oAuth 1.0使用CryptoPP [英] oAuth 1.0 using CryptoPP
问题描述
我正在尝试使用CryptoPP库在C ++ / MFC中实现oAuth 1.0来执行HMAC-SHA1。我不能重复 RFC 5849 中给出的示例。据我所知,我已经正确实现了它,但我得到了不同的签名。
I am trying to implement oAuth 1.0 in C++/MFC using the CryptoPP library to do the HMAC-SHA1. I can't repeat the example given in RFC 5849. As far as I can tell I have implemented it properly, but I'm getting a different signature.
//Example oAuth
verb="POST";
url="http://example.com/request";
parameters="b5=%3D%253D&"
"a3=a&"
"c%40=&"
"a2=r%20b&";
postData = "c2&a3=2+q";
realm="Example";
key="9djdj82h48djs9d2";
secret="j49sk3j29djd";
currTime=137131201;
token="kkk9d7dh3k39sjv7";
token_secret="dh893hdasih9";
nonce="7d8f3e4a";
if(parameters.Right(1)=="&") parameters=parameters.Left(parameters.GetLength()-1);
if(postData.Left(1)=="&") postData=postData.Mid(2);
//oauth.Format("oauth_consumer_key=%s&oauth_token=%s&oauth_version=\"1.0\"&oauth_signature_method=HMAC-SHA1&oauth_nonce=%s&oauth_timestamp=%d",
oauth.Format("oauth_consumer_key=%s&oauth_token=%s&oauth_signature_method=HMAC-SHA1&oauth_nonce=%s&oauth_timestamp=%d",
key, token, nonce, currTime);
oauth.Replace("&oauth_token=&","&");
oauth.Replace("&oauth_nonce=&","&");
if(!parameters.IsEmpty()) parameters = parameters+"&"+oauth;
else parameters = oauth;
if(!postData.IsEmpty()) parameters = parameters+"&"+postData;
parameters.Replace("+", "%20");
nParameters = SplitString(parameters, ¶meterList, "&", NULL, true);
Alphabetize(nParameters, ¶meterList);
for(i=0, parameters.Empty(); i<nParameters; i++){
parameters+=parameterList[i];
if(parameterList[i].Find('=')<1) parameters+="=";
if(i<nParameters-1) parameters+="&";
}
//Prepare authentication string
signature_base = verb + L"&" + UrlEncode(url) + L"&" + UrlEncode(parameters);
//Example oAuth should be:
//POST&http%3A%2F%2Fexample.com%2Frequest&a2%3Dr%2520b%26a3%3D2%2520q%26a3%3Da%26b5%3D%253D%25253D%26c%2540%3D%26c2%3D%26oauth_consumer_key%3D9djdj82h48djs9d2%26oauth_nonce%3D7d8f3e4a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D137131201%26oauth_token%3Dkkk9d7dh3k39sjv7
signature_key = UrlEncode(secret) + L"&" + UrlEncode(token_secret);
//Example oAuth should be:
//j49sk3j29djd&dh893hdasih9
try{
CryptoPP::HMAC< CryptoPP::SHA1 > hmac((const byte*) signature_key.c_str(), signature_key.length());
CryptoPP::StringSource(signature_base, true,
new CryptoPP::HashFilter(hmac,
new CryptoPP::Base64Encoder(
new CryptoPP::StringSink(signature_base64)
) // Base64Encoder
) // HashFilter
); // StringSource
}catch(const CryptoPP::Exception& e){
strError.Format("Cryptography Error: %s", e.what());
throw strError;
}
signature = UrlEncode(signature_base64.c_str());
signature.Trim();
//Example oAuth should be:
//bYT5CMsGcbgUdFHObYMEfcx6bsw%3D
我得到的相同的签名基本字符串如3.4.1.1节所示,我按照3.4.2节中的说明组装密钥。不幸的是,我获得r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D签名而不是RFC中的值。
我做错了什么?
I'm getting the same signature base string as shown in section 3.4.1.1 and I'm assembling the key according to the directions in section 3.4.2. Unfortunately I'm getting r6%2FTJjbCOr97%2F%2BUU0NsvSne7s5g%3D for the signature as opposed to the value in the RFC.
What am I doing wrong?
推荐答案
无奈之下,我联系了RFC 5849的作者,他立即回复了这个地址,表明我的实施一直都是正确的:
< a href =http://www.rfc-editor.org/errata_search.php?rfc=5849> http://www.rfc-editor.org/errata_search.php?rfc=5849 [< a href =http://www.rfc-editor.org/errata_search.php?rfc=5849target =_ blanktitle =新窗口> ^ ]
希望有一天能帮助别人!
In desperation, I contacted the author of RFC 5849 and he promptly replied this this address that shows my implementation was right all along:
http://www.rfc-editor.org/errata_search.php?rfc=5849[^]
Hopefully that helps someone else someday!
这篇关于oAuth 1.0使用CryptoPP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
