Change hmac encoding from base64 to hex

3cdd0101 · Marco Holz · 41fcdda2 · 3cdd0101
Commit 3cdd0101 authored 3 years ago by Marco Holz
--- a/validate-callback.py
+++ b/validate-callback.py
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: EUPL-1.2

-import base64
+import binascii
 import hmac
 import secrets
 import sys
@@ -15,7 +15,7 @@ CALLBACK_SECRET = 'insecure_unsafe_qHScgrg_kP-R31jHUwp3GkVkGJolvBchz65b74Lzue0'
 request = {
    'body': '{"type":"https://schema.fitko.de/fit-connect/callbacks/new-submissions","submissionIds":["f39ab143-d91a-474a-b69f-b00f1a1873c2"]}',
    'headers': {
-        'callback-authentication': 'f4eig0ht6hdlsfz6DVqGjXi1j3RAombIQ7vjG1M2TFZx1fGurzg1nOEh00lPfLEulhio1RyTOav1e1aMi69SRg==',
+        'callback-authentication': '7f87a283486dea1765b1fcfa0d5a868d78b58f7440a266c843bbe31b53364c5671d5f1aeaf38359ce121d3494f7cb12e9618a8d51c9339abf57b568c8baf5246',
        'callback-timestamp': 1672527599,
    }
 }
@@ -33,12 +33,12 @@ else:
 payload = str(request['headers']['callback-timestamp']) + '.' + request['body']

 expected_hmac = hmac.digest(CALLBACK_SECRET.encode("utf-8"), payload.encode("utf-8"), digest=sha512)
-expected_hmac_base64 = base64.b64encode(expected_hmac).decode()
+expected_hmac_hex = binascii.hexlify(expected_hmac).decode('utf-8')

-print('hmac', expected_hmac_base64)
+print('hmac', expected_hmac_hex)

 # 3. Compare generated hmac and `callback-authentication` header
-if not hmac.compare_digest(request['headers']['callback-authentication'], expected_hmac_base64):
+if not hmac.compare_digest(request['headers']['callback-authentication'], expected_hmac_hex):
    print('Error: invalid hmac')
    sys.exit(2)
 else: