Stream: fhircast-github
Topic: docs / Issue #41 Example HMAC digest does not equal hash ...
Github Notifications (FHIRcast) (Nov 06 2018 at 14:55):
lbergnehr opened Issue #41
I've tried this for some time, but cannot get the request body of the example on fhircast.org to hash to what's in the
X-Hub-Signatureheader. Just so I'm not missing anything, here's what I'm doing in ruby:require 'openssl' request_body = '{ "timestamp": "2018-01-08T01:37:05.14", "id": "q9v3jubddqt63n1", "event": { "hub.topic": "https://hub.example.com/7jaa86kgdudewiaq0wtu", "hub.event": "open-patient-chart", "context": [ { "key": "patient", "resource": { "resourceType": "Patient", "id": "ewUbXT9RWEbSj5wPEdgRaBw3", "identifier": [ { "system": "urn:oid:1.2.840.114350", "value": "185444" }, { "system": "urn:oid:1.2.840.114350.1.13.861.1.7.5.737384.27000", "value": "2667" } ] } } ] } }' secret = 'shhh-this-is-a-secret' hash = OpenSSL::HMAC.hexdigest('sha256', secret, request_body); puts hashI've verified the above to work to some extent using wikipedia examples.
Something's off. Line-endings? Tabs vs. spaces? @isaacvetter, do you remember what you did when you wrote this?
Github Notifications (FHIRcast) (Nov 06 2018 at 14:59):
lbergnehr edited Issue #41
I've tried this for some time, but cannot get the request body of the example on fhircast.org to hash to what's in the
X-Hub-Signatureheader. Just so I'm not missing anything, here's what I'm doing in ruby:require 'openssl' request_body = '{ "timestamp": "2018-01-08T01:37:05.14", "id": "q9v3jubddqt63n1", "event": { "hub.topic": "https://hub.example.com/7jaa86kgdudewiaq0wtu", "hub.event": "open-patient-chart", "context": [ { "key": "patient", "resource": { "resourceType": "Patient", "id": "ewUbXT9RWEbSj5wPEdgRaBw3", "identifier": [ { "system": "urn:oid:1.2.840.114350", "value": "185444" }, { "system": "urn:oid:1.2.840.114350.1.13.861.1.7.5.737384.27000", "value": "2667" } ] } } ] } }' secret = 'shhh-this-is-a-secret' hash = OpenSSL::HMAC.hexdigest('sha256', secret, request_body); puts hashI'm getting
2e24e889827c4ab7ebd68217e12bf82d959dff4d12939e7b994fe0a197d19e1aand the example statesdce85dc8dfde2426079063ad413268ac72dcf845f9f923193285e693be6ff3ae. I mean, they're not even close! :wink:I've verified the above to work to some extent using wikipedia examples.
Something's off. Line-endings? Tabs vs. spaces? @isaacvetter, do you remember what you did when you wrote this?
Github Notifications (FHIRcast) (Nov 19 2018 at 15:21):
isaacvetter commented on Issue #41
Great catch, @lbergnehr !
Using a tool like https://www.freeformatter.com/hmac-generator.html#ad-output, and the json object copied-and-pasted from fhircast.org, I get
df3e914aeeb80574a5892bd6f59099985f819a423f9ade0cfdd40d0619367d87.secret = shhh-this-is-a-secret
algo = SHA256
message ={ "timestamp": "2018-01-08T01:37:05.14", "id": "q9v3jubddqt63n1", "event": { "hub.topic": "https://hub.example.com/7jaa86kgdudewiaq0wtu", "hub.event": "open-patient-chart", "context": [ { "key": "patient", "resource": { "resourceType": "Patient", "id": "ewUbXT9RWEbSj5wPEdgRaBw3", "identifier": [ { "system": "urn:oid:1.2.840.114350", "value": "185444" }, { "system": "urn:oid:1.2.840.114350.1.13.861.1.7.5.737384.27000", "value": "2667" } ] } } ] } }Leo, will you convince a publically accessible online HMAC digest to agree with your computed HMAC and then let's update to the specification to be correct.
Isaac
Last updated: Apr 12 2022 at 19:14 UTC
