生成“Sec-WebSocket-Accept"来自“Sec-WebSocket-Key" [英] generate "Sec-WebSocket-Accept" from "Sec-WebSocket-Key"

问题描述

我正在关注 rfc6455:

具体来说，如果如上例所示，|Sec-WebSocket-Key|
标头字段的值为dGhlIHNhbXBsZSBub25jZQ=="，服务器
将连接字符串258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
形成字符串dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-
C5AB0DC85B11".然后服务器将采用此的 SHA-1 哈希值，
给出值 0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6
0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea.这个值是
然后 base64 编码(参见 [RFC4648] 的第 4 节)，给出值
s3pPLMBiTxaQ9kYGzzhZRbK+xOo=".然后该值将在
中回显|Sec-WebSocket-Accept|头字段.

Concretely, if as in the example above, the |Sec-WebSocket-Key|
header field had the value "dGhlIHNhbXBsZSBub25jZQ==", the server
would concatenate the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
to form the string "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-
C5AB0DC85B11". The server would then take the SHA-1 hash of this,
giving the value 0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6
0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea. This value is
then base64-encoded (see Section 4 of [RFC4648]), to give the value
"s3pPLMBiTxaQ9kYGzzhZRbK+xOo=". This value would then be echoed in
the |Sec-WebSocket-Accept| header field.

并且无法生成正确的Sec-WebSocket-Accept".

and fail to generate the correct "Sec-WebSocket-Accept".

为了了解我在线使用的过程SHA1 hash 和 Base64 编码.

In order to understand the process I'm using online SHA1 hash and Base64 Encode.

dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-"的在线SHA1哈希C5AB0DC85B11"给出正确的结果:b37a4f2cc0624f1690f64606cf385945b2bec4ea"如 rfc6455 中所述.

The online SHA1 hash for "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11" give the correct result: "b37a4f2cc0624f1690f64606cf385945b2bec4ea" as described in rfc6455.

但是 online Base64 Encode 给了我错误的结果YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlY=="对于输入b37a4f2cc0624f1690f64606cf385945b2bec4ea".结果应该是s3pPLMBiTxaQ9kYGzzhZRbK+xOo="

But The online Base64 Encode give me the wrong results "YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==" for input "b37a4f2cc0624f1690f64606cf385945b2bec4ea". The result should be "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="

我做错了什么?

推荐答案

您需要对原始 sha1 摘要进行 base64 编码.
您正在对长度为两倍的摘要的十六进制字符串表示形式进行编码.

You need to base64-encode the raw sha1 digest.
You are encoding the hexadecimal string representation of the digest which is double the length.

在线工具处理文本，而不处理原始二进制数据，这就是您得到错误结果的原因.

Online tools work with text and don't work with raw binary data, that's why you are getting wrong results.

Python 示例:

import hashlib, base64
h = hashlib.sha1("dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
print "hexdigest:", h.hexdigest() # hexadecimal string representation of the digest
print "digest:", h.digest() # raw binary digest
print
print "wrong result:", base64.b64encode(h.hexdigest())
print "right result:", base64.b64encode(h.digest())

打印:

hexdigest: b37a4f2cc0624f1690f64606cf385945b2bec4ea
digest: ﾳzO,ÀbOﾐöFÏ8YEﾲﾾÄê

wrong result: YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==
right result: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

这篇关于生成“Sec-WebSocket-Accept"来自“Sec-WebSocket-Key"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！