提问人:Enamul Haque 提问时间:9/18/2023 最后编辑:ProgmanEnamul Haque 更新时间:9/28/2023 访问量:128
duosecurity 中请求凭据中的签名无效
Invalid signature in request credentials in duosecurity
问:
我正在使用双重安全。但是当我想使用 duo api 调用时,它会在请求凭据中显示无效签名。这是错误:
{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}
这是我的代码..
public class DuoAdminAPIClient {
public static void main(String[] args) {
// Replace with your Duo Admin API credentials
String integrationKey = "DI7ABPU9TUJQO14RET9Q";
String secretKey = "YzDs7ZeQGMllravxDQxcn4jNAwyqF42P1XBDdGd2";
String apiHostname = "api-d221a358.duosecurity.com";
// Create an HttpClient instance
HttpClient httpClient = HttpClients.createDefault();
try {
// Define the user's attributes
String username = "enamul_haque001";
String userFirstName = "Enamul";
String userLastName = "Haque";
// Construct the request body JSON
String createUserRequestBody = String.format(
"{\"username\": \"%s\", \"first_name\": \"%s\", \"last_name\": \"%s\"}",
username, userFirstName, userLastName
);
// Define the API endpoint
String createUserUrl = "https://" + apiHostname + "/admin/v1/users";
// Generate the API signature
// String timestamp = Long.toString(System.currentTimeMillis() / 1000);
String timestamp = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);
String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;
String signature = generateHmacSha1Signature(sigPayload, secretKey);
// Create the HTTP POST request
HttpPost createUserRequest = new HttpPost(createUserUrl);
createUserRequest.addHeader("Authorization", "Basic " + Base64.encodeBase64String((integrationKey + ":" + signature).getBytes()));
createUserRequest.addHeader("Content-Type", "application/json");
createUserRequest.addHeader("Date", timestamp);
createUserRequest.setEntity(new StringEntity(createUserRequestBody));
// Send the request and get the response
HttpResponse createUserResponse = httpClient.execute(createUserRequest);
HttpEntity createUserEntity = createUserResponse.getEntity();
String createUserResponseString = EntityUtils.toString(createUserEntity);
// Print the response (you can parse it to extract relevant information)
System.out.println("Create User Response: " + createUserResponseString);
} catch (Exception e) {
e.printStackTrace();
}
}
private static String generateHmacSha1Signature(String payload, String secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(keySpec);
byte[] result = mac.doFinal(payload.getBytes());
return Base64.encodeBase64String(result);
}
}
代码有什么问题? 请帮帮我
答:
0赞
divyang4481
9/28/2023
#1
您的签名 Payload 格式错误
String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;
请参阅以下链接
您可以在以下方法中找到
String canonRequest(String date, int sigVersion)
此方法将帮助您构造正确的 signPayload /CanonRequest
评论