Discord 交互验证 java
Discord Interactions validation java
我正在尝试使用 java 11. Discord documentation doesn't provide any example in terms of validating in java. I have found a java library 制作无服务器 discord 机器人,这可能在这里有所帮助,但我在该领域的专业知识很少,而且我的代码总是导致验证失败。有人会指出我在验证过程中做错了什么吗?
SecretKey key = Crypto.authKey(fromHex("<MY APPLICATION PUBLIC KEY>"));
String message = x_signature_timestamp + event.get("body");
boolean verified = Crypto.authVerify(key,message.getBytes(),fromHex(x_signature_ed25519));
和
public static byte[] fromHex(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}
我总是在添加交互端点时得到这个 url
即时发送回复:
if (!verified){
response = ApiGatewayResponse.builder()
.withHeaders(headers)
.withBody("validation failed")
.withStatusCode(401)
.build();
} else {
response = ApiGatewayResponse.builder()
.withHeaders(headers)
.withBody(event.get("body").toString())
.withStatusCode(200)
.build();
}
return response;
使用salty-coffee可以在Java (11)!
下执行所需的Ed25519验证
使用以下测试数据,可以使用 tweetnacl 和您链接的 NodeJS 代码执行成功验证:
const nacl = require('tweetnacl');
const PUBLIC_KEY = "9c7d775851a98ceb09a80928c1f8ff56706a0f5d91d841c72850fcd92e065b8f"; // 'APPLICATION_PUBLIC_KEY'
const signature = "99c4903df0b00ac32ba158db956ee39586adf05fea6be714055ac79a80bfd9dff59399b7da01ced95d0a252daee6bdb07e5f59cc546322bb779fd749b04f170c"; // req.get('X-Signature-Ed25519')
const timestamp = '202204091535'; // req.get('X-Signature-Timestamp')
const body = 'testmessage'; // req.rawBody
const isVerified = nacl.sign.detached.verify(
Buffer.from(timestamp + body),
Buffer.from(signature, 'hex'),
Buffer.from(PUBLIC_KEY, 'hex')
);
console.log(isVerified); // true
模拟Java带salty-coffee验证成功的代码为:
import java.nio.charset.StandardCharsets;
import software.pando.crypto.nacl.Crypto;
...
String PUBLIC_KEY = "9c7d775851a98ceb09a80928c1f8ff56706a0f5d91d841c72850fcd92e065b8f";
String signature = "99c4903df0b00ac32ba158db956ee39586adf05fea6be714055ac79a80bfd9dff59399b7da01ced95d0a252daee6bdb07e5f59cc546322bb779fd749b04f170c";
String timestamp = "202204091535";
String body = "testmessage";
boolean isVerified = Crypto.signVerify(
Crypto.signingPublicKey(fromHex(PUBLIC_KEY)),
(timestamp + body).getBytes(StandardCharsets.UTF_8),
fromHex(signature));
System.out.println(isVerified); // true
注意验证要用Crypto.signVerify() and not with Crypto.authVerify().
我正在尝试使用 java 11. Discord documentation doesn't provide any example in terms of validating in java. I have found a java library 制作无服务器 discord 机器人,这可能在这里有所帮助,但我在该领域的专业知识很少,而且我的代码总是导致验证失败。有人会指出我在验证过程中做错了什么吗?
SecretKey key = Crypto.authKey(fromHex("<MY APPLICATION PUBLIC KEY>"));
String message = x_signature_timestamp + event.get("body");
boolean verified = Crypto.authVerify(key,message.getBytes(),fromHex(x_signature_ed25519));
和
public static byte[] fromHex(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i+1), 16));
}
return data;
}
我总是在添加交互端点时得到这个 url
即时发送回复:
if (!verified){
response = ApiGatewayResponse.builder()
.withHeaders(headers)
.withBody("validation failed")
.withStatusCode(401)
.build();
} else {
response = ApiGatewayResponse.builder()
.withHeaders(headers)
.withBody(event.get("body").toString())
.withStatusCode(200)
.build();
}
return response;
使用salty-coffee可以在Java (11)!
下执行所需的Ed25519验证使用以下测试数据,可以使用 tweetnacl 和您链接的 NodeJS 代码执行成功验证:
const nacl = require('tweetnacl');
const PUBLIC_KEY = "9c7d775851a98ceb09a80928c1f8ff56706a0f5d91d841c72850fcd92e065b8f"; // 'APPLICATION_PUBLIC_KEY'
const signature = "99c4903df0b00ac32ba158db956ee39586adf05fea6be714055ac79a80bfd9dff59399b7da01ced95d0a252daee6bdb07e5f59cc546322bb779fd749b04f170c"; // req.get('X-Signature-Ed25519')
const timestamp = '202204091535'; // req.get('X-Signature-Timestamp')
const body = 'testmessage'; // req.rawBody
const isVerified = nacl.sign.detached.verify(
Buffer.from(timestamp + body),
Buffer.from(signature, 'hex'),
Buffer.from(PUBLIC_KEY, 'hex')
);
console.log(isVerified); // true
模拟Java带salty-coffee验证成功的代码为:
import java.nio.charset.StandardCharsets;
import software.pando.crypto.nacl.Crypto;
...
String PUBLIC_KEY = "9c7d775851a98ceb09a80928c1f8ff56706a0f5d91d841c72850fcd92e065b8f";
String signature = "99c4903df0b00ac32ba158db956ee39586adf05fea6be714055ac79a80bfd9dff59399b7da01ced95d0a252daee6bdb07e5f59cc546322bb779fd749b04f170c";
String timestamp = "202204091535";
String body = "testmessage";
boolean isVerified = Crypto.signVerify(
Crypto.signingPublicKey(fromHex(PUBLIC_KEY)),
(timestamp + body).getBytes(StandardCharsets.UTF_8),
fromHex(signature));
System.out.println(isVerified); // true
注意验证要用Crypto.signVerify() and not with Crypto.authVerify().