duosecurity 中请求凭据中的签名无效

Invalid signature in request credentials in duosecurity

提问人:Enamul Haque 提问时间:9/18/2023 最后编辑:ProgmanEnamul Haque 更新时间:9/28/2023 访问量:128

问:

我正在使用双重安全。但是当我想使用 duo api 调用时,它会在请求凭据中显示无效签名。这是错误:

{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}

这是我的代码..

public class DuoAdminAPIClient {
    public static void main(String[] args) {
        // Replace with your Duo Admin API credentials
        String integrationKey = "DI7ABPU9TUJQO14RET9Q";
        String secretKey = "YzDs7ZeQGMllravxDQxcn4jNAwyqF42P1XBDdGd2";
        String apiHostname = "api-d221a358.duosecurity.com";

        // Create an HttpClient instance
        HttpClient httpClient = HttpClients.createDefault();

        try {
            // Define the user's attributes
            String username = "enamul_haque001";
            String userFirstName = "Enamul";
            String userLastName = "Haque";

            // Construct the request body JSON
            String createUserRequestBody = String.format(
                    "{\"username\": \"%s\", \"first_name\": \"%s\", \"last_name\": \"%s\"}",
                    username, userFirstName, userLastName
            );

            // Define the API endpoint
            String createUserUrl = "https://" + apiHostname + "/admin/v1/users";

            // Generate the API signature
         //   String timestamp = Long.toString(System.currentTimeMillis() / 1000);
            String timestamp = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);
            String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;
            String signature = generateHmacSha1Signature(sigPayload, secretKey);

            // Create the HTTP POST request
            HttpPost createUserRequest = new HttpPost(createUserUrl);
            createUserRequest.addHeader("Authorization", "Basic " + Base64.encodeBase64String((integrationKey + ":" + signature).getBytes()));
            createUserRequest.addHeader("Content-Type", "application/json");
            createUserRequest.addHeader("Date", timestamp);
            createUserRequest.setEntity(new StringEntity(createUserRequestBody));

            // Send the request and get the response
            HttpResponse createUserResponse = httpClient.execute(createUserRequest);
            HttpEntity createUserEntity = createUserResponse.getEntity();
            String createUserResponseString = EntityUtils.toString(createUserEntity);

            // Print the response (you can parse it to extract relevant information)
            System.out.println("Create User Response: " + createUserResponseString);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static String generateHmacSha1Signature(String payload, String secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(keySpec);
        byte[] result = mac.doFinal(payload.getBytes());
        return Base64.encodeBase64String(result);
    }
}

代码有什么问题? 请帮帮我

Java Duo安全

评论


答:

0赞 divyang4481 9/28/2023 #1

您的签名 Payload 格式错误

      String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;

请参阅以下链接

https://github.com/duosecurity/duo_client_java/blob/ec8d0e8070e64e8f015e54a38e555818136e0bc6/duo-client/src/main/java/com/duosecurity/client/Http.java

您可以在以下方法中找到

String canonRequest(String date, int sigVersion)

此方法将帮助您构造正确的 signPayload /CanonRequest