[英]How to apply a "Hex Digest" to a HMAC SHA256 hashed value in an Azure API Management policy?
我正在尝试按照此处的说明验证来自 Slack 的 API 请求。
概括起来步骤是:
我在这篇文章中应用了以下建议:
string hexaHash = "";
foreach (byte b in my_signature)
{
hexaHash += String.Format("{0:x2}", b);
}
我期待这样的价值:
'a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503'
当我不应用上面的代码时,我得到的值是这样的:
'KvFZL2TojhYJj6ahS0Z7etDwSn4='
应用该代码时对此进行了哪些更改:
'76303d6f4f31494741457277466e4b32344c6f655172713281ef935fe1fa3d'
我的完整 Azure API 管理策略代码如下:
<inbound>
<!-- Setting variables from the headers passed by Slack -->
<set-variable name="timestamp" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Request-Timestamp"))" />
<set-variable name="slack_signature" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Signature"))" />
<!-- Set body received from slack as variable -->
<set-variable name="slack_body" value="@(context.Request.Body.As
<String>(preserveContent: true))" />
<set-variable name="slack_signing_secret" value="{{Slack-Signing-Secret}}" />
<!-- Create concatenation string as per slack documentation -->
<set-variable name="sig_basestring" value="@{
string body = (string)context.Variables.GetValueOrDefault("slack_body");
string timestamp = (string)context.Variables.GetValueOrDefault("timestamp");
string sig_basestring = "v0:" + timestamp + ":" + body;
return sig_basestring;
}" />
<!-- Apply HMACSHA256 to concatenated string using slack signing secret as key -->
<set-variable name="my_signature" value="@{
<!-- Hash-based Message Authentication Code (HMAC) using SHA256 hash -->
System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes("{{Slack-Signing-Secret}}"));
return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes((string)context.Variables["sig_basestring"])));
}" />
<!-- I'm using this method to send the data back to slack to validate both signatures -->
<return-response response-variable-name="existing response variable">
<set-status code="200" reason="OK" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>@{
string my_signature = (string)context.Variables["my_signature"];
string slack_signature = (string)context.Variables["slack_signature"];
string hexaHash = "";
<!-- This code is applying the "hex digest" method I found -->
foreach (byte b in my_signature)
{
hexaHash += String.Format("{0:x2}", b);
}
my_signature = "v0=" + hexaHash;
return my_signature + " " + slack_signature;
}</set-body>
</return-response>
</inbound>
有什么我可以应用于当前哈希值以获得与 Slack 文档中建议的hexdigest()
方法类似的结果吗?
使用 Slack 示例值,我设法完成了正确的摘要。 我确信有更优雅的方法来实现删除BitConverter.ToString()
生成的“-”字符。
<inbound>
<!-- Setting variables from the headers passed by Slack -->
<set-variable name="timestamp" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Request-Timestamp"))" />
<set-variable name="slack_signature" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Signature"))" />
<!-- Set body received from slack as variable -->
<set-variable name="slack_body" value="@(context.Request.Body.As
<String>(preserveContent: true))" />
<!-- Create concatenation string as per slack documentation -->
<set-variable name="sig_basestring" value="@{
string body = (string)context.Variables.GetValueOrDefault("slack_body");
string timestamp = (string)context.Variables.GetValueOrDefault("timestamp");
string sig_basestring = "v0:" + timestamp + ":" + body;
return sig_basestring;
}" />
<!-- Apply HMACSHA256 to concatenated string using slack signing secret as key -->
<set-variable name="my_signature" value="@{
System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes("8f742231b10e8888abcd99yyyzzz85a5"));
return System.BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes((string)context.Variables["sig_basestring"]))).ToLower().Replace("-", "");
}" />
</inbound>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.