//This is how I am calling from controller
var signature = Request.Headers["X-Docusign-Signature-1"];
var message = Request.Body;
StreamReader reader1 = new StreamReader(message);
string text = reader1.ReadToEnd();
var isValid = docuSignHMACKeyValidation.HashIsValid(text, signature);
// My Methods
public string ComputeHash(string secret, string payload)
{
byte[] bytes = Encoding.UTF8.GetBytes(secret);
HMAC hmac = new HMACSHA256(bytes);
bytes = Encoding.UTF8.GetBytes(payload);
return Convert.ToBase64String(hmac.ComputeHash(bytes));
}
public bool HashIsValid(string payload, string verify)
{
string secret = "secretkey";
ReadOnlySpan<byte> hashBytes =
Convert.FromBase64String(ComputeHash(secret, payload));
ReadOnlySpan<byte> verifyBytes = Convert.FromBase64String(verify);
return CryptographicOperations.FixedTimeEquals(hashBytes, verifyBytes);
}
我有点怀疑你的
bytes = Encoding.UTF8.GetBytes(payload);
我会在不进行编码转换的情况下尝试它。
还有:
- 检查hmac签名是否在X-Docusign-signature-1中(检查Docusign中是否只有一个hmac密钥集。(
- 使用调试器检查每个步骤,并与HMAC检查网站(如https://www.freeformatter.com/hmac-generator.html换句话说,首先检查您是否可以使用在线工具来验证hmac。然后调试您的代码,以确定为什么您得到错误的响应