我在 NETSUITE 中不断收到 Invalid signature 错误

Question

我正在尝试通过 API 登录 Netsuite，但它不断给我无效签名错误。我检查了其他答案和博客，但找不到丢失的内容。我更改了顺序并按字母顺序手动添加了参数，但仍然出现相同的错误。 AccountId 包含“_”符号，而 URL 包含“-”符号。 在随机测试期间出现一两次，它显示无效的时间戳错误，但仍然无法正常工作，我不记得究竟是什么错误导致了这个问题。
我正在提供所有必需的详细信息作为输入，例如

1. 令牌 ID
2. 令牌秘密
3. 客户密钥
4. 客户机密
5. 帐户编号
6. 网址

这是我的代码：

public class OAuthSignatureGenerator {

  Encoder encode;

  public String generateOauthHeader(String method, UserFields userFields, String baseUrl) {
    long timestamp = new Date().getTime() / 1000;

    String nonce = getAlphaNumericString();


    ArrayList<String> parameters = new ArrayList<>();
    parameters.add(ApplicationConstants.CONSUMER_KEY + "=" + userFields.getConsumerKey());
    parameters.add(ApplicationConstants.NONCE + "=" + nonce);
    parameters.add(ApplicationConstants.SIGNATURE_METHOD_KEY + "="
    + ApplicationConstants.SIGNATURE_METHOD_VAL);
    parameters.add(ApplicationConstants.TIMESTAMP + "=" + timestamp);
    parameters.add(ApplicationConstants.OAUTH_TOKEN + "=" + userFields.getTokenId());
    parameters.add(ApplicationConstants.VERSION_KEY + "=" + ApplicationConstants.VERSION_VAL);

    /*
     * parameters.add("oauth_consumer_key=\"" + userFields.getConsumerKey()+"\"");
     * parameters.add(ApplicationConstants.NONCE + "=\"" + nonce+"\"");
     * parameters.add(ApplicationConstants.SIGNATURE_METHOD_KEY + "=\"" +
     * ApplicationConstants.SIGNATURE_METHOD_VAL+"\"");
     * parameters.add(ApplicationConstants.TIMESTAMP + "=\"" + timestamp+"\"");
     * parameters.add(ApplicationConstants.OAUTH_TOKEN + "=\"" + userFields.getTokenId()+"\"");
     * parameters.add(ApplicationConstants.VERSION_KEY + "=\"" +
     * ApplicationConstants.VERSION_VAL+"\"");
     */

    Collections.sort(parameters);

    StringBuffer parametersList = new StringBuffer();

    for (int i = 0; i < parameters.size(); i++) {
      parametersList.append(((i > 0) ? "&" : "") + parameters.get(i));
    }

    String signature = null;
    try {
      String signatureString = method + "&" + URLEncoder.encode(baseUrl, StandardCharsets.UTF_8)
      + "&" + URLEncoder.encode(parametersList.toString(), StandardCharsets.UTF_8);

      /*
       * method + "&" + URLEncoder.encode(baseUrl, StandardCharsets.UTF_8.toString()) +
       * URLEncoder.encode("&" + ApplicationConstants.CONSUMER_KEY + "=\"" +
       * userFields.getConsumerKey() + "\"&" + ApplicationConstants.NONCE + "=\"" + nonce + "\"&" +
       * ApplicationConstants.SIGNATURE_METHOD_KEY + "=\"" +
       * ApplicationConstants.SIGNATURE_METHOD_VAL + "\"&" + ApplicationConstants.TIMESTAMP + "=\""
       * + timestamp + "\"&" + ApplicationConstants.TOKEN_ID + "=\"" + userFields.getTokenId() +
       * "\"&" + ApplicationConstants.VERSION_KEY + "=\"" + ApplicationConstants.VERSION_VAL + "\"",
       * StandardCharsets.UTF_8.toString());
       */

      System.out.println("SignatureString = " + signatureString);
      // String signKey = URLEncoder.encode(userFields.getConsumerSecret(), StandardCharsets.UTF_8)
      // + "&" + URLEncoder.encode(userFields.getTokenSecret(), StandardCharsets.UTF_8);// +
      // userFields.getTokenSecret();

      SecretKeySpec signingKey = new SecretKeySpec(
      (userFields.getConsumerSecret() + "&" ).getBytes(),
      "HmacSHA256");

  

      Mac m = Mac.getInstance("HmacSHA256");
      m.init(signingKey);
      m.update(signatureString.getBytes());
      byte[] res = m.doFinal();
      signature = Base64Coder.encodeLines(res);
      // URLEncoder.encode(Base64.getEncoder().encodeToString(res), StandardCharsets.UTF_8);


  /*
   * OAuthHmacSigner signer = new OAuthHmacSigner(); signer.clientSharedSecret =
   * userFields.getConsumerSecret(); signer.tokenSharedSecret = userFields.getTokenSecret();
   * GenericUrl urlgen = new GenericUrl(baseUrl); OAuthParameters oauthParameters = new
   * OAuthParameters(); oauthParameters.consumerKey = userFields.getConsumerKey();
   * oauthParameters.token = userFields.getTokenId(); oauthParameters.nonce = nonce;
   * oauthParameters.signatureMethod = "HMAC-SHA256"; oauthParameters.timestamp =
   * String.valueOf(timestamp); oauthParameters.version = ApplicationConstants.VERSION_VAL;
   * oauthParameters.signer = signer; oauthParameters.computeSignature(method, urlgen);
   * oauthParameters.realm = userFields.getAccountId();
   * 
   * signature = oauthParameters.signature;
   */

    } catch (Exception e) {
      System.err.println("Unable to append signature");
    }

System.out.println("signature=    " + signature);

String authHeaderString = "OAuth " + ApplicationConstants.REALM + "=\""
    + userFields.getAccountId() + "\"," + ApplicationConstants.CONSUMER_KEY + "=\""
    + userFields.getConsumerKey() + "\"," + ApplicationConstants.OAUTH_TOKEN + "=\""
    + userFields.getTokenId() + "\"," + ApplicationConstants.SIGNATURE_METHOD_KEY + "=\""
    + ApplicationConstants.SIGNATURE_METHOD_VAL + "\"," + ApplicationConstants.TIMESTAMP + "=\""
    + timestamp + "\"," + ApplicationConstants.NONCE + "=\"" + nonce + "\","
    + ApplicationConstants.VERSION_KEY + "=\"" + ApplicationConstants.VERSION_VAL + "\","
    + ApplicationConstants.SIGNATURE + "=\"" // + signature
    + URLEncoder.encode(signature.trim(), StandardCharsets.UTF_8) + "\"";


System.out.println("authHeaderString = " + authHeaderString);

    return authHeaderString;
  }

  String getAlphaNumericString() {
    return UUID.randomUUID().toString().replace("-", "").substring(0, 10);
  }
}




 

Answer 1

尝试按此顺序生成标题

 String header = "Authorization: OAuth ";
            header += "oauth_signature=\"" + ApplicationConstants.signature + "\",";
            header += "oauth_version=\"1.0\",";
            header += "oauth_nonce=\"" + ApplicationConstants.nonce + "\",";
            header += "oauth_signature_method=\"HMAC-SHA256\",";
            header += "oauth_consumer_key=\"" + .ApplicationConstants.ckey + "\",";
            header += "oauth_token=\"" + ApplicationConstants.tkey + "\",";
            header += "oauth_timestamp=\"" + ApplicationConstants.timestamp + "\",";
            header += "realm=\"ApplicationConstants.REALM\"";