hash_hmac在使用纯传统的ASP [英] hash_hmac in using pure classic ASP
问题描述
我想知道,有没有什么办法来实现 hash_hmac(SHA256,$令牌,$ signkey,真实)
(PHP)在传统的ASP?
我需要它verificate从Facebook的signed_request
https://developers.facebook.com/docs/howtos/login/signed-请求/
//添加下面的signed_request验证
$ expected_sig = hash_hmac('SHA256',$有效载荷,$秘密,$原料= TRUE);
如果($ SIG!== $ expected_sig){
error_log中(坏签名JSON签名!');
返回null;
}
我一直在使用一个文件我在Amazon论坛找到。这是螺纹:
<一href=\"https://forums.aws.amazon.com/message.jspa?messageID=147377\">https://forums.aws.amazon.com/message.jspa?messageID=147377
它使用的.wsc文件,它仅仅是一个JScript文件定义了一个对象,你可以在你的ASP code使用。像这样的:
'###一定有sha256.wsc在同一文件夹作为此脚本
昏暗的SHA256
设置SHA256 = GetObject的(脚本:&放大器;使用Server.Mappath(sha256.wsc))
sha256.hexcase = 0 昏暗的结果
结果= sha256.b64_hmac_sha256(SecretKey的,stringtosign)
这是原本是用来签署要求亚马逊API的文件。至于原因,我不明白,这包括在的.wsc文件中这一行code的:
D = d.replace(/ \\ s /克,\\ n);
这个转换的所有空格字符,包括空格,以'\\ n'。很难相信空间需要转换成\\ n。无论如何,我不得不注释掉此行,使code为我工作!和它的工作。我一直在使用了一段时间没有问题的。
从sha256.wsc文件:
/ *
*一个JavaScript实现安全散列算法,SHA-256,定义
*在FIPS 180-2
* 2.2版版权所有天使马林,保罗·约翰斯顿2000 - 2009。
*其他贡献者:格雷格·霍尔特,安德鲁Kepert,Ydnar,Lostinet
*在BSD许可证下发布
*请参阅http://pajhome.org.uk/crypt/md5了解详情。
*由丹尼尔·奥马利改编成WSC用于传统的ASP
*(基于由Erik Oosterwaal的SHA-1为例)
*与亚马逊产品广告API的使用
* /
直接链接到sha256.wsc文件:
<一href=\"https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc\">https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc
我一直无法找到一个官方下载网站。
I want to know, is there any way to achieve hash_hmac("sha256", $token, $signkey, true)
(php) in classic ASP?
I need it to verificate the signed_request from Facebook https://developers.facebook.com/docs/howtos/login/signed-request/
// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
I have been using a file I found on an Amazon forum. This is the thread: https://forums.aws.amazon.com/message.jspa?messageID=147377
It uses a .wsc file, which is just a JScript file that defines a object you can use in your ASP code. Like this:
' ### be sure to have sha256.wsc in the same folder as this script
Dim sha256
Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha256.hexcase = 0
Dim result
result = sha256.b64_hmac_sha256( secretkey, stringtosign )
This is a file which was originally used to sign request to the Amazon API. For reasons I don't understand this included this line of code in .wsc file:
d=d.replace ( /\s/g, "\n");
This converts all whitespace characters, including spaces, to '\n'. Hard to believe that spaces need to be converted to "\n". Anyway, I had to comment out this line to make the code work for me! And it does work. I have been using it for a while without problems.
From the sha256.wsc file:
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
* Adapted into a WSC for use in classic ASP by Daniel O'Malley
* (based on an SHA-1 example by Erik Oosterwaal)
* for use with the Amazon Product Advertising API
*/
Direct link to the sha256.wsc file: https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc
I have been unable to find an official download site.
这篇关于hash_hmac在使用纯传统的ASP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!