0

我正在使用 grails 插件:oauth 2.1.0 连接到 oauth API。
Vitadock 需要 HMACSHA256 来编码基本签名字符串,所以我创建了一个 HMACSha256SignatureService.groovy 来做它并自定义 TargetScaleApi.groovy

HMACSha256SignatureService.groovy

import javax.crypto.*
import javax.crypto.spec.*

import org.apache.commons.codec.binary.*
import org.scribe.exceptions.*
import org.scribe.services.SignatureService
import org.scribe.utils.*

public class HMACSha256SignatureService implements SignatureService {
    private static final String EMPTY_STRING = "";
    private static final String CARRIAGE_RETURN = "\r\n";
    private static final String UTF8 = "UTF-8";
    private static final String HMAC_SHA256 = "HMACSHA256";
    private static final String METHOD = "HMAC-SHA256";

    /**
     * {@inheritDoc}
     */
    public String getSignature(String baseString, String apiSecret, String tokenSecret) {
        try {
            println baseString
            Preconditions.checkEmptyString(baseString, "Base string cant be null or empty string");
            Preconditions.checkEmptyString(apiSecret, "Api secret cant be null or empty string");
            return doSign(baseString, OAuthEncoder.encode(apiSecret) + '&' + OAuthEncoder.encode(tokenSecret));
        }
        catch (Exception e) {
            throw new OAuthSignatureException(baseString, e);
        }
    }

    private String doSign(String toSign, String keyString) throws Exception {
        SecretKeySpec key = new SecretKeySpec((keyString).getBytes(UTF8), HMAC_SHA256);
        Mac mac = Mac.getInstance(HMAC_SHA256);
        mac.init(key);
        byte[] bytes = mac.doFinal(toSign.getBytes(UTF8));
        String a = new String(Base64.encodeBase64(bytes)).replace(CARRIAGE_RETURN, EMPTY_STRING)
        println a
        return a;
    }

    public String getSignatureMethod() {
        return METHOD;
    }
}

TargetScaleApi.groovy

import org.scribe.builder.api.DefaultApi10a
import org.scribe.model.Token
import org.scribe.services.SignatureService

class TargetScaleApi extends DefaultApi10a {
    private static final String AUTHORIZE_URL = "https://vitacloud.medisanaspace.com/auth?oauth_token=%s"
    @Override
    public String getAccessTokenEndpoint() {
        return "https://vitacloud.medisanaspace.com/auth/accesses/verify"
    }

    @Override
    public String getAuthorizationUrl(Token requestToken) {
        return String.format(AUTHORIZE_URL, requestToken.getToken());
    }

    @Override
    public String getRequestTokenEndpoint() {
        return "https://vitacloud.medisanaspace.com/auth/unauthorizedaccesses"
    }

    @Override
    public SignatureService getSignatureService() {
       return new HMACSha256SignatureService();
    }
}

但我收到一条错误消息:无效签名。

<b>message</b>Invalid signature (jBbmlITCOBuIN3KfVB8glzv1sftrx1v7MvNyAJkiGTU%3D, expected: Ia21vjqskdBXrRE%2BngpHqaP4GJV3hfUGOt0ksGVcgk0%3D) [Base Parameter String: oauth_consumer_key=V5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L&amp;oauth_nonce=897870535&amp;oauth_signature_method=HMAC-SHA256&amp;oauth_timestamp=1372069427&amp;oauth_version=1.0, Base Signature String: POST&amp;https%3A%2F%2Fvitacloud.medisanaspace.com%2Fauth%2Funauthorizedaccesses&amp;oauth_consumer_key%3DV5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L%26oauth_nonce%3D897870535%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1372069427%26oauth_version%3D1.0] [authorization = OAuth oauth_callback=&quot;http%3A%2F%2Flocal.mydatainnet.axonactive.vn%3A8080%2Faa-mdin-web-client-2.0.1%2Foauth%2Fcallback%3Fprovider%3Dtargetscale&quot;, oauth_signature=&quot;jBbmlITCOBuIN3KfVB8glzv1sftrx1v7MvNyAJkiGTU%3D&quot;, oauth_version=&quot;1.0&quot;, oauth_nonce=&quot;897870535&quot;, oauth_signature_method=&quot;HMAC-SHA256&quot;, oauth_consumer_key=&quot;V5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L&quot;, oauth_timestamp=&quot;1372069427&quot;, content-type = application/x-www-form-urlencoded, cache-control = no-cache, pragma = no-cache, user-agent = Java/1.6.0_25, host = vitacloud.medisanaspace.com, accept = text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2, connection = keep-alive, content-length = 0, ]

感谢您的
帮助

4

1 回答 1

0

我相信 VitaDock 实现了 Oauth 1.0 ( https://github.com/Medisana/vitadock-api/wiki/Definitions )。如果您使用的是面向 oauth 2.1.0 的插件,那么这可能是错误的根源。

于 2014-01-07T18:19:54.753 回答