php - 在 ColdFusion 中从 Microsoft Teams 自定义 Bot 验证 HMAC
问题描述
我正在尝试按照 C# 中的 Microsoft 说明使用 ColdFusion 对 Microsoft Teams 自定义 Bot 进行身份验证。我也尝试按照这个 PHP 示例进行操作。但我没有任何运气。知道我在这里缺少什么吗?
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset httpRequestData = GetHttpRequestData()>
<cfset c = httpRequestData.content>
<cfset calculated_hmac = toBase64(hmac(c, secretKey, "HMACSHA256"))>
我得到这个...
calculated_hmac: NjE2RUY1RjREQTNEMzk1Q0RBNUJDMEE2NDhFNzk3RDIyNUMzRDJDMjk5NTYzMDgxODk0NkU3Njc3RTVEQTAyQQ==
虽然来自 Microsoft 的 headers.authorization 是这样的......
HMAC 6N0WyOW7g+LqShKYsouWOrPjgh0PD1gazfwNeNwpuS8=
对于这个具体的例子GetHttpRequestData().content是...
{"type":"message","id":"1552059974228","timestamp":"2019-03-08T15:46:14.225Z","localTimestamp":"2019-03-08T09:46:14.225-06 :00","serviceUrl":" https://smba.trafficmanager.net/amer/","channelId":"msteams","from":{"id":"29:1lY_4faAJwr1qSsIBSpFnI3nYpy3wv5hLp5qZk1_uuc_3ET_aW1Ttu_vN-evUZ0TXVKIBoy8wEBzPT7a1WgwOTQ","name":"Gordon Frobenius","aadObjectId":"be3510a6-204d-4b3f-b6c3-52bbddb303d5 "},"conversation":{"isGroup":true,"id":"19:a69ef3b3162a43018edb05db74138636@thread.skype;messageid=1552059031619","name":null,"conversationType":"channel"},"recipient" :null,"textFormat":"plain","attachmentLayout":null,"membersAdded":[],"membersRemoved":[],"topicName":null,"historyDisclosed":null,"locale":"en- US","text":"cmpro 机器人帮助\n","speak":null,"inputHint":null,"summary":null,"suggestedActions":null,"attachments":[{"contentType":"text/html","contentUrl":null,"content":"http://schema .skype.com/Mention\" itemid=\"0\">cmpro 机器人帮助\n","name":null,"thumbnailUrl":null}],"entities":[{"type":"clientInfo" ,"locale":"en-US","country":"US","platform":"Windows"}],"channelData":{"teamsChannelId":"19:a69ef3b3162a43018edb05db74138636@thread.skype","teamsTeamId ":"19:a69ef3b3162a43018edb05db74138636@thread.skype","channel":{"id":"19:a69ef3b3162a43018edb05db74138636@thread.skype"},"team":{"id":"19:a69ef3b3162a43018edb05db74138636@thread.skype"},"租户":{"id":"0d78b7c2-75c2-4dad-966d-500250225e13"}},"action":null,"replyToId":null,"值":null,"name":null,"relatesTo":null,"code":null}
解决方案
(注意,我无法重现那个“calculated_hmac”,因为示例“content”字符串必须在某种程度上与原始字符串不同 - 可能只是空格,但这足以完全改变结果......)。
无论如何,根据说明,我猜主要问题是在散列中使用字符串而不是二进制:
- 从消息的请求正文生成 hmac.... 您需要将正文转换为 UTF8 格式的字节数组。
- 若要计算哈希,请提供Microsoft Teams 在您注册传出 webhook 时提供的安全令牌的字节数组。
首先尝试将正文解码为二进制
<cfset bodyBinary = charsetDecode(GetHttpRequestData().content, "utf-8")>
对密钥执行相同操作
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset secretBinary = binaryDecode(secretKey, "base64")>
最后,不要忘记 HMAC() 返回一个十六进制字符串。如果你需要base64,你必须自己动手:
<cfset hexHash = hmac(bodyBinary, secretBinary, "HMACSHA256")>
<cfset calculated_hmac = binaryEncode(binaryDecode(hexHash, "hex"), "base64")>
推荐阅读
- python - GridSearchCV scikit-learn:TypeError LogisticRegression...不实现“get_params”方法
- excel - 对于每个循环通过 Range,.Columns() 数字似乎发生了变化?
- php - 合并一个 Laravel 集合数组,并添加新的属性/属性
- matlab - 如何从循环中打印值并查看它们如何在 matlab 的函数中使用?
- java - 使用 sqliteDB 将数据添加到片段中的 textview
- r - 使用 ggplot2 在 R 的每个方面添加计算文本?
- go - 如何从 Golang 中的文件中读取确切的行
- python - BeautifulSoup 返回无,但元素存在
- c++ - lambda 如何在下面代码中说明的情况下具体工作
- flutter - 如何在flutter中正确实现ModalRoute?