无法使用ColdFusion和HMAC-SHA1为API生成有效的签名 [英] Unable to generate valid signature for API using ColdFusion and HMAC-SHA1
问题描述
我已经阅读了许多与此主题相关的其他文章,并且能够毫无问题地复制它们。但是,无论我做什么,都无法使用自己的数据获得预期的签名结果。我将不胜感激任何帮助。以下是API的要求:
I have gone through a number of other related posts on this subject and have been able to replicate them with no problems. However, I cannot get the expected signature result using my own data, no matter what I try to do. I would greatly appreciate any assistance. Here are the API requirements:
- 将数据转换为将符号从ASCII字符串转换为字节数组
- 将您的秘密访问密钥从Base64字符串转换为字节数组
- 使用在步骤1中创建的字节数组作为HMAC-SHA1签名者的密钥
- 计算在步骤2中创建的字节数组的HMAC-SHA1哈希。结果将为字节数组
- 将在步骤3中创建的字节数组转换为Base64编码的字符串
- Convert the data to sign from an ASCII string to a byte array
- Convert your Secret Access Key from a Base64 string to a byte array
- Use the byte array created in step 1 as the key for a HMAC-SHA1 signer
- Calculate the HMAC-SHA1 hash of the byte array created in step 2. The result will be a byte array
- Convert the byte array created in step 3 to a Base64 encoded string
根据文档:
- 假设您的秘密访问密钥为 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ==
- 假定要签名的数据为
http://membersuite.com/contracts/IConciergeAPIService/WhoAmI00000000-0000-0000-0000-0000000000001 1111111-1111-1111-1111-111111111111 - 签名应为 2zsMYdHb / MJUeTjv5cQl5pBuIqU =
尽管尝试了其他帖子中的各种方法,但我仍无法获得该签名。例如:
I have been unable to get that signature, despite trying a variety of methods from the other posts. For example:
<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
<cfargument name="base64Key" type="string" required="true" default="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==">
<cfargument name="signMessage" type="string" required="true" default="http://membersuite.com/contracts/IConciergeAPIService/WhoAmI00000000-0000-0000-0000-00000000000011111111-1111-1111-1111-111111111111">
<cfargument name="encoding" type="string" default="UTF-8">
<cfset var messageBytes = JavaCast("string",arguments.signMessage).getBytes(arguments.encoding)>
<cfset var keyBytes = binaryDecode(arguments.base64Key, "base64")>
<cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec")>
<cfset var mac = createObject("java","javax.crypto.Mac")>
<cfset key = key.init(keyBytes,"HmacSHA512")>
<cfset mac = mac.getInstance(key.getAlgorithm())>
<cfset mac.init(key)>
<cfset mac.update(messageBytes)>
<cfreturn mac.doFinal()>
</cffunction>
转储该函数的输出不会给我带来任何错误,但也不符合预期的输出。再次,我将不胜感激在正确方向上提供的任何帮助或推动。我认为部分麻烦在于我如何编码密钥和URL字符串,但是我不确定。
Dumping the output of that function does not give me any errors, but neither does it match the expected output. Again, I would greatly appreciate any assistance or nudges in the right direction. I think part of my trouble lies in how I am encoding the key and URL string, but I am not sure. Thank you all in advance!
推荐答案
key.init(keyBytes, HmacSHA512)
几乎。该UDF被硬编码为使用 HmacSHA512。将其更改为 HmacSHA1,或者将其更改为类似于 encoding的函数参数。
Almost. That UDF is hard coded to use "HmacSHA512". Change it to "HmacSHA1", or better yet, make it a function parameter like "encoding".
示例:
<cfset action = "http://membersuite.com/contracts/IConciergeAPIService/WhoAmI">
<cfset associationId = "00000000-0000-0000-0000-000000000000">
<cfset sessionId = "11111111-1111-1111-1111-111111111111">
<cfset stringToSign = action & associationId & sessionId>
<cfset key = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==">
<cfset result = binaryEncode(hmacEncrypt(key, stringToSign, "US-ASCII"), "base64")>
<cfset writeDump(result)>
结果:
2zsMYdHb/MJUeTjv5cQl5pBuIqU=
NB: 从CF10 +开始, HMAC 现在是核心功能:
NB: As of CF10+, HMAC is a now core function:
<cfset resultAsHex = hmac(stringToSign, binaryDecode(key, "base64"), "hmacsha1", "us-ascii")>
<cfset resultAsBase64 = binaryEncode(binaryDecode(resultAsHex, "hex"), "base64")>
<cfset writeDump(resultAsBase64)>
这篇关于无法使用ColdFusion和HMAC-SHA1为API生成有效的签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
