ColdFusion hash_hmac256 输出格式/编码

Question

我有这个脚本可以在 CFML 中输出一个类似 hash_hmac 的函数:

<cfprocessingdirective pageencoding = "iso-8859-1">

<cfset msg = "AgostinoSqueglinPiccolinMonachin">

<cfset jMsg = JavaCast("string",msg).getBytes() />
<cfset jKey = JavaCast("string","cicciolin").getBytes() />


<cfset key = createObject("java","javax.crypto.spec.SecretKeySpec") />
<cfset mac = createObject("java","javax.crypto.Mac") />

<!--- this line had to be changed to the 256 version --->
<cfset key = key.init(jKey,"hmacSHA256") />

<cfset mac = mac.getInstance(key.getAlgorithm()) />
<cfset mac.init(key) />
<cfset mac.update(jMsg) />

<cfset cc = mac.doFinal()>

<cfset strBase64Value = ToString( cc,"Utf-8" ) />

<cfscript>
    writeDump(msg);
    writeDump(strBase64Value);
</cfscript>

这应该输出与此 php 相同的结果:

<?php

    $uu = hash_hmac('sha256', "AgostinoSqueglinPiccolinMonachin", "cicciolin", true);

    echo $uu;

?>

但我得到了不同的结果，可能是由于格式错误:

ColdFusion : �GK�襍}�}��B�}9w�(��u�m�

PHP: ÐGKÒè¥}Ÿ»}©ì¬B§}9w´(«æüu§mÃ

似乎有些字符没有以正确的方式输出。

我该如何解决这个问题？

更新:

该解决方案完美运行，但如果我尝试对新行进行编码，则会出现其他问题:

例如

PHP:

$sign = "GET\n" . "agostinsqueglin" . "". "piccolin";

$uu = base64_encode(hash_hmac('sha256', $sign, "cicciolin", true));

如果我尝试:

sign = "GET#chr(13)##chr(10)#" & "agostinsqueglin" & "" & "piccolin";

我得到了两个不同的结果。

这是由于 coldfusion 处理“\n”换行符的方式...

Answer 1

您提供的代码比它需要的要冗长一点，而且...好吧，这是一个改进的版本:

<cfscript>
    msg       = "AgostinoSqueglinPiccolinMonachin";
    key       = "cicciolin";
    algorithm = "HmacSHA256";
    encoding  = "iso-8859-1";

    secret = createObject('java',"javax.crypto.spec.SecretKeySpec").init( charsetDecode(key,encoding) , algorithm );
    mac    = createObject('java',"javax.crypto.Mac").getInstance(algorithm);
    mac.init(secret);
    digest = mac.doFinal( charsetDecode(msg,encoding) );

    writeDump( msg );
    writeDump( toString(digest,encoding) );
</cfscript>

这是基于此处的答案和评论:Calculate HMAC-SHA256 digest in ColdFusion using Java

显然，对于常规使用，它应该包含在合适的函数中。