堆棧內存溢出
  簡體   English   中英

HMAC-SHA1 Swift 3-403禁止

[英]HMAC-SHA1 Swift 3 - 403 Forbidden

 原文  2017-07-06 06:27:14       ios/ swift/ digital-signature/ hmac/ kong

問題描述

我正在嘗試從Swift 3到kong服務器執行HMAC-SHA1簽名,然后將其重定向到Twitter主機(要在Kong上啟用HMAC-跟隨https://getkong.org/plugins/hmac-authentication/

我在Swift中使用了相同的密鑰和用戶名。 使用密鑰在當前日期執行HMAC-SHA1並將請求發送到http:// localhost:8000 / @ foo

Swift 3代碼: 

override func viewDidLoad() {
    super.viewDidLoad()
    let date = Date()
    let currentDateF = DateFormatter()
    let localeF = Locale(identifier: "en_US")
    let tzone = TimeZone(identifier: "UTC")
    currentDateF.dateFormat = "EEE, dd MMM yyyy HH:mm:ss z"
    currentDateF.timeZone = tzone
    currentDateF.locale = localeF
    let currentDate = currentDateF.string(from: date)
    let dat = "date: \(currentDate)"
    let username = "bar"
    let hmacResult: String = dat.getHmac(algorithm: .SHA1, key: "foo")
    HTTPrequest(Datestr: currentDate, hmacAuth: hmacResult, username: username)
}

func HTTPrequest(Datestr: String, hmacAuth: String, username: String) {
    let url = URL(string: "http://localhost:8000/@foo")
    var request = URLRequest(url: url!)
    request.addValue(Datestr, forHTTPHeaderField: "date")
    request.addValue("twitter.com", forHTTPHeaderField: "Host")
    request.setValue("hmac username='\(username)', algorithm='hmac-sha1', headers='date', signature='\(hmacAuth)'", forHTTPHeaderField: "Authorization")
    let dataTask = URLSession.shared.dataTask(with: request) {
        (data,response,error) in
        if error != nil {
            print(error!)
        }
        print("DATA RETURNED: \(data!)")
        let str = String(data: data!, encoding: .utf8)
        print("VALUE: \(str!)")
        print("RESPONSE: \(response!)")
    }
    dataTask.resume()
}


enum hmacAlgo {
    case SHA1
    func  toHMACAlgorithm() -> CCHmacAlgorithm {
        var result: Int = 0
        switch self {
        case .SHA1:
            result = kCCHmacAlgSHA1
        }
        return CCHmacAlgorithm(result)
    }

    func digestLength() -> Int {
        var result: CInt = 0
        switch self {
        case .SHA1:
            result = CC_SHA1_DIGEST_LENGTH
        }
        return Int(result)
    }
}

extension String  {
    func getHmac(algorithm: hmacAlgo, key: String) -> String {
        let stringData = self.cString(using: String.Encoding.ascii)
        let keyData = key.cString(using: String.Encoding.ascii)
        var result = [CUnsignedChar](repeating: 0, count: Int(algorithm.digestLength()))
        CCHmac(algorithm.toHMACAlgorithm(), keyData!, Int(strlen(keyData!)), stringData!, Int(strlen(stringData!)), &result)
        let hmacData: NSData = NSData(bytes: result, length: (Int(algorithm.digestLength())))
        let hmacb64 = hmacData.base64EncodedString(options: NSData.Base64EncodingOptions.lineLength76Characters)
        return hmacb64
    }
}

但是我收到403狀態碼-禁止使用消息說明無法驗證HMAC簽名

1 個解決方案

解決方案1
 0 已采納  2017-07-07 19:55:04

解決了, 

request.setValue("hmac username=\"\(username)\", algorithm=\"hmac-sha1\", headers=\"date\", signature=\"\(hmacAuth)\"", forHTTPHeaderField: "Authorization")

我只是用雙引號將字符串包裝在授權標頭中,然后發送了請求。 謝謝。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 使用HMAC-SHA1簽署oAuth請求 IOS HMAC-SHA1與標准Java HMAC-SHA1不同 適用於iOS的HMAC-SHA1可以匹配Yahoo的OAuth API調用 在iOS / Objective-c Ruby / Rails中匹配Base64編碼的HMAC-SHA1字符串 快速實施HMAC和SHA1加密 如何在swift 3中生成OAuth1 HMAC SHA1簽名 iOS上的HMAC SHA 384 linkedin獲取個人資料-請求失敗:禁止(403)錯誤swift xcode ios HMAC SHA 256哈希 使用HMAC SHA1的CCKeyDerivationPBKDF經常返回-1
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM