English 中文(简体)
SHA-512 在冷冻区预留字节阵列中hashing a byte strate in ColdFusion
原标题:SHA-512 hashing a byte array in ColdFusion

我在用冷冻9

引用Ben Nadel在

ucase(digestUtils.sha512(imageBinary))

对于SHA-512大麻,我得到的恐惧是:

The sha512 method was not found. Either there are no methods with the specified method name and argument types or the sha512 method is overloaded with argument types that ColdFusion cannot decipher reliably. ColdFusion found 0 methods that match the provided arguments. If this is a Java object and you verified that the method exists, use the javacast function to reduce ambiguity.

现在我知道 Sha512确实作为一种方法存在, 因为我看到它在这里, 但当我表演

cfdump var="#digestUtils#"

我只得到:

md5(byte[])     byte[]
md5(java.lang.String)   byte[]
md5Hex(byte[])  java.lang.String
md5Hex(java.lang.String)    java.lang.String
sha(java.lang.String)   byte[]
sha(byte[])     byte[]
shaHex(java.lang.String)    java.lang.String
shaHex(byte[])  java.lang.String

其他方法怎么样了?

Please advise with a ColdFusion solution. A ColdFusion/Java solution would be ok too. I m trying to write a SSO application where the 3rd party guys feeds me URL parameters. I have successfully decoded the 1st parameter to get my XML Post. I now need to take the 2nd parameter which is the hash payload and go through the algorithm to ensure my 1st parameter hasn t been tampered with.

========= Editing begins here: Okay,I tried writing the code again to no avail.

算法听起来很简单,但试图执行它会杀了我

1. compute the hash string value of the XMLPost string above:
 a. convert the base64 salt string to a UTF-8 byte array.
 b. convert the base64 XML payload string to a UTF-8 byte array.
 c. create a new byte array consisting of the XML payload bytes from step b, appended with the salt bytes from step a.
 d. perform a SHA512 hash on the concatenated byte array from step c, which results in a hashed byte array.
 e. create a new byte array consisting of the hashed bytes from step d, appended with the salt bytes from step a.
 f. convert the result of step e to a base64-encoded string and should be the value of query string parameter "h" payload hash.

xmlPost was created by my third party guys as such: This XML payload string was converted to a UTF-8 byte array, which was then converted to a base-64 string. The resulting base-64 string is the value of my xmlPost below.

因此,我这样做:

<code>
<cfset xmlPost = urlDecode("PD94bWwgdmVyc2lvbj0iMS4wIj8%2bPEVzdG9yZVNzb0N1c3RvbWVyIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxDdXN0b21lcklkPjExMjk0MDwvQ3VzdG9tZXJJZD48RGVhbGVyQ29kZT5OODg4ODg8L0RlYWxlckNvZGU%2bPFBvaW50QmFsYW5jZT4yODA8L1BvaW50QmFsYW5jZT48Rmlyc3ROYW1lPkZhaXRoPC9GaXJzdE5hbWU%2bPExhc3ROYW1lPkh1dHVsYTwvTGFzdE5hbWU%2bPC9Fc3RvcmVTc29DdXN0b21lcj4%3d") />
<cfset salt = "3dfjh674!MujErf98344@090" />
<cfset payload_hash = urlDecode("EtLDRJfcRESFKpY4OGZZnRSN2THqT%2bEelzOuXVU06jotd2kE4yKnlYay7BqyAdcUSATRgSMaHxZa6uBqKKd9rjNkZmpoNjc0IU11akVyZjk4MzQ0QDA5MA%3d%3d") />

<cfset strXML = ToString( ToBinary( xmlpost ) ) /> <!--- to get actual XML --->

<!--- base64 encoding returns a byte array --->
<cfset saltByteArray = toBase64( salt, "utf-8" )  /> 
<cfset xmlpostByteArray = toBase64( xmlPost, "utf-8" ) />
<!--- append salt to xmlpost --->
<cfset xmlpostsaltByteArray = xmlpostByteArray & saltByteArray />

<!--- now let us perform a sha512 hash on this concatenated byte array --->
<cfscript>
// Create an instance of our DigestUtils class
digestUtils = createObject("java","org.apache.commons.codec.digest.DigestUtils");
// I hash a byte array using the given algorithm and return a
// 32-character Hexadecimal string. Home-made hash function for CF9 and earlier
function hashBytes( bytes, algorithm = "SHA-512" ){
    // Get our instance of the digest algorithm that we ll use
    // to hash the byte array.
    var messageDigest = createObject( "java", "java.security.MessageDigest" ).getInstance( javaCast( "string", algorithm ) );

    // Get the digest for the given byte array. This returns the
    // digest (i.e., hash) in byte-array format.
    var digest = messageDigest.digest( bytes );

    // Now that we have our digested byte array (i.e., our hash as another byte
    // array), we have to convert that into a HEX string. So, we ll need a HEX buffer.
    var hexBuffer = [];

    // Each integer in the byte digest needs to be converted into
    // a HEX character (with possible leading zero).
    for (byte =1 ;byte LTE ArrayLen(digest);byte = byte + 1) {
    //for ( var byte in digest){
        // Get the hex value for this byte. When converting the
        // byte, only use the right-most 8 bits (last 8 bits of the integer)
        // otherwise the sign of the byte can create oddities

        var tail = bitAnd( 255, byte );

        // Get the hex-encoding of the byte.
        var hex = ucase( formatBaseN( tail, 16 ) );

        // In order to make sure that all of the HEX characters
        // are two-digits, we have to prepend a zero for any
        // value that was originally LTE to 16 (the largest value
        // that won t result in two HEX characters).
        arrayAppend( hexBuffer, (tail <= 16 ? ("0" & hex) : hex) );
    }

    // Return the flattened character buffer.
    return( arrayToList( hexBuffer, "" ) );
}

// Get the hash of the byte array using our hashBytes() function
hashByteArray = hashBytes( xmlpostsaltByteArray );  
</cfscript>


<!--- The hashByteArray is in HEX format now. Convert to binary --->
<!--- You must binary decode the hashed string before converting it to binary --->
<cfset hashByteArray = toBase64( BinaryDecode( hashByteArray,  HEX  ) ) />

<!--- The final step is to append this new hashbytearray with the salt byte array --->

<cfset hashByteArray = hashByteArray & saltByteArray />

<!--- now convert this value to a base64 encoded string --->

<cfset hashByteArray2 = toBase64( hashByteArray )/>

以下是我得到的斯特XML变量:

Actual xml structure converted from base 64 to string:
<?xml version="1.0"?><EstoreSsoCustomer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><CustomerId>112940</CustomerId><DealerCode>N88888</DealerCode><PointBalance>280</PointBalance><FirstName>Faith</FirstName><LastName>Hutula</LastName></EstoreSsoCustomer>  

最终值, hasByteArray2 与有效载荷Qhash 甚至不相近

这是我第一次这样做,我对散列、字节阵列和字符转换的理解 早在几十年前就从窗外飞了出来。

我做错什么了?

Thank you Faith Sloan

最佳回答

DigestUtils.sha512 在1.4版中添加。ColdFusion 9使用旧版本1.3。这就是为什么找不到方法。

使用基于 MessageDigest 的其他函数。 只要确定在正确的算法 ie 中通过 :

    imageHash = hashBytes( imageBinary, "SHA-512" );

UPDATE: 基于更新的代码, 有些指令可能有点误导。 我认为它们的意思只是从给定的编码( base64 和 utf-8) 中解码 < em> byte 数组 , 而不是字符串: < code> < code> < xml 和 < salt 字符串 < base64 and utf-8 > : < em> byte 数组

    // note: salt value has invalid characters for base64
    // assuming it is a plain utf-8 string
    saltArray = charsetDecode(salt, "utf-8");
    xmlByteArray = binaryDecode(xmlPost, "base64");

然后合并两个二进制数组(见自定义函数)

    mergedBytes = mergeArrays( xmlByteArray, saltArray );

计算新字节数组的散列 :

    messageDigest = createObject( "java", "java.security.MessageDigest" );
    messageDigest = messageDigest.getInstance( javaCast( "string", "SHA-512") );
    hashedByteArray = messageDigest.digest( javacast("byte[]", mergedBytes) );

再次合并数组 :

    mergedBytes = mergeArrays( hashedByteArray, saltArray);

最后将二进制转换为 base64 并比较 :

    calculatedPayload = binaryEncode( javacast("byte[]", mergedBytes), "base64");

    // check results
    arePayloadsEqual = compare(calculatedPayload, payload_hash) eq 0;
    WriteDump("arePayloadsEqual="& arePayloadsEqual);
    WriteDump("calculatedPayload="& calculatedPayload);
    WriteDump("payload_hash="& payload_hash);

note : BinaryDecode/CharsetDecode 返回 java 阵列。 与 CF 阵列不同, 它们不可改变( 无法更改 ) 。 因此 < a href=" http://www. aliaspoloyorik.com/blog/ index.cfm/e/ posts. details/ post/ merging- two- arrays- 267" rel=“ no follow” > handy addaddall(.) trick

    // merge immutable arrays the long way
    function mergeArrays( array1, array2 ){
        var i = 0;
        var newArray = [];
        for (i = 1; i <= arrayLen(arguments.array1); i++) {
            arrayAppend(newArray, arguments.array1[i]);
        }
        for (i = 1; i <= arrayLen(arguments.array2); i++) {
            arrayAppend(newArray, arguments.array2[i]);
        }
        return newArray;
    }   
问题回答

暂无回答




相关问题
JQuery AJAX .load - flash chart doesnt load in IE

An IE issue has me completely stumped. I have a coldfusion page that uses JQuery s AJAX .load function to load in a new flash file that is generated by coldFusion s cfchart tag. This works completely ...

Best Coldfusion Library for OpenID [closed]

I am getting ready to start a project that requires using OpenID within Coldfusion 8. I have found a number of different options and was wondering what has worked the best, get s the most support, ...

Find ColdFusion Generated ID

Is there a way to find the elements generated by ColdFusion s <CFLayout> and <CFLayoutArea> tags? These tags: <cflayout type="tab" name="MyAccount"> <cflayoutarea name="...

ColdFusion COM error

I am upgrading from CF4.5 to CF8. Calls to COM dll s that used to work in version 4.5 now throw a "Complex object types cannot be converted to simple values.." error. The COM object has a few arrays ...

What s the best way to write engine-specific CFML code?

Sometimes it is necessary to write different code for Adobe ColdFusion vs Railo vs OpenBD, due to differences in implementation. Do people have a specific method that they use for this? For example, ...

热门标签