Facebook实时更新:在Java中验证X-Hub-Signature SHA1签名
[英]Facebook Real-time Update: Validating X-Hub-Signature SHA1 signature in Java
问题描述
When Facebook sends real-time updates, they include a X-Hub-Signature in the HTTP header. 
当Facebook发送实时更新时,它们在HTTP标头中包含X-Hub-Signature。 According to their documentation , they're using SHA1 and the application secret as the key. 根据他们的文档 ,他们使用SHA1和应用程序密钥作为密钥。
Based on a similar question for C# I tried to verify the signature like this ('body' is the message sent by facebook in the body of the request): 根据C#的类似问题 ,我尝试验证这样的签名('body'是facebook在请求正文中发送的消息):
String passedSignature = req.getHeader("X-Hub-Signature").substring(5);
Mac hmac = Mac.getInstance("HmacSHA1");
hmac.init(new SecretKeySpec(FACEBOOK_SECRET.getBytes(Charset.forName("UTF-8")), "HmacSHA1"));
String calculatedSignature = Hex.encodeHexString(hmac.doFinal(body.getBytes(Charset.forName("UTF-8"))));
logger.debug("Calculated sigSHA1: " + calculatedSignature + " passedSignature: " + passedSignature);
But the passedSignature is always different from the calculatedSignature. 但passSignature总是与calculatedSignature不同。
Anybody can help solving the problem? 有人可以帮忙解决问题吗?
1 个解决方案
解决方案1
12 已采纳 2013-06-21 12:52:32
Turns out the code is correct, I was using the wrong key :-/ 原来代码是正确的,我使用了错误的密钥: - /
Anyway I hope this could help somebody else. 无论如何,我希望这可以帮助别人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.