我们正在尝试为我们现有的 netsuite 集成实施基于令牌的身份验证,并且新的实施对于未启用两因素身份验证的 netsuite 帐户按预期工作。
从 netsuite 文档中我们了解到,启用了两因素身份验证的帐户需要注意的额外事项很少。根据文档,我们需要生成一个 OTP 并将其与 Authorization 标头一起发送。要生成 OTP 网络套件,建议遵循此链接。我们已经实现了相同的 c#。但是当在授权标头中使用生成的 OTP 时,我们收到了无效登录尝试错误。Netsuite 登录审核日志显示“ errorsecondfator ”。下面是我们的实现
public string generateTOTP(string key,int returnDigits)
{
ulong T = new TOTP_SHA1(key).CounterNow();
string time = T.ToString("X");
string result = null;
// Using the counter
// First 8 bytes are for the movingFactor
// Compliant with base RFC 4226 (HOTP)
while (time.Length < 16)
time = "0" + time;
var hexString1 = ConvertStringToHex(key,Encoding.Default);
byte[] msg = hexStr2Bytes(time);
byte[] k = hexStr2Bytes(hexString1);
byte[] hash = hmac_sha(k, msg);
// put selected bytes into result int
int offset = hash[hash.Length - 1] & 0xf;
int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);
int otp = binary % DIGITS_POWER[returnDigits];
result = Convert.ToString(otp);
while (result.Length < returnDigits)
{
result = "0" + result;
}
return result;
}
private static int[] DIGITS_POWER { get; set; } = { 1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000 };
private byte[] K;
public TOTP_SHA1(string tfasecretkey)
{
K = Encoding.ASCII.GetBytes(tfasecretkey);
}
public UInt64 CounterNow(int T1 = 30)
{
var secondsSinceEpoch = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
return (UInt64)Math.Floor(secondsSinceEpoch / T1);
}
private static byte[] hexStr2Bytes(String hex)
{
return Enumerable.Range(0, hex.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
.ToArray();
}
private static byte[] hmac_sha(byte[] keyBytes,byte[] text)
{
var hmac = HMACSHA512.Create();
hmac.Key = keyBytes;
return hmac.ComputeHash(text);
}
public static string ConvertStringToHex(String input, System.Text.Encoding encoding)
{
Byte[] stringBytes = encoding.GetBytes(input);
StringBuilder sbBytes = new StringBuilder(stringBytes.Length * 2);
foreach (byte b in stringBytes)
{
sbBytes.AppendFormat("{0:X2}", b);
}
return sbBytes.ToString();
}
netsuite 支持团队关于此错误的反馈是 otp 生成的不符合要求。
任何帮助,将不胜感激。提前致谢。