我正在尝试使用ColdFusion验证Microsoft Teams自定义机器人,遵循C#中的Microsoft说明。我也尝试遵循这个PHP示例。但我没有任何运气。知道我在这里错过了什么吗?
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset httpRequestData = GetHttpRequestData()>
<cfset c = httpRequestData.content>
<cfset calculated_hmac = toBase64(hmac(c, secretKey, "HMACSHA256"))>
我得到了这个…
calculated_hmac: NjE2RUY1RjREQTNEMzk1Q0RBNUJDMEE2NDhFNzk3RDIyNUMzRDJDMjk5NTYzMDgxODk0NkU3Njc3RTVEQTAyQQ==
虽然来自Microsoft的header.授权是这样的…
HMAC 6N0WyOW7g+LqShKYsouWOrPjgh0PD1gazfwNeNwpuS8=
对于这个特定示例,GetHttpRequest estData(). content是…
{"类型":"消息","id":"1552059974228","时间戳":"2019-03-08T15:46:14.225Z","localTimestamp":"2019-03-08T09:46:14.225-06:00","serviceUrl":"https://smba.trafficmanager.net/amer/","channelId":"msteams","from":{"id":"29:1lY_4faAJwr1qSsIBSpFnI3nYpy3wv5hLp5qZk1_uuc_3ET_aW1Ttu_vN-evUZ0TXVKIBoy8wEBzPT7a1WgwOTQ","name":"Gordon Frobenius","aadObjectId":"be3510a6-204d-4b3f-b6c3-52bbddb303d5"},"对话":{"isGroup":true,"id":"19:a69ef3b3162a43018edb05db74138636@thread.skype;Messageid=1552059031619","name":null,"会话类型":"通道"},"收件人":null,"text Format":"普通","att
(注意,我无法重现那个“calculated_hmac”,因为示例“内容”字符串必须在某种程度上与原始字符串不同——可能只是空白,但这足以完全改变结果…)。
无论如何,根据说明,我猜主要问题是在散列中使用字符串而不是二进制:
先试试把身体解码成二进制
<cfset bodyBinary = charsetDecode(GetHttpRequestData().content, "utf-8")>
用秘密钥匙做同样的事
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset secretBinary = binaryDecode(secretKey, "base64")>
最后,不要忘记HMAC()返回一个十六进制字符串。如果你需要base64,你必须DIY:
<cfset hexHash = hmac(bodyBinary, secretBinary, "HMACSHA256")>
<cfset calculated_hmac = binaryEncode(binaryDecode(hexHash, "hex"), "base64")>
