c# - Youtube PubSubHubbub hmac sha1 validation failed - Stack Overflow

admin管理员组

文章数量:1026989

3 years ago, I created a simple subscriber to the youtube pubsubhubbub api, to get notifications when a new video gets uploaded. This stopped working a few months ago, it worked until then. When I debugged what was happening, I saw that the hmac signature seems to mismatch, causing my server to not process the request.

var checksumHeader = context.Request.Headers["X-Hub-Signature"];
var signature = checksumHeader.ToString().Split('=')[1];
var stream = context.Request.Body;
string body;
using (var reader = new StreamReader(stream, Encoding.UTF8)) {
    body = await reader.ReadToEndAsync();
}

var isValid = PubSubSecret.Check(body, signature);

This is my code that processes youtube's POST request. This used to work, but now isValid always returns false.

My Check method:

public static bool Check(string body, string signature) {
    using (var hmac = new HMACSHA1(Encoding.UTF8.GetBytes(Secret))) {
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));
        var hash = Convert.ToHexString(hashBytes).ToLowerInvariant();
        Console.WriteLine("Sig: " + signature);
        Console.WriteLine("Computed Hash " + hash);
        return signature.Equals(hash);
    }
}

If I use the diagnostic tool at , I can see, that youtube gets the correct secret, so this is not the problem. Also, this exact code previously worked, so I wonder what might have changed for this to stop working.

I hope someone can lead me in the right direction about what to check next.

If I copy the string body and secret to one of the many online Hmac SHA1 tools, I get the same hash as my code computes, but not what youtube sends in the header.

3 years ago, I created a simple subscriber to the youtube pubsubhubbub api, to get notifications when a new video gets uploaded. This stopped working a few months ago, it worked until then. When I debugged what was happening, I saw that the hmac signature seems to mismatch, causing my server to not process the request.

var checksumHeader = context.Request.Headers["X-Hub-Signature"];
var signature = checksumHeader.ToString().Split('=')[1];
var stream = context.Request.Body;
string body;
using (var reader = new StreamReader(stream, Encoding.UTF8)) {
    body = await reader.ReadToEndAsync();
}

var isValid = PubSubSecret.Check(body, signature);

This is my code that processes youtube's POST request. This used to work, but now isValid always returns false.

My Check method:

public static bool Check(string body, string signature) {
    using (var hmac = new HMACSHA1(Encoding.UTF8.GetBytes(Secret))) {
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));
        var hash = Convert.ToHexString(hashBytes).ToLowerInvariant();
        Console.WriteLine("Sig: " + signature);
        Console.WriteLine("Computed Hash " + hash);
        return signature.Equals(hash);
    }
}

If I use the diagnostic tool at , I can see, that youtube gets the correct secret, so this is not the problem. Also, this exact code previously worked, so I wonder what might have changed for this to stop working.

I hope someone can lead me in the right direction about what to check next.

If I copy the string body and secret to one of the many online Hmac SHA1 tools, I get the same hash as my code computes, but not what youtube sends in the header.

本文标签： cYoutube PubSubHubbub hmac sha1 validation failedStack Overflow