我试图按照每个访问控制的文档以及诸如azure-documentdb-node SDK之类的查询代码进行操作,但我无法这样做。
我收到以下错误:401未经授权:{“代码”:“未经授权”,“消息”:“输入授权令牌无法满足请求。请检查是否根据协议构建了预期的有效负载,并检查服务器使用以下有效负载进行签名:'post \ ndbs \ n \ n13 2015年4月18日21:05 gmt \ n \ n'\ r \ nActivityId:...
我的ruby代码如下所示:
require 'openssl'
require 'rest-client'
require 'base64'
require 'uri'
require 'json'
require 'time'
def get_databases url, master_key
time = Time.now.httpdate
authorization = get_master_auth_token "get", "", "dbs", time, master_key
header = { "authorization" => authorization, "x-ms-date" => time, "x-ms-version" => "2015-04-08" }
RestClient.get url, header
end
def get_master_auth_token verb, resource_id, resource_type, date, master_key
digest = OpenSSL::Digest::SHA256.new
key = Base64.decode64 master_key
text = verb + "\n" +
resource_type + "\n" +
resource_id + "\n" +
date + "\n" +
"\n"
hmac = OpenSSL::HMAC.digest digest, key, text.downcase
auth_string = "type=" + "master" + "&ver=" + "1.0" + "&sig=" + hmac
URI.escape auth_string
end
谢谢!
编辑:在Ryan的建议和示例之后,我将代码简化为以下代码段,该代码段应该与他发布的节点代码相匹配,但是在ruby中仍然失败:
def hard_coded_get_databases master_key, url
verb = "get"
resource_type = "dbs"
resource_id = ""
date = Time.now.httpdate
serv_version = '2014-08-21'
master_token = "master"
token_version = "1.0"
key = Base64.decode64 master_key
text = verb + "\n" + resource_type + "\n" + resource_id + "\n" + date + "\n\n"
body = text.downcase.force_encoding "utf-8"
signature = OpenSSL::HMAC.digest OpenSSL::Digest::SHA256.new, key, body
auth_token = URI.escape("type="+master_token + "&ver="+token_version + "&sig="+signature)
header = { "accept" => "application/json", "x-ms-version" => serv_version, "x-ms-date" => date, "authorization" => auth_token }
RestClient.get url, header
end
EDIT2:我相信我已经将问题隔离到如何进行主密钥身份验证。
以Ryan的示例为例,我们可以将其节点代码缩减如下:
var crypto = require("crypto")
function encode_message(masterKey, message) {
var key = new Buffer(masterKey, "base64"); // encode/decode? base64 the masterKey
var body = new Buffer(message.toLowerCase(), "utf8"); // convert message to "utf8" and lower case
return crypto.createHmac("sha256", key).update(body).digest("base64"); // encrypt the message using key
}
如果调用此节点代码,则可以产生以下密钥:
encode_message("blah", 'get\ncolls\n\nTue, 14 Apr 2015 13:34:22 GMT\n\n')
'IYlLuyZtVLx5ANkGMAxviDHgC/DJJXSj1gUGLvN0oM8='
如果我生成等效的ruby代码来创建身份验证,则我的ruby代码如下所示:
require 'base64'
require 'openssl'
def encode_message master_key, message
key = Base64.urlsafe_decode64 master_key
hmac = OpenSSL::HMAC.digest 'sha256', key, message
Base64.urlsafe_encode64 hmac
end
如果调用此代码,则会得到以下信息:
2.2.1 :021 > encode_message("blah", "get\ncolls\n\nTue, 14 Apr 2015 13:34:22 GMT\n\n")
=> "N6BL3n4eSvYA8dIL1KzlTIvR3TcYpdqW2UNPtKWrjP8="
显然,这2个编码的身份验证令牌是不同的。(Ryan再次非常感谢您提供的帮助)。
我找到了答案。感谢Magnus Stahre ...他是帮助我解决问题的人。
正如我所想到的,编码是这样:
def encode_message master_key, message
key = Base64.urlsafe_decode64 master_key
hmac = OpenSSL::HMAC.digest 'sha256', key, message.downcase
Base64.encode64(hmac).strip
end
我在代码中转换得太早了,而我的Base64.encode64却未能去除掉ruby最后添加的换行符。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句