JWT使用HMACSHA256验证签名并显示Swift的“无效签名”

时间:2019-05-20 03:37:12

标签: ios swift jwt sha256 hmac

我对JWT有疑问。
我尝试创建自己的签名,并使用硬代码密钥“ hello1234567890987654321test1234”。
然后,我使用函数创建签名并发布到https://jwt.io/进行解码。
然后这个网站向我展示“无效签名”。
我的HMACSHA256函数有什么问题?
我在Webside中找到了“-”,“ _”,并在我的输出签名中转换了“ +”,“ /”。
如何修复我的输出签名?
这个签名正确吗?

我还找到了两种在Google中搜索的HMACSHA256方法。我不知道哪个更好。
请给我一些选择的建议。
谢谢。

图片: Question Image.

方法1:

enum CryptoAlgorithm {
    case MD5, SHA1, SHA224, SHA256, SHA384, SHA512
    var HMACAlgorithm: CCHmacAlgorithm {
        var result: Int = 0
        switch self {
        case .MD5:      result = kCCHmacAlgMD5
        case .SHA1:     result = kCCHmacAlgSHA1
        case .SHA224:   result = kCCHmacAlgSHA224
        case .SHA256:   result = kCCHmacAlgSHA256
        case .SHA384:   result = kCCHmacAlgSHA384
        case .SHA512:   result = kCCHmacAlgSHA512
        }
        return CCHmacAlgorithm(result)
    }
    var digestLength: Int {
        var result: Int32 = 0
        switch self {
        case .MD5:      result = CC_MD5_DIGEST_LENGTH
        case .SHA1:     result = CC_SHA1_DIGEST_LENGTH
        case .SHA224:   result = CC_SHA224_DIGEST_LENGTH
        case .SHA256:   result = CC_SHA256_DIGEST_LENGTH
        case .SHA384:   result = CC_SHA384_DIGEST_LENGTH
        case .SHA512:   result = CC_SHA512_DIGEST_LENGTH
        }
        return Int(result)
    }
}

extension String {
    func hmac1(algorithm: CryptoAlgorithm, key: String) -> String {
        var result: [CUnsignedChar]
        if let ckey = key.cString(using: String.Encoding.utf8), let cdata = self.cString(using: String.Encoding.utf8) {
            result = Array(repeating: 0, count: Int(algorithm.digestLength))
            CCHmac(algorithm.HMACAlgorithm, ckey, ckey.count-1, cdata, cdata.count-1, &result)
        } else {
            fatalError("Nil returned when processing input strings as UTF8")
        }

        return Data(bytes: result, count: result.count).base64EncodedString()
    }
}

方法2:

enum HMACAlgorithm {
    case MD5, SHA1, SHA224, SHA256, SHA384, SHA512

    func toCCHmacAlgorithm() -> CCHmacAlgorithm {
        var result: Int = 0
        switch self {
        case .MD5:
            result = kCCHmacAlgMD5
        case .SHA1:
            result = kCCHmacAlgSHA1
        case .SHA224:
            result = kCCHmacAlgSHA224
        case .SHA256:
            result = kCCHmacAlgSHA256
        case .SHA384:
            result = kCCHmacAlgSHA384
        case .SHA512:
            result = kCCHmacAlgSHA512
        }
        return CCHmacAlgorithm(result)
    }

    func digestLength() -> Int {
        var result: CInt = 0
        switch self {
        case .MD5:
            result = CC_MD5_DIGEST_LENGTH
        case .SHA1:
            result = CC_SHA1_DIGEST_LENGTH
        case .SHA224:
            result = CC_SHA224_DIGEST_LENGTH
        case .SHA256:
            result = CC_SHA256_DIGEST_LENGTH
        case .SHA384:
            result = CC_SHA384_DIGEST_LENGTH
        case .SHA512:
            result = CC_SHA512_DIGEST_LENGTH
        }
        return Int(result)
    }
}

extension String {
    func hmac2(algorithm: HMACAlgorithm, key: String) -> String {
        let cKey = key.cString(using: String.Encoding.utf8)
        let cData = self.cString(using: String.Encoding.utf8)
        var result = [CUnsignedChar](repeating: 0, count: Int(algorithm.digestLength()))
        CCHmac(algorithm.toCCHmacAlgorithm(), cKey!, strlen(cKey!), cData!, strlen(cData!), &result)
        let hmacData:NSData = NSData(bytes: result, length: (Int(algorithm.digestLength())))
        let hmacBase64 = hmacData.base64EncodedString(options: .lineLength76Characters)
        return String(hmacBase64)
    }
}

用法:

class ViewController: UIViewController {

    override func viewDidLoad() {
        super.viewDidLoad()

        let headerString: String = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
        let payloadString: String = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ"
        let totalString: String = headerString + "." + payloadString

        let signature1 = totalString.hmac1(algorithm: .SHA256, key: "hello1234567890987654321test1234")
        let signature2 = totalString.hmac2(algorithm: .SHA256, key: "hello1234567890987654321test1234")

        print("signature1 : \(signature1)") // signature1 : L9YSDasvO2B5i8FZUczC+MAtSsTuM0Dj+FEpfn6uoRs=
        print("signature2 : \(signature2)") // signature2 : L9YSDasvO2B5i8FZUczC+MAtSsTuM0Dj+FEpfn6uoRs=

    }
}

1 个答案:

答案 0 :(得分:1)

问题是编码。 JWT uses base64url encoding

  

JWT表示为URL安全部分的序列,由      句点(。)。每个部分都包含一个以base64url编码的      值。

,但是您在签名中使用base64编码,如代码示例所示。

base64url encoding与base64编码之间的区别在于,正常base64输出中的字符'+'和'/'将被替换为'-'和'_'以及尾随的'='(填充)将被省略。

您说:

  

然后我在Webside中找到了“-”,“ _”,并在我的输出签名中转换了“ +”,“ /”。

使用'-'和'_'代替'+'和'/',您将获得正确的输出。

当您拥有这样的base64url编码签名

  。

签名将得到验证。

相关问题
最新问题