堆栈内存溢出
  繁体   English   中英

如何将“十六进制摘要”应用于 Azure API 管理策略中的 HMAC SHA256 哈希值?

[英]How to apply a "Hex Digest" to a HMAC SHA256 hashed value in an Azure API Management policy?

 原文  2022-12-09 09:24:20       c#/ slack-api/ azure-api-management/ hmacsha256

问题描述

我正在尝试按照此处的说明验证来自 Slack 的 API 请求。

概括起来步骤是:

  1. 将请求时间戳与版本和请求正文连接起来。
  2. Hash 上面的字符串用HMAC SHA256,然后是“Hex Digest”这个。
  3. 将上面的签名与 Slack 发送的签名进行比较。

我在这篇文章中应用了以下建议:

string hexaHash = "";
foreach (byte b in my_signature)
{
    hexaHash += String.Format("{0:x2}", b);
}

我期待这样的价值:

'a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503'

当我不应用上面的代码时,我得到的值是这样的:

'KvFZL2TojhYJj6ahS0Z7etDwSn4='

应用该代码时对此进行了哪些更改:

'76303d6f4f31494741457277466e4b32344c6f655172713281ef935fe1fa3d'

我的完整 Azure API 管理策略代码如下:

<inbound>
  <!-- Setting variables from the headers passed by Slack -->
  <set-variable name="timestamp" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Request-Timestamp"))" />
  <set-variable name="slack_signature" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Signature"))" />

  <!-- Set body received from slack as variable -->
  <set-variable name="slack_body" value="@(context.Request.Body.As
    <String>(preserveContent: true))" />
  <set-variable name="slack_signing_secret" value="{{Slack-Signing-Secret}}" />

  <!-- Create concatenation string as per slack documentation -->
  <set-variable name="sig_basestring" value="@{
                    string body = (string)context.Variables.GetValueOrDefault("slack_body");
                    string timestamp = (string)context.Variables.GetValueOrDefault("timestamp");
                    string sig_basestring = "v0:" + timestamp + ":" + body;
                    return sig_basestring;
    }" />
                    
    <!-- Apply HMACSHA256 to concatenated string using slack signing secret as key  -->              
   <set-variable name="my_signature" value="@{
                <!-- Hash-based Message Authentication Code (HMAC) using SHA256 hash -->
                System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes("{{Slack-Signing-Secret}}"));
                return Convert.ToBase64String(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes((string)context.Variables["sig_basestring"])));
     }" />
    
    
   <!-- I'm using this method to send the data back to slack to validate both signatures -->
   <return-response response-variable-name="existing response variable">
      <set-status code="200" reason="OK" />
      <set-header name="Content-Type" exists-action="override">
        <value>application/json</value>
      </set-header>
      <set-body>@{
            string my_signature =  (string)context.Variables["my_signature"];
            string slack_signature = (string)context.Variables["slack_signature"];
            string hexaHash = "";
            <!-- This code is applying the "hex digest" method I found -->
            foreach (byte b in my_signature)
            {
                hexaHash += String.Format("{0:x2}", b);
            }
            my_signature = "v0=" + hexaHash;
            return my_signature + " " + slack_signature;
       }</set-body>
    </return-response>
</inbound>

有什么我可以应用于当前哈希值以获得与 Slack 文档中建议的hexdigest()方法类似的结果吗?

1 个解决方案

解决方案1
 1 已采纳  2022-12-13 11:13:40

使用 Slack 示例值,我设法完成了正确的摘要。 我确信有更优雅的方法来实现删除BitConverter.ToString()生成的“-”字符。

    <inbound>
        <!-- Setting variables from the headers passed by Slack -->
        <set-variable name="timestamp" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Request-Timestamp"))" />
        <set-variable name="slack_signature" value="@(context.Request.Headers.GetValueOrDefault("X-Slack-Signature"))" />
        <!-- Set body received from slack as variable -->
        <set-variable name="slack_body" value="@(context.Request.Body.As
        <String>(preserveContent: true))" />
        <!-- Create concatenation string as per slack documentation -->
        <set-variable name="sig_basestring" value="@{
                        string body = (string)context.Variables.GetValueOrDefault("slack_body");
                        string timestamp = (string)context.Variables.GetValueOrDefault("timestamp");
                        string sig_basestring = "v0:" + timestamp + ":" + body;
                        return sig_basestring;
        }" />
        <!-- Apply HMACSHA256 to concatenated string using slack signing secret as key  -->
        <set-variable name="my_signature" value="@{
                    System.Security.Cryptography.HMACSHA256 hasher = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes("8f742231b10e8888abcd99yyyzzz85a5"));
                    return System.BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes((string)context.Variables["sig_basestring"]))).ToLower().Replace("-", "");
        }" />
    </inbound>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将散列字符串值转换为 SHA256 PHP和C#HMAC SHA256 .NET .1.1中的HMAC SHA256 解密使用SHA256散列的消息 JavaScript中的SHA256哈希密码验证 C# 中的 HMAC SHA256 与 Swift 中的 HMAC SHA256 不匹配 Binance API HMAC SHA256 签名错误 使用 C# Node 中的 C# HMAC Sha256 等效项 将 C# HMAC SHA256 转换为 PHP C#中的HMAC SHA256哈希计算
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM