I'm trying to implement a method that will calculate & validate the HmacSHA256 signature for verifying a slack request. For... various reasons... I'm using scala.js, and therefore I don't have access to the usual javax.crypto imports.
From slack's documentation on validating a signed request from Slack:
- With the help of HMAC SHA256 implemented in your favorite programming, hash the above basestring, using the Slack Signing Secret as the key.
- Compare this computed signature to the X-Slack-Signature header on the request.
Well, the first step there is a problem. In scala.js, the javax.crypto package isn't available, so the following won't work:
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec
def asHmacSHA256(key: String, baseString: String): Array[Byte] = {
val secretKeySpec = new SecretKeySpec(key.getBytes(), "HmacSHA256")
val hmac = Mac.getInstance("HmacSHA256")
hmac.init(secretKeySpec)
hmac.doFinal(baseString.getBytes())
}
How can I work around this - is there a good hashing library that works with scala.js, or will I have to pull in some js dependency, or am I going to have to... gulp... roll my own hashing algorithm?
there is one project that tends to do that (not sure about quality) https://github.com/fluencelabs/crypto. Internally it uses CryptoJS (and maybe using it directly will be even simpler or more stable way). But still you can see how it is used in fluencelabs/crypto.