我正在爲Xero API編寫包裝器,使用oAuth和雙腿認證。這是一個「私人」應用程序,正如Xero所稱,它需要RSA-SHA1簽名。 Coldfusion oAuth包裝器不具有在RSA-SHA1中進行加密的功能,只有HMAC-SHA1。我們在CF9上。Xero包裝器的ColdFusion oAuth RSA-SHA1授權
因此,在運行的GET請求的過程中,我得到以下錯誤:
signature_method_rejected
Private applications must use the RSA-SHA1 signature method
所以,它看起來像GET調用工作正常,但問題是有方法的簽名。我發現我的想法看起來像創建解決方案的人,具體如下:
<cffunction name="rsa_sha1" returntype="string" access="public" descrition="RSA-SHA1 computation based on supplied private key and supplied base signature string.">
<cfargument name="signKey" type="string" required="true" hint="base64 formatted PKCS8 private key">
<cfargument name="signMessage" type="string" required="true" hint="msg to sign">
<cfargument name="sFormat" type="string" required="false" default="UTF-8">
<cfset var jKey = JavaCast("string", arguments.signKey)>
<cfset var jMsg = JavaCast("string",arguments.signMessage).getBytes(arguments.sFormat)>
<cfset var key = createObject("java", "java.security.PrivateKey")>
<cfset var keySpec = createObject("java","java.security.spec.PKCS8EncodedKeySpec")>
<cfset var keyFactory = createObject("java","java.security.KeyFactory")>
<cfset var b64dec = createObject("java", "sun.misc.BASE64Decoder")>
<cfset var sig = createObject("java", "java.security.Signature")>
<cfset var byteClass = createObject("java", "java.lang.Class")>
<cfset var byteArray = createObject("java","java.lang.reflect.Array")>
<cfset byteClass = byteClass.forName(JavaCast("string","java.lang.Byte"))>
<cfset keyBytes = byteArray.newInstance(byteClass, JavaCast("int","1024"))>
<cfset keyBytes = b64dec.decodeBuffer(jKey)>
<!--- keyBytes = 48-111-10345-125-5349-114-581835-28-330-3984120-2848-4384-1-43 --->
<cfset sig = sig.getInstance("SHA1withRSA", "SunJSSE")>
<!--- error occurs on the line below --->
<cfset sig.initSign(keyFactory.getInstance("RSA").generatePrivate(keySpec.init(keyBytes)))>
<cfset sig.update(jMsg)>
<cfset signBytes = sig.sign()>
<cfreturn ToBase64(signBytes)>
</cffunction>
它接受下列參數:
SFORMAT UTF-8
SIGNKEY 0JxxxxxxxxxxxxxxxxxxxP&
SIGNMESSAGE GET&https%3A%2F%2Fapi.xero.com%2Fapi.xro%2F2.0%2FContacts&contactid%3D%26contactnumber%3D%26name%3D7-Eleven%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxx%26oauth_nonce%3Dxxxxxxxxxxxxxxxx%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1339055484%26oauth_version%3D1.0
然而,這將產生以下錯誤:
Could not read BER data.(ASN1Lengths.determineLengthLen: length greater than 0x7FFF,FFFF.)
ColdFusion cannot determine the line of the template that caused this error. This is often caused by an error in the exception handling subsystem.
任何人都可以解釋這一點嗎?
編輯 ----
有一個鏈接,上傳的公共證書,我做到了。這也是一個說明:「注意,對於私人應用程序,消費者令牌和祕密也被用作訪問令牌和祕密。」所以我假設我需要顯示那裏的「消費者機密」值以簽署請求。既然如此,我如何將該密鑰值轉換爲簽名的RSA-SH1格式?
你是如何生成密鑰的? – Leigh
我們使用的是oauth庫http://oauth.riaforge.org/。請注意,在我的示例中,我用「x」s屏蔽了大部分密鑰 – user460114
我相信您需要生成您自己的'RSA'私鑰。然後將「base64格式的PKCS8私鑰」字符串提供給上面的函數。 [Google Oauth文檔](https://developers.google.com/gdata/docs/auth/oauth#GeneratingKeyCert)描述了一種方法,另一種方法[此處顯示](http://www.houseoffusion.com/groups /cf-talk/thread.cfm/threadid:62277)。 – Leigh