Here is my Java Implementation of the Hashing it’s based on githubs webhook signature verification (maybe it helps you, did you encode the rawHmac before comparing it?):
public static String createSignatureWithSHA256(String secret, String payload)
throws NoSuchAlgorithmException, InvalidKeyException {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(payload.getBytes());
return new String(encode(rawHmac));
}
private static char[] encode(byte[] bytes) {
final int amount = bytes.length;
char[] result = new char[2 * amount];
int j = 0;
for (int i = 0; i < amount; i++) {
result[j++] = HEX[(0xF0 & bytes[i]) >>> 4];
result[j++] = HEX[(0x0F & bytes[i])];
}
return result;
}