我正在尝试使用ColdFusion,following the Microsoft instructions in C#验证Microsoft Teams自定义Bot。我也试过跟随this PHP example。但我没有运气。知道我在这里缺少什么吗?
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset httpRequestData = GetHttpRequestData()>
<cfset c = httpRequestData.content>
<cfset calculated_hmac = toBase64(hmac(c, secretKey, "HMACSHA256"))>
我得到了......
calculated_hmac: NjE2RUY1RjREQTNEMzk1Q0RBNUJDMEE2NDhFNzk3RDIyNUMzRDJDMjk5NTYzMDgxODk0NkU3Njc3RTVEQTAyQQ==
虽然Microsoft的headers.authorization是这样的...
HMAC 6N0WyOW7g+LqShKYsouWOrPjgh0PD1gazfwNeNwpuS8=
对于这个具体的例子,GetHttpRequestData().content是......
{ “类型”: “消息”, “ID”: “1552059974228”, “时间戳”: “2019-03-08T15:46:14.225Z”, “LOCALTIMESTAMP”:“2019-03-08T09:46:14.225-06 :00“,”serviceUrl“:”https://smba.trafficmanager.net/amer/“,”channelId“:”msteams“,”from“:{”id“:”29:1lY_4faAJwr1qSsIBSpFnI3nYpy3wv5hLp5qZk1_uuc_3ET_aW1Ttu_vN-evUZ0TXVKIBoy8wEBzPT7a1WgwOTQ“,”name“:”Gordon Frobenius“,”aadObjectId“: “be3510a6-204d-4b3f-b6c3-52bbddb303d5”}, “会话”:{ “isGroup”:真, “ID”: “19:[email protected];邮件ID = 1552059031619”, “姓名”:NULL,“conversationType “:” 信道 “},” 收件人 “:空” 的textFormat “:” 普通”, “attachmentLayout”:NULL, “membersAdded”:[], “membersRemoved”:[], “topicName”:NULL, “historyDisclosed” :null,“locale”:“en-US”,“text”:“cmpro bot help \ n”,“speak”:null,“inputHint”:null,“summary”:null,“suggestedActions”:null,“附件“:[{”contentType“:”text / html“,”contentUrl“:null,”content“:”http://schema.skype.com/Mention \“itemid = \”0 \“> cmpro bot help \ n “ ”名“:空, ”thumbnailUrl“:空}], ”实体“:[{ ”类型“: ”ClientInfo客户端“, ”现场“: ”EN-US“, ”国“:” U S”, “平台”: “视窗”}], “channelData”:{ “teamsChannelId”: “19:[email protected]”, “teamsTeamId”: “19:[email protected]”, “信道”: { “ID”: “19:[email protected]”}, “团队”:{ “ID”: “19:[email protected]”}, “租客”:{ “ID”:“0d78b7c2-75c2- 4dad-966D-500250225e13 “},” 行动 “:空,” replyToId “:空,” 值 “:空,” 名 “:空,” relatesTo “:空”,代码“:空}
(注意,我无法重现那个“calculated_hmac”,因为样本“内容”字符串必须在某种程度上与原始字符串不同 - 可能只是空格,但这足以完全改变结果......)。
无论如何,基于the instructions,我猜主要问题是在散列中使用字符串而不是二进制:
- 从消息的请求主体生成hmac ....您需要将主体转换为UTF8中的字节数组。
- 要计算哈希值,请在注册外发webhook时提供Microsoft Teams提供的安全令牌的字节数组。
首先尝试将主体解码为二进制
<cfset bodyBinary = charsetDecode(GetHttpRequestData().content, "utf-8")>
使用密钥执行相同操作
<cfset secretKey = "MsVx7SpJKnSiycvsUyLMiD8lDIFkEUDhuYuFAT94hXY=">
<cfset secretBinary = binaryDecode(secretKey, "base64")>
最后,不要忘记HMAC()返回一个十六进制字符串。如果你需要base64,你必须DIY:
<cfset hexHash = hmac(bodyBinary, secretBinary, "HMACSHA256")>
<cfset calculated_hmac = binaryEncode(binaryDecode(hexHash, "hex"), "base64")>