我想知道,有没有办法hash_hmac("sha256", $token, $signkey, true)在经典ASP中实现(php)?
我需要它来验证来自Facebook的signed_request https://developers.facebook.com/docs/howtos/login/signed-request/
// Adding the verification of the signed_request below
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
我一直在使用我在亚马逊论坛上找到的文件.这是主题:https: //forums.aws.amazon.com/message.jspa?messageID = 147377
它使用.wsc文件,它只是一个JScript文件,用于定义可在ASP代码中使用的对象.像这样:
' ### be sure to have sha256.wsc in the same folder as this script
Dim sha256
Set sha256 = GetObject( "script:" & Server.MapPath("sha256.wsc") )
sha256.hexcase = 0
Dim result
result = sha256.b64_hmac_sha256( secretkey, stringtosign )
这是一个最初用于签署Amazon API请求的文件.由于我不明白的原因,这包括.wsc文件中的这行代码:
d=d.replace ( /\s/g, "\n");
这会将所有空白字符(包括空格)转换为'\n'.很难相信空间需要转换为"\n".无论如何,我不得不注释掉这一行,以使代码适合我!它确实有效.我已经使用它一段时间没有问题.
从sha256.wsc文件:
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
* Adapted into a WSC for use in classic ASP by Daniel O'Malley
* (based on an SHA-1 example by Erik Oosterwaal)
* for use with the Amazon Product Advertising API
*/
直接链接到sha256.wsc文件:https://forums.aws.amazon.com/servlet/JiveServlet/download/9-34858-139271-2601/sha256.wsc
我一直无法找到官方下载网站.
| 归档时间: |
|
| 查看次数: |
5706 次 |
| 最近记录: |