正如我之前所质疑的那样,多亏了这位好心人,我想出了一些办法。但是我仍然在寻找正确的解决方案,因为我无法在 JWT 不记名令牌中包含我通过 openssl rsa 创建的证书的私钥。
代码是这样的。
class Salesforce
def initialize
@cert_file = File.join(File.dirname(__FILE__), *%w[server.crt])
@base_url = "https://test.salesforce.com"
@auth_endpoint = "/services/oauth2/authorize"
@token_request_endpoint = "/services/oauth2/token"
@token_revoke_endpoint = "/services/oauth2/revoke"
@username = "aben@example.jp"
@client_id = "3zasdaJhXdjDVZasdaasvasXgO2bCyJriuKHyasfasgqaVxkE7jVKI"
@private_key = OpenSSL::PKey::RSA.new(File.read(@cert_file)) this occurs an error.
end
def claim_set
{
iss: @client_id,
sub: @username,
aud: @base_url,
exp: (Time.now + 3.minutes).to_i.to_s
}
end
def jwt_bearer_token
JWT.encode(self.claim_set.to_s, @private_key , 'RS256')
end
def request_auth
post = {grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer", assertion: jwt_bearer_token}
uri = URI.parse("#{@base_url}#{@token_request_endpoint}")
https = Net::HTTP.new(uri.host, 443)
https.use_ssl = true
response = https.post(uri.path, post.to_query)
print response.body
end
print Salesforce.new.request_auth
end
在 server.crt 中,有一个看起来像这样的键。
-----BEGIN CERTIFICATE-----
asdaMIasdasdaIDasmzCCAoMCFCw3alkjsbd;vjabsojAaskjbfvdojsPZO46QOo2uBHE5
MEvzvBYlXMA0GCSqGSIb3DQEBCwUAMIGJdfkjbna;ksljn;fljvsnljjkasdvasasdva
MQsasfasiujbnvoabs@ojvojansoj;dnJBJBBJN+KJNB+b;jb;jnavjsnbfdjb;jasda
bkjbkjbkjBKJBKJBKJBibasdkjbkbKHBKBJBKJBKJBKJBKJBKJBKJVBIVUJHBIKasdva
JABIDVIHVBIAKJBSKJBVIJDKJJKBhvhdkvkakbikhidhvihabidhbaindjansiasdva
bfoaubodfuOkfFZDwejVQ11I3C8IIC
-----END CERTIFICATE-----
并且错误说 5:in initialize': 既不是 PUB 密钥也不是 PRIV 密钥:没有足够的数据 (OpenSSL::PKey::RSAError)
○我想知道在单行证书中使用\n是否可以解决这个问题(我尝试过像下面这样的但它无法解决。也许我尝试的方式错误,我没有使用ENV,因为我不不知道怎么设置。)
COMPANY_KEY="-----BEGIN CERTIFICATE REQUEST-----\nMasdfIasdsfIasdasCzzCasgasdf\nAasdfa2asdfa2z\n-----END CERTIFICATE REQUEST-----"
○不知道证书的类型对不对。我发现有人持有类似这样的证书。
-----BEGIN RSA CERTIFICATE-----
asdaMIasdasdaIDasmzCCAoMCFCw3alkjsbd;vjabsojAaskjbfvdojsPZO46QOo2uBHE5
MEvzvBYlXMA0GCSqGSIb3DQEBCwUAMIGJdfkjbna;ksljn;fljvsnljjkasdvasasdva
MQsasfasiujbnvoabs@ojvojansoj;dnJBJBBJN+KJNB+b;jb;jnavjsnbfdjb;jasda
bkjbkjbkjBKJBKJBKJBibasdkjbkbKHBKBJBKJBKJBKJBKJBKJBKJVBIVUJHBIKasdva
JABIDVIHVBIAKJBSKJBVIJDKJJKBhvhdkvkakbikhidhvihabidhbaindjansiasdva
bfoaubodfuOkfFZDwejVQ11I3C8IIC
-----END RSA CERTIFICATE-----
我不知道如何解决这个问题。如果您能帮助我,我将不胜感激。
谢谢。