我正在尝试使用该页面上的示例Java代码验证OpenSocial 0.7 signed request。我认为它应该以这种方式工作,但我仍然会收到signature_invalid错误。
主要验证码:
// NOTE: req = HttpServletRequest
// check for hyves
if (!"hyves.nl".equals(req.getParameter("oauth_consumer_key"))) {
throw new RuntimeException("Only hyves supported");
}
// update hyves' certificate
getHyvesCert(req.getParameter("xoauth_signature_publickey"));
// construct message object
OAuthMessage oaMessage = new OAuthMessage(req.getMethod(), getRequestUrl(req), getParameters(req));
// validate message
// (will throw exception if invalid)
new SimpleOAuthValidator().validateMessage(oaMessage, new OAuthAccessor(OAUTH_CONSUMER_HYVES));
OAUTH_CONSUMER_HYVES:
private static final OAuthServiceProvider OAUTH_THIS = new OAuthServiceProvider(null, null, null);
private static final OAuthConsumer OAUTH_CONSUMER_HYVES = new OAuthConsumer(null, "hyves.nl", null, OAUTH_THIS);
getHyvesCert:
public void getHyvesCert(String name) {
synchronized(certLoadLock) {
// in reality this is code that downloads the certificate
// with the specified name, but this is the result
hyvesCert = "---BEGIN CERTIFICATE---- etc...";
OAUTH_CONSUMER_HYVES.setProperty(RSA_SHA1.X509_CERTIFICATE, hyvesCert);
}
}
方法getRequestUrl和getParameters为directly copied from here。
答案 0 :(得分:1)
我发现了问题。 getRequestUrl()返回了错误的URL,因为Tomcat位于nginx代理后面。因此,虽然发件人使用网址“ http://example.com/bla ”来签署请求,但服务器正在使用“ http://example.com:8080/bla “验证它。