本文介绍了试图使hmac-sha256与Powershell for Canvas API一起使用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我被任命去做一个过程,在这个过程中,PowerShell脚本需要调用Canvas服务器,以便从中获取数据以用于此问题范围之外的其他用途。



我所做的第一件事是研究Canvas API的实际工作方式。最终,我发现这篇包含了我认为应该了解的所有API知识。该API需要HMAC SHA 256哈希。



为了在PowerShell中制作相同的脚本,我决定对构成哈希的作者代码进行反向工程。



这是我经过稍微编辑的代码(node.js)

  var crypto = require('crypto')
var url = require('url')
var HMAC_ALG ='sha256'
var apiAuth = module.exports = {
buildMessage: function(secret,timestamp,uri){
var urlInfo = url.parse(uri,false);
var query = urlInfo.query吗? urlInfo.query.split(’&’)。sort()。join(’&’):’’;
var parts = [‘GET’,urlInfo.host,‘’,’,urlInfo.pathname,query,timestamp,secret]
console.log(parts);
return parts.join(’\n’);

},
buildHmacSig:function(secret,timestamp,reqOpts,message){
// var message = apiAuth.buildMessage(secret,timestamp,reqOpts);
var hmac = crypto.createHmac(HMAC_ALG,new Buffer(secret))
hmac.update(message)
Console.log(message);
return hmac.digest('base64')
}
}

这是我放入节点js应用程序中的参数

  var canvas = require('[filepath] / new_canvas' ); 
var secret ='mycrazysecret';今天
var = new Date();
var timestamp = today.toUTCString();
var regOpts = mycrazymessage;
var message = canvas.buildMessage(secret,timestamp,regOpts)
var hmac = canvas.buildHmacSig(secret,timestamp,regOpts,message);

此代码的最终代码
'Oexq8 / ulAGxSIQXGDVqoXyqk5x + n9cMrc3avcTW9aZk ='



这是我的PowerShell文件:

 功能缓冲区
{
参数($ string)
$ c = @()

Foreach($ string.toCharArray()中的$ element){$ c + = [System.Convert] :: ToSByte( $ e $}}

return $ c
}

$ message ='GET\n\n\n\nmycrazymessage\n\ nFri,2016年11月18日15:29:52 GMT\nmycrazysecret'
$ secret ='mycrazysecret'
$ hmacsha =新对象System.Security.Cryptography.HMACSHA256
$ hmacsha.key =缓冲区字符串$ secret
$ signature = $ hmacsha.ComputeHash([Text.Encoding] :: UTF8.GetBytes($ message))
$ signature = [Convert] :: ToBase64String($ signature)

echo $ signature

最终结果是 pF92zam81wclnnb8csDsscsSYNQ7it9qLrcJkRTi5rM =



我不知道让产生相同的结果是可能的,但是我的问题是问他们为什么不产生不同的结果? (键也相同)

解决方案

在PowerShell中,默认转义序列使用反引号`。 而不是反斜杠 \



为了使解析器识别转义不仅是反引号字符文字和字母 n 的序列,还应使用可扩展的字符串( 而不是'):

  $ message = GET`n`n`n`nycrazymessage nfri,2016年11月18日15:29:52 GMT`nmycrazysecret 

除此之外,您的HMAC签名过程正确(在更改 $ message 值之后,它会正确输出 Oexq8 / ulAGxSIQXGDVqoXyqk5x + n9cMrc3avcTW9aZk = ) / p>

I was appointed the task of making a process in which a PowerShell script needs to make a call to Canvas servers in order to get data out of it for other uses that are outside the scope of this question.

The first thing I did was research how the Canvas API actually works. I eventually found this post holds everything I think I should know about the API. The API requires an HMAC SHA 256 hash.

I have decided to reverse engineer his the writer's code that makes the hash in order to make the same script in PowerShell.

Here is my slightly edited code (node.js)

var crypto = require('crypto')
var url = require('url')
var HMAC_ALG = 'sha256'
var apiAuth = module.exports = {
  buildMessage: function(secret, timestamp, uri) {
    var urlInfo = url.parse(uri, false);
    var query = urlInfo.query ? urlInfo.query.split('&').sort().join('&') : '';
    var parts = [ 'GET', urlInfo.host, '', '', urlInfo.pathname, query, timestamp, secret ]
    console.log(parts);
    return parts.join('\n');

  },
  buildHmacSig: function(secret, timestamp, reqOpts,message) {
    //var message = apiAuth.buildMessage(secret, timestamp, reqOpts);
    var hmac = crypto.createHmac(HMAC_ALG, new Buffer(secret))
    hmac.update(message)
    Console.log(message);
    return hmac.digest('base64')
  }
}

Here are the parameters that I put in the node js application

var canvas = require('[filepath]/new_canvas');
var secret = 'mycrazysecret';
var today = new Date();
var timestamp= today.toUTCString();
var regOpts = 'mycrazymessage';
var message = canvas.buildMessage(secret, timestamp, regOpts)
var hmac = canvas.buildHmacSig(secret, timestamp, regOpts,message);

the final code it this'Oexq8/ulAGxSIQXGDVqoXyqk5x+n9cMrc3avcTW9aZk='

Here is my PowerShell file:

function buffer
{
   param ($string)
   $c=@()

   Foreach ($element in $string.toCharArray()) {$c+= [System.Convert]::ToSByte($element)}

   return $c
}

$message = 'GET\n\n\n\nmycrazymessage\n\nFri, 18 Nov 2016 15:29:52 GMT\nmycrazysecret'
$secret = 'mycrazysecret'
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = buffer -string $secret
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($message))
$signature = [Convert]::ToBase64String($signature)

echo $signature

The final result is 'pF92zam81wclnnb8csDsscsSYNQ7it9qLrcJkRTi5rM='

I do not know getting the to produce the same results is even possible, but the question I am asking why aren't they producing to different results? (the keys are the same as well)

解决方案

In PowerShell, the default escape sequence uses backticks ` rather than backslash \.

In order for the parser to recognize the escape sequence as not just a backtick character literal and the letter n, use an expandable string (" instead of '):

$message = "GET`n`n`n`nmycrazymessage`n`nFri, 18 Nov 2016 15:29:52 GMT`nmycrazysecret"

Other than that, your HMAC signature procedure is correct (it correctly outputs Oexq8/ulAGxSIQXGDVqoXyqk5x+n9cMrc3avcTW9aZk= after changing the $message value)

这篇关于试图使hmac-sha256与Powershell for Canvas API一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 17:31