OAuth 401 未经授权

Question

所以仍在学习，但我从下面的代码中收到了未经授权的错误 401。我知道 OAuth 标头在邮递员中工作，所以我假设 POST 请求 / Auth 标头有问题？有什么想法吗？

//set timestamp
            Long timestamp = System.currentTimeMillis()/1000;
            //set nonce ***** call from main system*************************************************************
            String aString = randomAlphaNumeric(11);
            // other stuff
            RestTemplate restTemplate = new RestTemplate();
            restTemplate.getMessageConverters().add(new StringHttpMessageConverter());
            HttpHeaders headers = new HttpHeaders();
            String url = "aURL";
            headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
           // String auth = Base64.getEncoder().encodeToString(credentials.getBytes());
            List<NameValuePair> oauthHeaders = new ArrayList<>(9);
            oauthHeaders.add(new BasicNameValuePair("oauth_consumer_key", "aKey"));
            oauthHeaders.add(new BasicNameValuePair("oauth_nonce", aString));
            oauthHeaders.add(new BasicNameValuePair("oauth_timestamp", String.valueOf(timestamp)));
            oauthHeaders.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
            oauthHeaders.add(new BasicNameValuePair("oauth_version", "1.0"));
            //generate signature
            //encode
            String encodedURL = encode(oauthHeaders.toString());
            System.out.println("encoded URL:" +encodedURL);
            //form base string
            String baseString = "POST&"+encode(url).toString()+encodedURL;
            System.out.println("Base String:  "+baseString);
            //form signature
            byte[] byteHMAC = null;
            try {

                Mac mac = Mac.getInstance("HmacSHA1");
                SecretKeySpec spec;
                if (null == secretKey) {
                    String signingKey = encode(secretKey) + '&';
                    spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");
                } else {
                    String signingKey = encode(secretKey) + '&' + encode(secretKey);
                    spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");
                }
                mac.init(spec);
                byteHMAC = mac.doFinal(baseString.getBytes());
            } catch (Exception e) {
                e.printStackTrace();
            }
            String signature = new BASE64Encoder().encode(byteHMAC);
            System.out.println("oauth signature:    "+signature);


            //set signature to params
            oauthHeaders.add(new BasicNameValuePair("oauth_signature", signature));
            String test = "OAuth "+oauthHeaders.toString();
            headers.set("Authorization", test);
            MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
            map.add("Name",name.toString());
            map.add("Region",region.toString());


            HttpEntity<MultiValueMap<String, String>> requestEntity= new HttpEntity<MultiValueMap<String, String>>(headers, map);
            System.out.println(requestEntity);
            ResponseEntity<String> response= restTemplate.exchange(url ,HttpMethod.POST, requestEntity, String.class);
            System.out.println(response.toString());
            HttpStatus status = response.getStatusCode();
            status.toString();
            if(status.equals("200")){
                Notification.show("Employer" + name +" added successfully");
            }
            else{
                Notification.show("Unsuccessful, error: "+status);
            }


        }

出于显而易见的原因删除了 URL 和使用者密钥/签名。

以下系统输出也可能有所帮助：

编码参数： %5Boauth_consumer_key%3aKey%2C%20oauth_nonce%3DWZU8H1B5JA6%2C%20oauth_timestamp%3D1511621759%2C%20oauth_signature_method%3DHMAC-SHA1%2C%20oauth_version%3D1.0%5D

基本字符串：POST&https%3A%2F%2Fapi.test.payrun.io%2FEmployer%5Boauth_consumer_key%3aKey%2C%20oauth_nonce%3DWZU8H1B5JA6%2C%20oauth_timestamp%3D1511621759%2C%20oauth_signature_method%3DHMAC-SHA1%2C%20%3DHMAC-SHA1%2C%20 3D1.0%5D

oauth 签名：DlRJGSzgRIItzz+LzMbgnIfbOqU=

Answer 1

oauth_signature 的值是错误的。您使用asignature 作为oauth_signature 的值，但您必须为您的请求计算正确的值并将其设置为oauth_signature。如果oauth_signature 的值错误，服务器会拒绝你的请求。有关详细信息，请参阅RFC 5849（OAuth 1.0 协议）中的 “3.4. Signature”。

Answer 2

对于任何想要完成这项工作的人，请参阅下面的完整 OAuth 生成器示例:)：

public class oAuthGenerator {
private String httpMethod;
    private String params;
    private String url;
    //Required for percent encoding
    private static final String ENC = "ASCII";
    //Required for nonce
    private static final String ALPHA_NUMERIC_STRING = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
    //As provided by Payrun.io
    private static final String secretKey = "aSecretKey";
    //As provided by Payrun.io
    private static final String consumerKey ="aConsumerKey";
    private List veriList;

    //Constructor for setting signature base string values.
    //@Param url needs to be percent encoded
    //@Param params needs to be percent encoded, this is done @Method generateOAuth()
    public oAuthGenerator(String httpMethod,String url )throws Exception {
        veriList= new ArrayList<String>();
        veriList.add("POST");
        veriList.add("GET");
        veriList.add("PUT");
        veriList.add("DELETE");

        if (veriList.contains(httpMethod)){
        this.httpMethod = httpMethod+"&";}
            this.url = URLEncoder.encode(url,ENC)+"&";
    }

    //A method used to generate the OAuth Authorization header
    //@Method randomAlphaNumeric() calls internal method using instance variable ALPHA_NUMERIC_STRING
    //@Method getSignature() returns String HMACSHA1 > Base64 encoded value of httpMethod,url,params
    public String generateOAuth()throws Exception{
        //Set timestamp as seconds from 01-01-1970
        Timestamp timestamp = new Timestamp(System.currentTimeMillis()/1000);
        Long aTimestamp = timestamp.getTime();
        //Set nonce which is a 10 digit random, non repeating alpha-numeric value
        String aNonce = randomAlphaNumeric(10);
        //Normalize and form param string
        String normalizedParams = "oauth_consumer_key="+consumerKey+"&"+"oauth_nonce="+aNonce+"&"+"oauth_signature_method="+"HMAC-SHA1"+"&"+"oauth_timestamp="+ aTimestamp.toString()+"&"+"oauth_version="+"1.0";
        //Percent encoded params
        params = URLEncoder.encode(normalizedParams,ENC);
        //Set signature variable
        String signature = getSignature();
        //place into required format
        String oAuthResult = "OAuth "+"oauth_version="+"\"1.0\""+","+"oauth_consumer_key="+"\"" + consumerKey + "\""+","+"oauth_signature_method="+"\"HMAC-SHA1\""+","+"oauth_timestamp="+"\""+aTimestamp+"\""+","+"oauth_nonce="+"\""+aNonce+"\""+","+"oauth_signature="+"\""+signature+"\"";
        return oAuthResult;
    }
    // A method designed to return a hashed and base64 encoded value.
    //@Param aString holds HMAC-SHA1 and Base 64 encoded value of variables httpMethod,url,params
    //@Param result holds percent encoded value of aString
    private String getSignature()
            throws Exception {
        //form base string
        StringBuilder base = new StringBuilder();
        base.append(httpMethod);
        base.append(url);
        base.append(params);
        //Set SecretKey of variable secretKey using HMAC-SHA1 algorithm
        SecretKey signingKey = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
        // Get an hmac_sha1 Mac instance and initialize with the signing key
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signingKey);
        // Compute the hmac on input data bytes, then encode to Base64
        String aString = Base64.getEncoder().encodeToString(mac.doFinal(base.toString().getBytes(ENC))).trim();
        //Percent encoded the Base64 value
        String result = URLEncoder.encode(aString, ENC);
        return new String(result);

    }

    //Required for nonce, returns a random alpha numeric value by using variable ALPHA_NUMERIC_STRING
    private static String randomAlphaNumeric(int count) {
        StringBuilder builder = new StringBuilder();
        while (count-- != 0) {
            int character = (int)(Math.random()*ALPHA_NUMERIC_STRING.length());
            builder.append(ALPHA_NUMERIC_STRING.charAt(character));
        }
        return builder.toString();
    }
}