Question

我正在尝试使用Scribe从这里使用示例来使用Atlassian Jira：

https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication

任何人都有运气吗？

这是我得到的：

public class JiraAPI extends DefaultApi10a {

static final String BASE = "http://xasdf:8080/plugins/servlet";

 @Override
 public String getAccessTokenEndpoint()
 {
   return BASE + "/oauth/access-token";
 }

 @Override
 public String getAuthorizationUrl(Token requestToken)
 {
   return BASE + "/oauth/authorize?oauth_token="+requestToken.getToken();
 }

 @Override
 public String getRequestTokenEndpoint()
 {
   return BASE + "/oauth/request-token";
 }

 @Override
 public SignatureService getSignatureService() {
    return new RSASha1SignatureService(getPrivateKey());
 }

private static PrivateKey getPrivateKey()
  {
    String str = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMPQ5BCMxlUq2TYy\n"+
                 "iRIoEUsz6HGTJhHuasS2nx1Se4Co3lxwxyubVdFj8AuhHNJSmJvjlpbTsGOjLZpr\n"+
                 "HyDEDdJmf1Fensh1MhUnBZ4a7uLrZrKzFHHJdamX9pxapB89vLeHlCot9hVXdrZH\n"+
                 "nNtg6FdmRKH/8gbs8iDyIayFvzYDAgMBAAECgYA+c9MpTBy9cQsR9BAvkEPjvkx2\n"+
                 "XL4ZnfbDgpNA4Nuu7yzsQrPjPomiXMNkkiAFHH67yVxwAlgRjyuuQlgNNTpKvyQt\n"+
                 "XcHxffnU0820VmE23M+L7jg2TlB3+rUnEDmDvCoyjlwGDR6lNb7t7Fgg2iR+iaov\n"+
                 "0iVzz+l9w0slRlyGsQJBAPWXW2m3NmFgqfDxtw8fsKC2y8o17/cnPjozRGtWb8LQ\n"+
                 "g3VCb8kbOFHOYNGazq3M7+wD1qILF2h/HecgK9eQrZ0CQQDMHXoJMfKKbrFrTKgE\n"+
                 "zyggO1gtuT5OXYeFewMEb5AbDI2FfSc2YP7SHij8iQ2HdukBrbTmi6qxh3HmIR58\n"+
                 "I/AfAkEA0Y9vr0tombsUB8cZv0v5OYoBZvCTbMANtzfb4AOHpiKqqbohDOevLQ7/\n"+
                 "SpvgVCmVaDz2PptcRAyEBZ5MCssneQJAB2pmvaDH7Ambfod5bztLfOhLCtY5EkXJ\n"+
                 "n6rZcDbRaHorRhdG7m3VtDKOUKZ2DF7glkQGV33phKukErVPUzlHBwJAScD9TqaG\n"+
                 "wJ3juUsVtujV23SnH43iMggXT7m82STpPGam1hPfmqu2Z0niePFo927ogQ7H1EMJ\n"+
                 "UHgqXmuvk2X/Ww==";

    try
    {
      KeyFactory fac = KeyFactory.getInstance("RSA");
      PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(str.getBytes()));
      return fac.generatePrivate(privKeySpec);
    }
    catch (Exception e)
    {
      throw new RuntimeException(e);
    }
  }
}

其他基于OAuth的提供商一直很容易使用Scribe，但是这个提供程序总是来自debug的“oauth_problem = signature_invalid”：

生成签名...... 基本字符串是：POST＆amp; http％3A％2F％2Fxasdf％3A8080％2Fplugins％2Fservlet％2Foauth％2Frequest-token＆amp; oauth_callback％3Doob％26oauth_consumer_key％3Dhardcoded-consumer％26oauth_nonce％3D1556398454％26oauth_signature_method％3DRSA-SHA1％26oauth_timestamp％3D1357151719％ 26oauth_version％3D1.0 签名是：AJugUeZGup5dZvjNjx6bec6OrAszZVK + pMrTzahZbbzKzGkbli7okBy2KO5ww + OtqqnHWRgyzfWnQ0k6R5U0JzjR4QiOANJuwV8Un1NTZsrK32daefCp2uZ6W2d2Y / fmIl3toyCjAx41c3oJ78572vVFmBGihHUTUOYTlFP1X3M = 附加额外的OAuth参数：{oauth_callback - ＆gt; oob，oauth_signature - ＆gt; AJugUeZGup5dZvjNjx6bec6OrAszZVK + pMrTzahZbbzKzGkbli7okBy2KO5ww + OtqqnHWRgyzfWnQ0k6R5U0JzjR4QiOANJuwV8Un1NTZsrK32daefCp2uZ6W2d2Y / fmIl3toyCjAx41c3oJ78572vVFmBGihHUTUOYTlFP1X3M =，oauth_version - ＆GT; 1.0，oauth_nonce - ＆gt; 1556398454，oauth_signature_method - ＆gt; RSA-SHA1，oauth_consumer_key - ＆gt; hardcoded-consumer，oauth_timestamp - ＆gt; 1357151719}

使用Http Header签名发送请求... 响应状态代码：401

线程“main”中的异常org.scribe.exceptions.OAuthException：响应正文不正确。不能提取令牌和秘密从这样的：“oauth_signature = AJugUeZGup5dZvjNjx6bec6OrAszZVK％2BpMrTzahZbbzKzGkbli7okBy2KO5ww％2BOtqqnHWRgyzfWnQ0k6R5U0JzjR4QiOANJuwV8Un1NTZsrK32daefCp2uZ6W2d2Y％2FfmIl3toyCjAx41c3oJ78572vVFmBGihHUTUOYTlFP1X3M％3D＆放大器; oauth_signature_base_string = POST％26http％253A％252F％252Ftracker％253A8080％252Fplugins％252Fservlet％252Foauth％252Frequest令牌％26oauth_callback％253Doob ％2526oauth_consumer_key％253Dhardcoded消费者％2526oauth_nonce％253D1556398454％2526oauth_signature_method％253DRSA-SHA1％2526oauth_timestamp％253D1357151719％2526oauth_version％253D1.0＆安培; oauth_problem = signature_invalid＆安培; oauth_signature_method = RSA-SHA1' 响应身体：oauth_signature = AJugUeZGup5dZvjNjx6bec6OrAszZVK％2BpMrTzahZbbzKzGkbli7okBy2KO5ww％2BOtqqnHWRgyzfWnQ0k6R5U0JzjR4QiOANJuwV8Un1NTZsrK32daefCp2uZ6W2d2Y％2FfmIl3toyCjAx41c3oJ78572vVFmBGihHUTUOYTlFP1X3M％3D＆安培; oauth_signature_base_string = POST％26http％253A％252F％252Ftracker％253A8080％252Fplugins％252Fservlet％252Foauth％252Frequest令牌％26oauth_callback％253Doob％2526oauth_consumer_key％253Dhardcoded消费者％2526oauth_nonce ％253D1556398454％2526oauth_signature_method％253DRSA-SHA1％2526oauth_timestamp％253D1357151719％2526oauth_version％253D1.0＆安培; oauth_problem = signature_invalid＆安培; oauth_signature_method = RSA-SHA1 at org.scribe.extractors.TokenExtractorImpl.extract（TokenExtractorImpl.java:41）

Answer 1

据我所知，您不能将Scribe与JIRA / Atlassian OAuth一起使用，因为Scribe不支持RSA-SHA1签名，但这是Atlassian的OAuth提供商中唯一可用的签名。

我能找到的唯一支持此方法的Java库是在问题中链接的示例代码中使用的库 - net.oauth one。

Answer 2

我使用提供的RSASha1SignatureService使用scribe 1.3.6工作，这里是我如何提取私钥（来自PKCS＃8 PEM文件，带有{的文件{1}}标头，而不是BEGIN PRIVATE KEY，即SSLeay格式）

BEGIN RSA PRIVATE KEY

Scribe和Atlassian休息

2 个答案: