Recaptcha stoken生成(从Java转换为Ruby)
Google提供了以下示例代码,展示了如何为第二版本的Recaptcha生成安全令牌:Recaptcha stoken生成(从Java转换为Ruby),java,ruby,recaptcha,public-key-encryption,Java,Ruby,Recaptcha,Public Key Encryption,Google提供了以下示例代码,展示了如何为第二版本的Recaptcha生成安全令牌: public class STokenUtils { private static final String CIPHER_INSTANCE_NAME = "AES/ECB/PKCS5Padding"; public static final String createSToken(String siteSecret) { String sessionId = UUID.randomUUID
public class STokenUtils {
private static final String CIPHER_INSTANCE_NAME = "AES/ECB/PKCS5Padding";
public static final String createSToken(String siteSecret) {
String sessionId = UUID.randomUUID().toString();
String jsonToken = createJsonToken(sessionId);
return encryptAes(jsonToken, siteSecret);
}
private static final String createJsonToken(String sessionId) {
JsonObject obj = new JsonObject();
obj.addProperty("session_id", sessionId);
obj.addProperty("ts_ms", System.currentTimeMillis());
return new Gson().toJson(obj);
}
private static String encryptAes(String input, String siteSecret) {
try {
SecretKeySpec secretKey = getKey(siteSecret);
Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE_NAME);
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return BaseEncoding.base64Url().omitPadding().encode(cipher.doFinal(input.getBytes("UTF-8")));
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static String decryptAes(String input, String key) throws Exception {
SecretKeySpec secretKey = getKey(key);
Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE_NAME);
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(
BaseEncoding.base64Url().omitPadding().decode(input)), "UTF-8");
}
private static SecretKeySpec getKey(String siteSecret){
try {
byte[] key = siteSecret.getBytes("UTF-8");
key = Arrays.copyOf(MessageDigest.getInstance("SHA").digest(key), 16);
return new SecretKeySpec(key, "AES");
} catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
}
完整代码可在以下位置找到:
我想在Ruby 2.1+中生成这个令牌,但它输出的数据不正确。我正试图慢慢地调试它,但与此同时,我想知道是否有人能看到我的过程中有任何明显的缺陷
stoken_json = hash_to_json({'session_id' => SecureRandom.uuid, 'ts_ms' => Time.now.to_i})
cipher = OpenSSL::Cipher::AES128.new(:ECB)
private_key_digest = Digest::SHA1.hexdigest(private_key)[0...16]
cipher.encrypt
cipher.key = private_key_digest
encrypted_stoken = cipher.update(stoken_json) << cipher.final
encoded_stoken = Base64.urlsafe_encode64(encrypted_stoken).gsub(/\=+\Z/, '')
stoken_json=hash_to_json({'session_id'=>SecureRandom.uuid'ts_ms'=>Time.now.to_i})
cipher=OpenSSL::cipher::AES128.new(:ECB)
private_key_digest=摘要::SHA1.hexdigest(private_key)[0…16]
加密
cipher.key=私钥
encrypted_stoken=cipher.update(stoken_json)证明我很接近。我需要digest
而不是hexdigest
私钥:
private_key_digest = Digest::SHA1.digest(private_key)[0...16]
最后的代码是:
stoken_json = hash_to_json({'session_id' => SecureRandom.uuid, 'ts_ms' => (Time.now.to_f * 1000).to_i})
cipher = OpenSSL::Cipher::AES128.new(:ECB)
private_key_digest = Digest::SHA1.digest(private_key)[0...16]
cipher.encrypt
cipher.key = private_key_digest
encrypted_stoken = cipher.update(stoken_json) << cipher.final
encoded_stoken = Base64.urlsafe_encode64(encrypted_stoken).gsub(/\=+\Z/, '')
stoken_json=hash_to_json({'session_id'=>SecureRandom.uuid,'ts_ms'=>(Time.now.to_f*1000).to_i})
cipher=OpenSSL::cipher::AES128.new(:ECB)
private_key_digest=摘要::SHA1.digest(private_key)[0…16]
加密
cipher.key=私钥
encrypted_stoken=cipher.update(stoken_json)私钥是否表示站点机密?请提供一个完整的示例,包括视图和控制器代码。在这里,private\u key
是google提供给您的密钥。我一时记不起这个术语了。此解决方案已在recaptcha gem中实现,因此请查看该解决方案的实施指南。这个答案回答了如何在ruby中实现java代码的问题。谢谢,我能够在没有recaptcha
gem的情况下实现它