Trying to digitally sign via HMAC-SHA1 with PHP

 ̄綄美尐妖づ 提交于 2019-12-20 12:38:55

问题


I'm trying to setup some Google Maps Premier API action, and to do so, I need to sign my URLs to authenticate. If you go down to Signature examples, there is some Python, C# and Java code to show you how to do the signature via HMAC-SHA1. There is also an example so that I can to test my PHP implementation. However, I just can't seem to get it to work.

Here's my code:

$key = "vNIXE0xscrmjlyV-12Nj_BvUPaw=";

$data = "/maps/api/geocode/json?address=New+York&sensor=false&client=clientID";

$my_sign = hash_hmac("sha1", $data, base64_decode($key));
$my_sign = base64_encode($my_sign);

$valid_sign = "KrU1TzVQM7Ur0i8i7K3huiw3MsA=";

When, I run this, I get a signature of:

ZDRlNGMwZjIyMTA1MWM1Zjk0Nzc4M2NkYjlmNDQzNDBkYzk4NDI4Zg==

Which totally doesn't match.

Things I have thought about:

  1. The key is in Modified URL encoded format, so changing - and _ to + and / also doesn't work
  2. The Python example code does indeed work, so this is a valid example.
  3. Completely rewriting our code-base in python instead of PHP (I inherited it).

回答1:


You have 2 problems at least,

  1. The Google uses special URL-safe Base64. Normal base64_decode doesn't work.
  2. You need to generate the SHA1 in binary.

Try this,

$key = "vNIXE0xscrmjlyV-12Nj_BvUPaw=";
$data = "/maps/api/geocode/json?address=New+York&sensor=false&client=clientID";
$my_sign = hash_hmac("sha1", $data, base64_decode(strtr($key, '-_', '+/')), true);
$my_sign = strtr(base64_encode($my_sign), '+/', '-_');



回答2:


A php example is available at http://gmaps-samples.googlecode.com/svn/trunk/urlsigning/UrlSigner.php-source




回答3:


I assume your trying to sign the url for OAuth?

Try out this library: http://code.google.com/p/oauth/



来源:https://stackoverflow.com/questions/3125410/trying-to-digitally-sign-via-hmac-sha1-with-php

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!