I need to build an authorization hash from this line:
kki98hkl-u5d0-w96i-62dp-xpmr6xlvfnjz:20151110171858:b2c13532-3416-47d9-8592-a541c208f755:hKSeRD98BHngrNa51Q2IgAXtoZ8oYebgY4vQHEYjlmzN9KSbAVTRvQkUPsjOGu4F
This secret is used for the HMAC hash function:
LRH9CAkNs-zoU3hxHbrtY0CUUcmqzibPeN7x6-vwNWQ=
I want to generate an authorization hash:
P-WgZ8CqV51aI-3TncZj5CpSZh98PjZTYxrvxkmQYmI=
There are some things to take care of:
- The signature must be constructed using the HMAC-SHA-256, as specified in RFC 2104 .
- The signature must be encoded with Base64 URL-compliant, as specified in RFC 4648 Section 5 (Safe Alphabet).
There is also some pseudo code to generate:
Signatur(Request) = new String(encodeBase64URLCompatible(HMAC-SHA-256(getBytes(Z, "UTF-8"), decodeBase64URLCompatible(getBytes(S, "UTF-8")))), "UTF-8")
I tried different things in PHP, but have not yet found the right algorithm. This is the code I have now:
if(!function_exists('base64url_encode')){
function base64url_encode($data) {
$data = str_replace(array('+', '/'), array('-', '_'), base64_encode($data));
return $data;
}
}
$str = "kki98hkl-u5d0-w96i-62dp-xpmr6xlvfnjz:20151110171858:b2c13532-3416-47d9-8592-a541c208f755:hKSeRD98BHngrNa51Q2IgAXtoZ8oYebgY4vQHEYjlmzN9KSbAVTRvQkUPsjOGu4F";
$sec = "LRH9CAkNs-zoU3hxHbrtY0CUUcmqzibPeN7x6-vwNWQ=";
$signature = mhash(MHASH_SHA256, $str, $sec);
$signature = base64url_encode($signature);
if($signature != "P-WgZ8CqV51aI-3TncZj5CpSZh98PjZTYxrvxkmQYmI=")
echo "wrong: $signature";
else
echo "correct";
He gives this signature:
K9lw3V-k5gOedmVwmO5vC7cOn82JSEXsNguozCAOU2c=
As you can see, 44 characters is correct. Please help me find the error, this simple problem takes me hours, and there is no solution.