验证 Sinch 短信回调

Question

我正在尝试在 Python 中重现 https://www.sinch.com/using-rest/#callbackrequestsigning 的示例。

我可以使用以下方法复制“CONTENT-MD5”：

>>import hasblib
>>import base64 
>>m='{"event":"ace","callid":"822aa4b7-05b4-4d83-87c7-1f835ee0b6f6_257","timestamp":"2014-09-24T10:59:41Z","version":1}' 
>>base64.b64encode(hashlib.md5(m.encode('utf-8')).digest())
b'REWF+X220L4/Gw1spXOU7g=='

但我无法使用以下方法重现签名：

>>>secret ="BeIukql3pTKJ8RGL5zo0DA==".encode('utf-8')
>>>message = 'POST\nREWF+X220L4/Gw1spXOU7g==\napplication/json\nx-timestamp:2014-09-24T10:59:41Z\n/sinch/callback/ace'.encode('utf-8')
>>>base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())        
b'xLX5N1DejHHma4NwS7IQ40W3041JQeOiFBgE4IhLlkg='

根据网站，签名应该是Tg6fMyo8mj9pYfWQ9ssbx3Tc1BNC87IEygAfLbJqZb4

有什么想法吗？

Answer 1

原来秘密是base64编码的，所以我们必须在使用前先对其进行解码。以下作品：

>>>secret = base64.b64decode("BeIukql3pTKJ8RGL5zo0DA==")
>>>message = 'POST\nREWF+X220L4/Gw1spXOU7g==\napplication/json\nx-timestamp:2014-09-24T10:59:41Z\n/sinch/callback/ace'.encode('utf-8')
>>>base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
b'Tg6fMyo8mj9pYfWQ9ssbx3Tc1BNC87IEygAfLbJqZb4='