堆棧內存溢出
  簡體   English   中英

Veracode Rest API 只返回 401 未授權

[英]Veracode Rest API is only returning 401 unauthorized

 原文  2019-10-30 14:25:50       c#/ veracode

問題描述

我一直在嘗試使用 Veracode API 來觸發動態分析,但是按照 Veracode 文檔,我得到的只是未經授權的 401。 我采用了 Veracode 提供的示例 C# 代碼並插入了我的 API 密鑰和 ID,但仍然沒有結果。 任何見解將不勝感激。

程序.cs

    {
        private const string AuthorizationHeader = "Authorization";
        private const string ApiId = "snip";
        private const string ApiKey = "snip";

        public static void Main(string[] args)
        {
            try
            {
                const string urlBase = "api.veracode.com/was/configservice/v1";
                const string urlPath = "/analyses";
                var urlParams = string.Empty;
                const string httpVerb = "GET";

                var webClient = new WebClient
                {
                    BaseAddress = $"https://{urlBase}"
                };

                var authorization = HmacAuthHeader.HmacSha256.CalculateAuthorizationHeader(ApiId, ApiKey, urlBase, urlPath, urlParams, httpVerb);

                webClient.Headers.Add(AuthorizationHeader, authorization);

                var result = webClient.DownloadString(urlPath);

                Console.WriteLine(result);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }
            finally
            {
                Console.WriteLine("Press any key to continue.");
                Console.ReadKey();
            }
        }
    } 
}

HmacAuthHeader.cs

public abstract class HmacAuthHeader
    {
        private static readonly RNGCryptoServiceProvider RngRandom = new RNGCryptoServiceProvider();

        public static readonly HmacAuthHeader HmacSha256 = new HmacSha256AuthHeader();

        private sealed class HmacSha256AuthHeader : HmacAuthHeader
        {
            protected override string GetHashAlgorithm() { return "HmacSHA256"; }

            protected override string GetAuthorizationScheme() { return "VERACODE-HMAC-SHA-256"; }

            protected override string GetRequestVersion() { return "vcode_request_version_1"; }

            protected override string GetTextEncoding() { return "UTF-8"; }

            protected override int GetNonceSize() { return 16; }

            internal HmacSha256AuthHeader() { }
        }

        protected abstract string GetHashAlgorithm();
        protected abstract string GetAuthorizationScheme();
        protected abstract string GetRequestVersion();
        protected abstract string GetTextEncoding();
        protected abstract int GetNonceSize();

        protected string CurrentDateStamp()
        {
            return ((long)((TimeSpan)(DateTime.UtcNow - new DateTime(1970, 1, 1))).TotalMilliseconds).ToString();
        }

        protected byte[] NewNonce(int size)
        {
            byte[] nonceBytes = new byte[size];
            RngRandom.GetBytes(nonceBytes);

            return nonceBytes;
        }

        protected byte[] ComputeHash(byte[] data, byte[] key)
        {
            HMAC mac = HMAC.Create(GetHashAlgorithm());
            mac.Key = key;

            return mac.ComputeHash(data);
        }

        protected byte[] CalculateDataSignature(byte[] apiKeyBytes, byte[] nonceBytes, string dateStamp, string data)
        {
            byte[] kNonce = ComputeHash(nonceBytes, apiKeyBytes);
            byte[] kDate = ComputeHash(Encoding.GetEncoding(GetTextEncoding()).GetBytes(dateStamp), kNonce);
            byte[] kSignature = ComputeHash(Encoding.GetEncoding(GetTextEncoding()).GetBytes(GetRequestVersion()), kDate);

            return ComputeHash(Encoding.GetEncoding(GetTextEncoding()).GetBytes(data), kSignature);
        }

        public string CalculateAuthorizationHeader(string apiId, string apiKey, string hostName, string uriString, string urlQueryParams, string httpMethod)
        {
            try
            {
                if (urlQueryParams != null)
                {
                    uriString += (urlQueryParams);
                }
                string data = $"id={apiId}&host={hostName}&url={uriString}&method={httpMethod}";
                string dateStamp = CurrentDateStamp();
                byte[] nonceBytes = NewNonce(GetNonceSize());
                byte[] dataSignature = CalculateDataSignature(FromHexBinary(apiKey), nonceBytes, dateStamp, data);
                string authorizationParam = $"id={apiId},ts={dateStamp},nonce={ToHexBinary(nonceBytes)},sig={ToHexBinary(dataSignature)}";

                return GetAuthorizationScheme() + " " + authorizationParam;
            }
            catch (Exception e)
            {
                throw new Exception(e.Message, e);
            }
        }

        public static string ToHexBinary(byte[] bytes)
        {
            return new SoapHexBinary(bytes).ToString();
        }

        public static byte[] FromHexBinary(string hexBinaryString)
        {
            return SoapHexBinary.Parse(hexBinaryString).Value;
        }

        public static bool IsValidHexBinary(string hexBinaryString)
        {
            if (hexBinaryString != null)
            {
                try
                {
                    byte[] bytes = FromHexBinary(hexBinaryString);
                    return bytes != null;
                }
                catch (Exception) { }
            }

            return false;
        }

        public static bool IsValidAuthHeaderToken(string authHeaderToken)
        {
            if (authHeaderToken != null)
            {
                // For valid Authorization header token syntax see https://www.ietf.org/rfc/rfc2617.txt, https://www.ietf.org/rfc/rfc2068.txt
                bool isMatch = Regex.IsMatch(authHeaderToken, "^[\\x21\\x23-\\x27\\x2A-\\x2B\\x2D-\\x2E\\x30-\\x39\\x41-\\x5A\\x5E-\\x7A\\x7C\\x7E]+$");

                return isMatch;
            }

            return false;
        }

        private HmacAuthHeader() { }
    }
}

1 個解決方案

解決方案1
 0  2019-10-30 16:09:22

您正在調用的 function 是:

CalculateAuthorizationHeader(string apiId, string apiKey, string hostName, string uriString, string urlQueryParams, string httpMethod)

所以你的urlBase需要是api.veracode.com而不是api.veracode.com/was/configservice/v1 您的 urlPath 應該是/was/configservice/v1/analyses

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 嘗試訪問REST API時為401(未經授權) 后續 REST API 請求出現 401 未經授權的錯誤 Azure EventHubs REST API 401未經授權 Trello Rest API 創建卡返回 401 Unauthorized - 但只能通過代碼 401(未經授權)| 宇宙DB rest API | rest-from-.net SharePoint 2019 Search REST API Is Returning 401 Unauthorized - When Called from C# Using Basic Authorization Request Header 休息呼叫WebException 401僅在混合身份驗證Webapp中未經授權 REST API在嘗試對其進行POST時返回401未經授權的異常 ASP.NET CORE REST API(401 未經授權) HP ALM 12.21 REST API - 401 未經授權 - C#
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM