Closed uday4923 closed 3 years ago
What is the value of postContent
and calculateHmac
in your code?
Are you not comparing SHA256 and SHA512?
Can you repeat the problem with a test? https://github.com/jenkinsci/generic-webhook-trigger-plugin/blob/master/src/test/java/org/jenkinsci/plugins/gwt/whitelist/HMACVerifierTest.java
Hi @tomasbjerre i am already using the test provided in HMACVerifierTest
@Test
public void testThatHmacCanBeVerifiedAndValid() throws Exception {
final Map<String, List
final boolean actual = this.testHmacVerify(headers, postContent, hmacHeader, hmacSecret, algorithm);
assertThat(actual).isTrue();
}
the value of calculatedHmac: 87E3E7B7E4567F528342A75B6D88C619F272C68A4D0D565C68D596A830213164
and the postContent is the same as provided in test
Are you saying that bytesToHex
should not be done here?
https://github.com/jenkinsci/generic-webhook-trigger-plugin/blob/cc4c3246b9f5a00b45f9c8d634b598046a980c0f/src/main/java/org/jenkinsci/plugins/gwt/whitelist/HMACVerifier.java#L49
I think this should fix the issue: https://github.com/jenkinsci/generic-webhook-trigger-plugin/pull/217
What do you think?
yes @tomasbjerre it should fix the issue, thanks. one more thing currently teams send authorization as
authorization: 'HMAC w2g2swwmrsvRLZ5W68LfjaLrSR4fN0ErKGyfTPbLrBs=',
so should be also do: if (value.contains("HMAC")) { // To handle teams signature authorization: 'HMAC w2g2swwmrsvRLZ5W68LfjaLrSR4fN0ErKGyfTPbLrBs=' return value.split("HMAC")[1].trim(); } return value;
should i raise another ticket for this, if yes please let me know.
I released 1.76. Open issue again if not working.
Plugin version used: 1.75 Jenkins version used: 2.289.3
I am trying to configure job triggering from microsoft teams, teams sends authetication in BASE 64 encoded HMAC and I am unable to trigger the job, i tried with CURL and was getting 403 as HMAC was not generated correctly.
I am trying with following values: final String algorithm = WhitelistItem.HMAC_SHA256; headers = new HashMap<>(); headers.put("X-Hub-Signature", Arrays.asList("sha256=h+Pnt+RWf1KDQqdbbYjGGfJyxopNDVZcaNWWqDAhMWQ="));
and the generated base64 encoded HMAC via line: final String calculateHmacBase64 = new String(Base64.getEncoder().encode(calculateHmac.getBytes(UTF_8)), UTF_8); is: ODdFM0U3QjdFNDU2N0Y1MjgzNDJBNzVCNkQ4OEM2MTlGMjcyQzY4QTREMEQ1NjVDNjhENTk2QTgzMDIxMzE2NA==
but if i use this line in code Base64.getEncoder().encodeToString(sha512_HMAC.doFinal(postContent.getBytes("UTF-8")));
it returns correct value.