我已经编写了一个Asp.net web APi 2,我用HMAC身份验证保护它,我可以使用此代码用C#查询
class Program
{
private const string _alg = "HmacSHA256";
private const string _salt = "hidden";
static void Main(string[] args)
{
RunAsync().Wait();
}
private static async Task RunAsync()
{
Console.WriteLine("Calling the back-end API");
string apiBaseAddress = "http://myapi.com/";
CustomDelegatingHandler customDelegatingHandler = new CustomDelegatingHandler();
HttpClient client = HttpClientFactory.Create(customDelegatingHandler);
HttpResponseMessage response = await client.GetAsync(apiBaseAddress + "api/students/186");
if (response.IsSuccessStatusCode)
{
string responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
Console.WriteLine("HTTP Status: {0}, Reason {1}. Press ENTER to exit", response.StatusCode, response.ReasonPhrase);
}
else
{
Console.WriteLine("Failed to call the API. Http Status: {0}, Reason {1}. Pess ENTER to exit", response.StatusCode, response.ReasonPhrase);
}
Console.ReadLine();
}
}
public class CustomDelegatingHandler : DelegatingHandler
{
private string APIId = ConfigurationManager.AppSettings["ApiId"];
private string APIKey = ConfigurationManager.AppSettings["ApiKey"];
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken )
{
HttpResponseMessage response = null;
string requestContentBase64String = string.Empty;
string requestUri = HttpUtility.UrlEncode(request.RequestUri.AbsoluteUri.ToLower());
string reqestHttpMethod = request.Method.Method;
DateTime epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc);
TimeSpan timeSpan = DateTime.UtcNow - epochStart;
string requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString();
string nonce = Guid.NewGuid().ToString("N");
if(request.Content != null)
{
byte[] content = await request.Content.ReadAsByteArrayAsync();
MD5 md5 = MD5.Create();
byte[] requestContentHash = md5.ComputeHash(content);
requestContentBase64String = Convert.ToBase64String(requestContentHash);
}
string signatureRawData = string.Format("{0}{1}{2}{3}{4}{5}", APIId, reqestHttpMethod, requestUri, requestTimeStamp, nonce, requestContentBase64String);
var secretKeyByteArray = Convert.FromBase64String(APIKey);
byte[] signature = Encoding.UTF8.GetBytes(signatureRawData);
using (HMACSHA256 hmac = new HMACSHA256(secretKeyByteArray))
{
byte[] signatureBytes = hmac.ComputeHash(signature);
string requestSignatureBase64String = Convert.ToBase64String(signatureBytes);
request.Headers.Authorization = new AuthenticationHeaderValue("amx", string.Format("{0}:{1}:{2}:{3}", APIId, requestSignatureBase64String, nonce, requestTimeStamp));
}
response = await base.SendAsync(request, cancellationToken);
return response;
}
}
然后我尝试将其重写为java但我的webservice返回401,我无法弄清楚它的错误,我能做什么?
String request = null;
String result = "";
URL url;
String requestContentBase64String = "";
HttpURLConnection urlConnection = null;
try {
url = new URL("http://mysapi.com");
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("GET");
Date epochStart = new Date(0);
String requestTimeStamp = "" + ((new Date().getTime() - epochStart.getTime()) / 1000);
String nonce = java.util.UUID.randomUUID().toString().replace("-", "");
if (request != null) {
byte[] content = request.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] requestContentHash = md.digest(content);
requestContentBase64String = Base64.getUrlEncoder().encodeToString(requestContentHash);
}
String signatureRawData = String.format("%s%s%s%s%s%s", ApiId, urlConnection.getRequestMethod(),
url.toString().toLowerCase(), requestTimeStamp, nonce, requestContentBase64String);
byte[] secretKeyByteArray = ApiKey.getBytes();
byte[] signature = signatureRawData.getBytes("UTF-8");
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secretKeyByteArray, "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] signatureBytes = sha256_HMAC.doFinal(signature);
String requestSignatureBase64String = Base64.getEncoder().encodeToString(signatureBytes);
String header = String.format("amx %s:%s:%s:%s", ApiId, requestSignatureBase64String, nonce,
requestTimeStamp);
urlConnection.setRequestProperty("Authorization", header);
InputStream in = urlConnection.getInputStream();
InputStreamReader reader = new InputStreamReader(in);
int data = reader.read();
while (data != -1) {
char current = (char) data;
result += current;
data = reader.read();
}
System.out.println(result);
}
catch (MalformedURLException e)
{
e.printStackTrace();
}
catch (IOException e)
{
e.printStackTrace();
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeyException e)
{
e.printStackTrace();
}
catch (Exception e)
{
e.printStackTrace();
}
答案 0 :(得分:1)
您的请求为空。
使用此代码,它对我有用。
String request = null;
String result = "";
String ApiId = "4d53bce03ec34c0a911";
String ApiKey = "A93reRTUJHsCuQSHR+L3GxqOJ";
String json = "";//"{\"key\":1}";
json = json + "{Password :'Test@123' }";
URL url;
String requestContentBase64String = "";
HttpURLConnection urlConnection = null;
try {
//url = new URL("http://mac3uat.jetprivilege.com/api/m1/v1/");
url = new URL("http://localhost:43326/api/m1/v1/EnrolAccount/IsPasswordValid");
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("POST");
urlConnection.setConnectTimeout(5000);
urlConnection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
urlConnection.setDoOutput(true);
urlConnection.setDoInput(true);
//conn.setRequestMethod("POST");
Date epochStart = new Date(0);
//String requestTimeStamp = "" + ((new Date().getTime() - epochStart.getTime()) / 1000);
String requestTimeStamp = "" + ((new Date().getTime() - epochStart.getTime()) / 1000);
//String requestTimeStamp = "1487513216";
String nonce = java.util.UUID.randomUUID().toString().replace("-", "");
if (json != null) {
byte[] content = json.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] requestContentHash = md.digest(content);
requestContentBase64String = Base64.getUrlEncoder().encodeToString(requestContentHash);
}
你的其余代码是正确的。