>我正在尝试连接到Apple的News API。生成签名时,每个不同示例中的结果都相同。但是,我不断收到此错误:
{">错误":[{"代码":"WRONG_SIGNATURE"}]}这是我的 c# 代码来生成身份验证标头。
public class Security
{
public static string AuthHeader(string method, string url, object content=null)
{
var apiKeyId = "<YOUR KEY HERE...>"; //we get this value from our settings file.
var apiKeySecret = "<YOUR SECRET HERE...>"; //we get this value from our settings file.
if ( string.IsNullOrEmpty(apiKeyId) || string.IsNullOrEmpty(apiKeySecret)) return string.Empty;
var encoding = new ASCIIEncoding();
var dt = DateTime.Now.ToString(Constants.DateFormat);
var canonicalRequest = string.Format("{0}{1}{2}", method, url, dt);
var key = Convert.FromBase64String(apiKeySecret);
var hmac = new HMACSHA256(key);
var hashed = hmac.ComputeHash(encoding.GetBytes(canonicalRequest));
var signature = Convert.ToBase64String(hashed);
var authorizaton = string.Format(@"HHMAC; key={0}; signature={1}; date={2}", apiKeyId, signature, dt);
return authorizaton;
}
}
常量类的简短版本
public static class Constants
{
public static readonly string ChannelId = "<YOUR CHANNEL ID HERE...>"; //again from our settings file
public static readonly string BaseUrl = "https://news-api.apple.com";
public static readonly string DateFormat = "yyyy-MM-ddTHH:mm:ssK";
}
Actions 类的简短版本(SendCommand 是执行请求的方法(
public class Actions
{
public static string SendCommand(string action, string method)
{
var url = $"{Constants.BaseUrl}{action}";
var authheader = Security.AuthHeader(method, url, null);
var request = (HttpWebRequest)WebRequest.Create(url);
request.Method = method;
request.Timeout = 1000;
request.Headers.Add("Authorization", authheader);
request.Accept = "application/json";
request.ContentType = "application/json";
var output = string.Empty;
try
{
using (var response = request.GetResponse())
{
using (var reader = new StreamReader(response.GetResponseStream()))
output = reader.ReadToEnd();
}
}
catch (WebException e)
{
using (var reader = new StreamReader(e.Response.GetResponseStream()))
{
output = reader.ReadToEnd();
}
}
return output;
}
public static string ReadChannel()
{
var action = $"/channels/{Constants.ChannelId}";
const string method = "GET";
return SendCommand(action, method);
}
}
我正在使用读取通道方法进行测试。
我也尝试过php和ruby的例子,但没有运气。
任何想法如何正确做到这一点?
将从这篇文章的原始代码生成的授权字符串粘贴到小提琴手中,我能够从 Apple News API 获得成功的响应。似乎 HttpWebRequest 没有正确包含授权标头,并且使用属性 PreAuthenticate = true 提交相同的请求可以纠正此问题(HttpWebRequest.PreAuthenticate(。此外,对于 GET 请求,需要省略 ContentType,因此我也添加了一个条件语句来说明这一点。
public class Actions
{
public static string SendCommand(string action, string method)
{
var url = $"{Constants.BaseUrl}{action}";
var authheader = Security.AuthHeader(method, url, null);
var request = (HttpWebRequest)WebRequest.Create(url);
request.Method = method;
request.Timeout = 1000;
request.PreAuthenticate = true;
request.Headers.Add("Authorization", authheader);
request.Accept = "application/json";
if(method.Equals("post", StringComparison.InvariantCultureIgnoreCase))
request.ContentType = "application/json";
var output = string.Empty;
try
{
using (var response = request.GetResponse())
{
using (var reader = new StreamReader(response.GetResponseStream()))
output = reader.ReadToEnd();
}
}
catch (WebException e)
{
using (var reader = new StreamReader(e.Response.GetResponseStream()))
{
output = reader.ReadToEnd();
}
}
return output;
}
public static string ReadChannel()
{
var action = $"/channels/{Constants.ChannelId}";
const string method = "GET";
return SendCommand(action, method);
}
}
该错误抱怨我们计算签名的方式有问题。让我们看一下 Apple 生成正确签名的示例代码,如下所示:
https://developer.apple.com/documentation/apple_news/apple_news_api/about_the_news_security_model
不幸的是,我只找到了Python代码。我也不了解 Python,但我可以弄清楚足够多的东西来调整它以显示签名。我们还需要确切知道使用了什么日期值。
import base64
from hashlib import sha256
import hmac
from datetime import datetime
channel_id = 'cdb737aa-FFFF-FFFF-FFFF-FFFFFFFFFFFF'
api_key_id = '240ab880-FFFF-FFFF-FFFF-FFFFFFFFFFFF'
api_key_secret = 'HgyfMPjFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF='
url = 'https://news-api.apple.com/channels/%s' % channel_id
date = str(datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"))
canonical_request = 'GET' + url + date
key = base64.b64decode(api_key_secret)
hashed = hmac.new(key, canonical_request, sha256)
signature = hashed.digest().encode("base64").rstrip('n')
print date
print signature
你可以在这里看到结果(短链接指向 tutorialspoint.com,这是我在谷歌上找到的第一个在线python解释器(:
http://tpcg.io/e1W4p1
如果您不信任该链接,请知道我能够使用它根据这些已知输入找出以下已知正确的签名:
方法:GET
网址:https://news-api.apple.com/channels/cdb737aa-FFFF-FFFF-FFFF-FFFFFFFFFFFF
日期时间:2018-06-12T18:15:45Z
API 密钥:HgyfMPjFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF=
签名:f3cOzwH7HGYPg481noBFwKgVOGAhH3jy7LQ75jVignA=
现在我们可以编写可以验证的 C# 代码。当我们可以使用这些相同的输入来产生相同的签名结果时,我们将拥有正确的代码。
基于此,我能够编写以下 C# 代码:
public static void Main()
{
string method = "GET";
string url = "https://news-api.apple.com/channels/cdb737aa-FFFF-FFFF-FFFF-FFFFFFFFFFFF";
string dateString = "2018-06-12T18:15:45Z";
string apiKeySecret = "HgyfMPjFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF=";
var MyResult = GetSignature(method, url, dateString, apiKeySecret);
var DocumentedResult = "f3cOzwH7HGYPg481noBFwKgVOGAhH3jy7LQ75jVignA=";
Console.WriteLine(MyResult);
Console.WriteLine(MyResult == DocumentedResult);
}
public static string GetSignature(string method, string url, string dt, string APISecret)
{
var hmac = new HMACSHA256(Convert.FromBase64String(APISecret));
var hashed = hmac.ComputeHash(Encoding.ASCII.GetBytes(method + url + dt));
return Convert.ToBase64String(hashed);
}
您可以在此处看到其操作:
https://dotnetfiddle.net/PQ73Zv
我没有自己的Apple API密钥可以测试,所以这是我能带你去的。
我从问题中注意到的一件事是Apple的示例在日期字符串的末尾有一个"Z",而原始代码在这里缺少该字符串。