通过ColdFusion中的Microsoft Teams自定义Bot验证HMAC

时间:2019-03-08 15:56:02

标签: php coldfusion chatbot hmac microsoft-teams

我正在尝试使用ColdFusion following the Microsoft instructions in C#对Microsoft Teams自定义Bot进行身份验证。我也尝试遵循this PHP example。但是我没有运气。知道我在这里缺少什么吗?

<cfset secretKey       = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset httpRequestData = GetHttpRequestData()>
<cfset c               = httpRequestData.content>
<cfset calculated_hmac = toBase64(hmac(c, secretKey, "HMACSHA256"))>

我得到了... 

calculated_hmac: NjE2RUY1RjREQTNEMzk1Q0RBNUJDMEE2NDhFNzk3RDIyNUMzRDJDMjk5NTYzMDgxODk0NkU3Njc3RTVEQTAyQQ==

这是来自Microsoft的headers.authorization ... 

HMAC 6N0WyOW7g+LqShKYsouWOrPjgh0PD1gazfwNeNwpuS8=

对于此特定示例,GetHttpRequestData().content是...

  

{“ type”:“消息”,“ id”:“ 1552059974228”,“ timestamp”:“ 2019-03-08T15:46:14.225Z”,“ localTimestamp”:“ 2019-03-08T09:46: 14.225-06:00“,” serviceUrl“:” https://smba.trafficmanager.net/amer/“,” channelId“:” msteams“,”来自“:{” id“:” 29:1lY_4faAJwr1qSsIBSpFnI3nYpy3wv5hLp5qZk1_uuc_3ET_aW1Ttu_vN-PTUZTX“ 1”   Frobenius“,” aadObjectId“:” be3510a6-204d-4b3f-b6c3-52bbddb303d5“},”对话“:{” isGroup“:true,” id“:” 19:a69ef3b3162a43018edb05db74138636@thread.skype; messageid = 1552059031619“,名称“:null,” conversationType“:”频道“},”收件人“:null,” textFormat“:”普通“,” attachmentLayout“:null,”成员添加“:[],”已删除成员“:[],” topicName “:null,” historyDisclosed“:null,” locale“:” en-US“,” text“:” cmpro   bot help \ n“,” speak“:null,” inputHint“:null,” summary“:null,” suggestedActions“:null,” attachments“:[{” contentType“:” text / html“,” contentUrl“: null,“ content”:“ http://schema.skype.com/Mention \”   itemid = \“ 0 \”> cmpro   bot help \ n“,” name“:null,” thumbnailUrl“:null}],” entities“:[{” type“:” clientInfo“,” locale“:” en-US“,” country“:” US “,” platform“:” Windows“}]],” channelData“:{” teamsChannelId“:” 19:a69ef3b3162a43018edb05db74138636@thread.skype“,” teamsTeamId“:” 19:a69ef3b3162a43018edb05db74138636@thread.skype“,” channel“:{ “ id”:“ 19:a69ef3b3162a43018edb05db74138636@thread.skype”},“ team”:{“ id”:“ 19:a69ef3b3162a43018edb05db74138636@thread.skype”},“ tenant”:{“ id”:“ 0d78b7c2-75c2-4dadad -966d-500250225e13“}},” action“:null,” replyToId“:null,” value“:null,” name“:null,” relatesTo“:null,” code“:null}

1 个答案:

答案 0 :(得分:3)

(请注意,我无法复制该“ calculated_hmac”,因为样本“ content”字符串必须与原始字符串有所不同-可能只是空白,但这足以完全改变结果...)。

无论如何,基于the instructions,我想主要问题是在哈希中使用字符串而不是二进制:

  
      
  1. 从消息的请求主体生成hmac。...您将需要将主体转换为UTF8中的字节数组。
    2.   
  2. 要计算哈希,请提供Microsoft团队在注册外发Webhook时提供的安全令牌的字节数组
    3.   

首先尝试将主体解码为二进制

<cfset bodyBinary = charsetDecode(GetHttpRequestData().content, "utf-8")>

对密钥进行相同的操作

<cfset secretKey  = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset secretBinary = binaryDecode(secretKey, "base64")>

最后,请不要忘记HMAC()返回十六进制字符串。如果需要base64,则必须DIY:

<cfset hexHash = hmac(bodyBinary, secretBinary, "HMACSHA256")>
<cfset calculated_hmac = binaryEncode(binaryDecode(hexHash, "hex"), "base64")>
相关问题
最新问题