问题
I'm having trouble generating the "right" authentication string to use when sending a message to Pusher via curl
Here's my script, the secret bits cut out of course:
#!/bin/bash
key="my_key"
secret="my_secret"
appID="my_app_id"
timestamp=`date +%s`
data='{"name":"say_stuff","channel":"test","data":"{\"message\":\"oh_yeah\"}"}'
md5data=`echo "$data" | md5`
authSig=`echo 'POST\n/apps/"$appID"/events\nauth_key="$key"&auth_timestamp="$timestamp"&auth_version=1.0&body_md5="$md5data"' | openssl dgst -sha256 -hex -hmac "$secret"`
curl -H "Content-Type:application/json" -d "$data" "http://api.pusherapp.com/apps/$appID/events?body_md5=$md5data&auth_version=1.0&auth_key=$key&auth_timestamp=$timestamp&auth_signature=$authSig"
The authSig is certainly generated, and looks like valid HmacSHA256Hex
However, when it runs the curl command, I get this response:
Invalid signature: you should have sent HmacSHA256Hex("POST\n/apps/$appID/events\nauth_key=$key&auth_timestamp=1432086733&auth_version=1.0&body_md5=e5997a811232ffae050be74242254ceb", your_secret_key), but you sent "55029a5e2d1058b352b5c22709e7fb9cb0c6f147846ed09dbc6bcaf6a7a804c7"
Is it possible that the openssl utility on my machine (Mac OS X 10.10) is somehow different than Pusher's?
Here's something funny I've noticed now. If you go here:
https://pusher.com/docs/rest_api
And scroll down to "Worked authentication example" you'll be able to follow along with an example.
I've tried generating the signature using the example by running:
echo 'POST\n/apps/3/events\nauth_key=278d425bdf160c739803&auth_timestamp=1353088179&auth_version=1.0&body_md5=ec365a775a4cd0599faeb73354201b6f' | openssl dgst -sha256 -hex -hmac 7ad3773142a6692b25b8
and I get
aa368756587116f3997427fe1b315ed0e2f2faa555066e565a25cfe6f47c9396
as opposed to their example which results in
da454824c97ba181a32ccc17a72625ba02771f50b50e1e7430e47a1f3f457e6c
回答1:
Try the following:
#!/bin/bash
key="my_key"
secret="my_secret"
appID="my_app_id"
timestamp=$(date +%s)
data='{"name":"say_stuff","channel":"test","data":"{\"message\":\"oh_yeah\"}"}'
# Be sure to use `printf %s` to prevent a trailing \n from being added to the data.
md5data=$(printf '%s' "$data" | md5)
path="/apps/${appID}/events"
queryString="auth_key=${key}&auth_timestamp=${timestamp}&auth_version=1.0&body_md5=${md5data}"
# Be sure to use a multi-line, double quoted string that doesn't end in \n as
# input for the SHA-256 HMAC.
authSig=$(printf '%s' "POST
$path
$queryString" | openssl dgst -sha256 -hex -hmac "$secret")
curl -H "Content-Type:application/json" -d "$data" "http://api.pusherapp.com${path}?${queryString}&auth_signature=${authSig}"
There were several problems with your code:
- By using
echoyou appended a trailing newline to the input fed tomd5andopenssl, which altered the data. - The
\nsequences in the string to pass toopensslare meant to represent actual newlines, whereas you used them as literals.
Also, I've de-duplicated the code, used ${name} variable references (names enclosed in curly braces) for better visual clarity,
and I've also fixed the double-quoting problems.
Regarding the sample hash from the website: again, your problems were using echo and not expanding the embedded \n sequences to actual newlines; the following shell command does give the correct result:
# Expand the '\n' sequences to newlines using an ANSI C-quoted string
# ($'...')
s=$'POST\n/apps/3/events\nauth_key=278d425bdf160c739803&auth_timestamp=1353088179&auth_version=1.0&body_md5=ec365a775a4cd0599faeb73354201b6f'
# Pass to openssl using `printf %s`.
printf %s "$s" | openssl dgst -sha256 -hex -hmac 7ad3773142a6692b25b8
来源:https://stackoverflow.com/questions/30339045/how-to-generate-pusher-authentication-string-from-bash