2
我已經寫了一個Asp.net網絡APi 2,我保護它與HMAC認證,我可以用C#查詢它與此代碼我試圖重新創建這個C#代碼在Java中調用我的網絡API使我ASP.NET
class Program
{
private const string _alg = "HmacSHA256";
private const string _salt = "hidden";
static void Main(string[] args)
{
RunAsync().Wait();
}
private static async Task RunAsync()
{
Console.WriteLine("Calling the back-end API");
string apiBaseAddress = "http://myapi.com/";
CustomDelegatingHandler customDelegatingHandler = new CustomDelegatingHandler();
HttpClient client = HttpClientFactory.Create(customDelegatingHandler);
HttpResponseMessage response = await client.GetAsync(apiBaseAddress + "api/students/186");
if (response.IsSuccessStatusCode)
{
string responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
Console.WriteLine("HTTP Status: {0}, Reason {1}. Press ENTER to exit", response.StatusCode, response.ReasonPhrase);
}
else
{
Console.WriteLine("Failed to call the API. Http Status: {0}, Reason {1}. Pess ENTER to exit", response.StatusCode, response.ReasonPhrase);
}
Console.ReadLine();
}
}
public class CustomDelegatingHandler : DelegatingHandler
{
private string APIId = ConfigurationManager.AppSettings["ApiId"];
private string APIKey = ConfigurationManager.AppSettings["ApiKey"];
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpResponseMessage response = null;
string requestContentBase64String = string.Empty;
string requestUri = HttpUtility.UrlEncode(request.RequestUri.AbsoluteUri.ToLower());
string reqestHttpMethod = request.Method.Method;
DateTime epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc);
TimeSpan timeSpan = DateTime.UtcNow - epochStart;
string requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString();
string nonce = Guid.NewGuid().ToString("N");
if(request.Content != null)
{
byte[] content = await request.Content.ReadAsByteArrayAsync();
MD5 md5 = MD5.Create();
byte[] requestContentHash = md5.ComputeHash(content);
requestContentBase64String = Convert.ToBase64String(requestContentHash);
}
string signatureRawData = string.Format("{0}{1}{2}{3}{4}{5}", APIId, reqestHttpMethod, requestUri, requestTimeStamp, nonce, requestContentBase64String);
var secretKeyByteArray = Convert.FromBase64String(APIKey);
byte[] signature = Encoding.UTF8.GetBytes(signatureRawData);
using (HMACSHA256 hmac = new HMACSHA256(secretKeyByteArray))
{
byte[] signatureBytes = hmac.ComputeHash(signature);
string requestSignatureBase64String = Convert.ToBase64String(signatureBytes);
request.Headers.Authorization = new AuthenticationHeaderValue("amx", string.Format("{0}:{1}:{2}:{3}", APIId, requestSignatureBase64String, nonce, requestTimeStamp));
}
response = await base.SendAsync(request, cancellationToken);
return response;
}
}
然後我試着將它改寫爲Java,但我的web服務返回一個401,我不能找出其中的錯誤,任何想法我能做什麼?
String request = null;
String result = "";
URL url;
String requestContentBase64String = "";
HttpURLConnection urlConnection = null;
try {
url = new URL("http://mysapi.com");
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("GET");
Date epochStart = new Date(0);
String requestTimeStamp = "" + ((new Date().getTime() - epochStart.getTime())/1000);
String nonce = java.util.UUID.randomUUID().toString().replace("-", "");
if (request != null) {
byte[] content = request.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] requestContentHash = md.digest(content);
requestContentBase64String = Base64.getUrlEncoder().encodeToString(requestContentHash);
}
String signatureRawData = String.format("%s%s%s%s%s%s", ApiId, urlConnection.getRequestMethod(),
url.toString().toLowerCase(), requestTimeStamp, nonce, requestContentBase64String);
byte[] secretKeyByteArray = ApiKey.getBytes();
byte[] signature = signatureRawData.getBytes("UTF-8");
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secretKeyByteArray, "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] signatureBytes = sha256_HMAC.doFinal(signature);
String requestSignatureBase64String = Base64.getEncoder().encodeToString(signatureBytes);
String header = String.format("amx %s:%s:%s:%s", ApiId, requestSignatureBase64String, nonce,
requestTimeStamp);
urlConnection.setRequestProperty("Authorization", header);
InputStream in = urlConnection.getInputStream();
InputStreamReader reader = new InputStreamReader(in);
int data = reader.read();
while (data != -1) {
char current = (char) data;
result += current;
data = reader.read();
}
System.out.println(result);
}
catch (MalformedURLException e)
{
e.printStackTrace();
}
catch (IOException e)
{
e.printStackTrace();
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeyException e)
{
e.printStackTrace();
}
catch (Exception e)
{
e.printStackTrace();
}
您必須缺少發送給web api的驗證令牌。 401是錯誤,它必須是有關的。嘗試在Fiddler中做出這個手動請求,並看看你在頭部錯過了什麼 – Teja