hash_hmac 在使用纯经典 ASP [英] hash_hmac in using pure classic ASP

问题描述

我想知道，有没有办法在经典的ASP中实现hash_hmac("sha256", $token, $signkey, true) (php)?

I want to know, is there any way to achieve hash_hmac("sha256", $token, $signkey, true) (php) in classic ASP?

我需要它来验证来自 Facebook 的签名请求https://developers.facebook.com/docs/howtos/login/signed-请求/

I need it to verificate the signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/

// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); 
if ($sig !== $expected_sig) {
  error_log('Bad Signed JSON signature!');
  return null;
}

推荐答案

我一直在使用我在亚马逊论坛上找到的文件.这是线程:https://forums.aws.amazon.com/message.jspa?messageID=147377

I have been using a file I found on an Amazon forum. This is the thread: https://forums.aws.amazon.com/message.jspa?messageID=147377

它使用一个 .wsc 文件，它只是一个 JScript 文件，它定义了一个可以在 ASP 代码中使用的对象.像这样:

It uses a .wsc file, which is just a JScript file that defines a object you can use in your ASP code. Like this:

' ### be sure to have sha256.wsc in the same folder as this script
    Dim sha256
    Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
    sha256.hexcase = 0

    Dim result
    result = sha256.b64_hmac_sha256( secretkey, stringtosign )

这是一个最初用于对 Amazon API 的请求进行签名的文件.由于我不明白的原因，这在 .wsc 文件中包含了这行代码:

This is a file which was originally used to sign request to the Amazon API. For reasons I don't understand this included this line of code in .wsc file:

d=d.replace ( /s/g, "
");

这会将所有空白字符(包括空格)转换为 ".很难相信空格需要转换为 ".无论如何，我必须注释掉这一行以使代码为我工作！它确实有效.我已经使用了一段时间没有问题.

This converts all whitespace characters, including spaces, to ' '. Hard to believe that spaces need to be converted to " ". Anyway, I had to comment out this line to make the code work for me! And it does work. I have been using it for a while without problems.

来自 sha256.wsc 文件:

From the sha256.wsc file:

/*
 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
 * in FIPS 180-2
 * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 * Distributed under the BSD License
 * See http://pajhome.org.uk/crypt/md5 for details.
 * Adapted into a WSC for use in classic ASP by Daniel O'Malley
 * (based on an SHA-1 example by Erik Oosterwaal)
 * for use with the Amazon Product Advertising API
 */

直接链接到 sha256.wsc 文件:https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc

Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc

我一直找不到官方下载网站.

I have been unable to find an official download site.

这篇关于hash_hmac 在使用纯经典 ASP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！