http - 从 "Sec-WebSocket-Accept"生成 "Sec-WebSocket-Key"

Question

我正在关注 rfc6455 :

Concretely, if as in the example above, the |Sec-WebSocket-Key|
header field had the value "dGhlIHNhbXBsZSBub25jZQ==", the server
would concatenate the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
to form the string "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-
C5AB0DC85B11". The server would then take the SHA-1 hash of this,
giving the value 0xb3 0x7a 0x4f 0x2c 0xc0 0x62 0x4f 0x16 0x90 0xf6
0x46 0x06 0xcf 0x38 0x59 0x45 0xb2 0xbe 0xc4 0xea. This value is
then base64-encoded (see Section 4 of [RFC4648]), to give the value
"s3pPLMBiTxaQ9kYGzzhZRbK+xOo=". This value would then be echoed in
the |Sec-WebSocket-Accept| header field.

并且无法生成正确的“Sec-WebSocket-Accept”。

为了了解我在线使用的流程SHA1 hash和 Base64 Encode .

online SHA1 hash对于“dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11”，给出正确的结果:“b37a4f2cc0624f1690f64606cf385945b2bec4ea”，如 rfc6455 中所述。

但是online Base64 Encode给我输入“b37a4f2cc0624f1690f64606cf385945b2bec4ea”的错误结果“YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==”。结果应该是“s3pPLMBiTxaQ9kYGzzhZRbK+xOo=”

我做错了什么？

Answer 1

您需要对原始 sha1 摘要进行 base64 编码。
您正在对长度为两倍的摘要的十六进制字符串表示形式进行编码。

在线工具处理文本而不处理原始二进制数据，这就是您得到错误结果的原因。

Python 2 示例:

import hashlib, base64
h = hashlib.sha1("dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
print "hexdigest:", h.hexdigest() # hexadecimal string representation of the digest
print "digest:", h.digest() # raw binary digest
print
print "wrong result:", base64.b64encode(h.hexdigest())
print "right result:", base64.b64encode(h.digest())

这打印:

hexdigest: b37a4f2cc0624f1690f64606cf385945b2bec4ea
digest: ﾳzO,ÀbOﾐöFÏ8YEﾲﾾÄê

wrong result: YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==
right result: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

Python 3 示例:

import hashlib, base64
h = hashlib.sha1(b"dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
print("hexdigest:", h.hexdigest()) # hexadecimal string representation of the digest
print("digest:", h.digest()) # raw binary digest
print()
print("wrong result:", base64.b64encode(h.hexdigest().encode()).decode())
print("right result:", base64.b64encode(h.digest()).decode())

这打印:

hexdigest: b37a4f2cc0624f1690f64606cf385945b2bec4ea
digest: b'\xb3zO,\xc0bO\x16\x90\xf6F\x06\xcf8YE\xb2\xbe\xc4\xea'

wrong result: YjM3YTRmMmNjMDYyNGYxNjkwZjY0NjA2Y2YzODU5NDViMmJlYzRlYQ==
right result: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=