” [英] generate "Sec-WebSocket-Accept" from "Sec-WebSocket-Key"

问题描述

我正在关注 rfc6455 ：

具体来说，如果如上例所示，| Sec-WebSocket-Key |

标题字段的值为dGhlIHNhbXBsZSBub25jZQ ==，服务器

将串联字符串258EAFA5-E914-47DA-95CA-C5AB0DC85B11

形成字符串dGhlIHNhbXBsZSBub25jZQ == 258EAFA5-E914-47DA-95CA-

C5AB0DC85B11。然后服务器将获取此SHA-1哈希，

给出值0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6

0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea 。这个值是

然后是base64编码的（参见[RFC4648]的第4节），给出值
s3pPLMBiTxaQ9kYGzzhZRbK + xOo =。然后，这个值将在| $ -b $ b | Sec-WebSocket-Accept |中回显标题字段。

Concretely, if as in the example above, the |Sec-WebSocket-Key|
header field had the value "dGhlIHNhbXBsZSBub25jZQ==", the server
would concatenate the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
to form the string "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-
C5AB0DC85B11". The server would then take the SHA-1 hash of this,
giving the value 0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6
0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea. This value is
then base64-encoded (see Section 4 of [RFC4648]), to give the value
"s3pPLMBiTxaQ9kYGzzhZRbK+xOo=". This value would then be echoed in
the |Sec-WebSocket-Accept| header field.

并且无法生成正确的Sec-WebSocket-Accept。

and fail to generate the correct "Sec-WebSocket-Accept".

为了解我在线使用 SHA1哈希和 Base64编码。

在线SHA1哈希值给出了正确的结果：rfc6455中描述的b37a4f2cc0624f1690f64606cf385945b2bec4ea 。

The online SHA1 hash for "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11" give the correct result: "b37a4f2cc0624f1690f64606cf385945b2bec4ea" as described in rfc6455.

但在线Base64编码给了我输入b37a4f2cc0624f1690f64606cf385945b2bec4ea的错误结果YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ ==。
结果应为s3pPLMBiTxaQ9kYGzzhZRbK + xOo =

But The online Base64 Encode give me the wrong results "YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==" for input "b37a4f2cc0624f1690f64606cf385945b2bec4ea". The result should be "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="

我做错了什么？

推荐答案

您需要对原始sha1摘要进行base64编码。

您正在编码摘要的十六进制字符串表示形式，它是长度的两倍。

You need to base64-encode the raw sha1 digest.
You are encoding the hexadecimal string representation of the digest which is double the length.

在线工具使用文本而不能处理原始二进制数据，这就是你得到错误结果的原因。

Online tools work with text and don't work with raw binary data, that's why you are getting wrong results.

Python示例：

Python example:

import hashlib, base64
h = hashlib.sha1("dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
print "hexdigest:", h.hexdigest() # hexadecimal string representation of the digest
print "digest:", h.digest() # raw binary digest
print
print "wrong result:", base64.b64encode(h.hexdigest())
print "right result:", base64.b64encode(h.digest())

这打印：

hexdigest: b37a4f2cc0624f1690f64606cf385945b2bec4ea
digest: ﾳzO,ÀbOﾐöFÏ8YEﾲﾾÄê

wrong result: YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==
right result: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

这篇关于生成“Sec-WebSocket-Accept”来自“Sec-WebSocket-Key”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！