调用服务器到服务器CloudKit Web服务时出现授权错误 [英] Authorization error on call to server-to-server CloudKit Web Services

问题描述

我正在尝试与CloudKit Web服务实现一些基本集成，此和关于如何正确处理的此问题授权请求，并且似乎正确地遵循了所有步骤，但是我仍然从Apple处收到401 AUTHENTICATION_FAILED错误.

I'm attempting to implement some basic integration with CloudKit web services, following Apple's guide for authenticating requests. I've followed some help from this and this question as to how to properly authorize requests, and seem to be following all steps correctly, but I'm still getting a 401 AUTHENTICATION_FAILED error from Apple.

我要定位的端点是一个给定记录名称的POST端点，用于检索记录.

The endpoint I'm targeting is a POST endpoint for retrieving a record, given a record name.

我在代码中添加了注释，以显示在各个阶段得到的输出，并且我使用了替代证书，因此我没有提供真正的私钥:

I've added comments to my code to show the outputs i get at various stages, and I've used an alternative certificate so i'm not providing my genuine private key:

def self.signature(parameters, date, image_id)
    #date: 2016-08-14T14:32:20Z

    #parameters: {"records":[{"recordName":"7DBC4FAD-D18C-476A-89FB-14A515098F34"}]}

    encoded_parameters = Digest::SHA256.base64digest(parameters)

    #encoded_parameters: 6gmJ4AvmJgkNY4SJm6ImOxZaZ07J7cih/tRXI0zkRjQ=

    url_subpath = CloudKit.url_subpath

    #url_subpath: /database/1/iCloud.ProjectDent.TwIM/development/public/records/lookup

    message = date + ':' + encoded_parameters + ':' + url_subpath

    #message: 2016-08-14T14:23:35Z:6gmJ4AvmJgkNY4SJm6ImOxZaZ07J7cih/tRXI0zkRjQ=:/database/1/iCloud.ProjectDent.TwIM/development/public/records/lookup

    private_key = OpenSSL::PKey.read(File.read('altkey.pem'))

    signature = private_key.dsa_sign_asn1(OpenSSL::Digest::SHA256.digest(message))

    #signature: -? WX?xfc???ɔ???,?Ț?Փv?3+Xt!?$R?_Y?×*?,?3??Z-\#?ŭ?Ƿh

    encoded_signature = Base64.strict_encode64(signature)

    #encoded_signature: MEUCIFdYlHhmrxoIY8KW1tT6yZT17bYsP8ia09WTdpEzK1h0AiEA0yRSh39fWYHDlyqJLNgzhr9aLVwj2cWtkse3aA0tGZI=

    return encoded_signature
end

def self.headers(parameters, image_id)
    date = Time.now.utc.iso8601

    signature = self.signature(parameters, date, image_id)

    headers = {
        'X-Apple-CloudKit-Request-KeyID' => CloudKit.key_id,
        'X-Apple-CloudKit-Request-ISO8601Date' => date,
        'X-Apple-CloudKit-Request-SignatureV1' => signature
    }

    #headers (key id masked): {"X-Apple-CloudKit-Request-KeyID"=>"123456", "X-Apple-CloudKit-Request-ISO8601Date"=>"2016-08-14T14:32:20Z", "X-Apple-CloudKit-Request-SignatureV1"=>"MEUCIFdYlHhmrxoIY8KW1tT6yZT17bYsP8ia09WTdpEzK1h0AiEA0yRSh39fWYHDlyqJLNgzhr9aLVwj2cWtkse3aA0tGZI="}

    return headers
end

def self.fetch_image(image_id)
    url = CloudKit.url
    parameters = CloudKit.parameters(image_id).to_json
    headers = CloudKit.headers(parameters, image_id)

    begin
        response = RestClient.post(url, parameters, headers)
        puts 'response'
        puts response.code
        puts response.to_str
    rescue => e
        puts 'rescued: ' + e.to_s
    end
end

最终结果是:

已救援:401未经授权

rescued: 401 Unauthorized

我不确定我在做什么错-我似乎确实正确地遵循了所有步骤.希望日志可以帮助某人了解这可能出了什么问题.

I'm not sure what I'm doing wrong here - I do seem to be following all steps correctly. Hopefully the logs can help someone understand where this might be going wrong.

推荐答案

在签名之前，您需要将参数转换为JSON.并确保发送与签名副本相同的JSON字符串.

You need to convert the parameters to JSON before signing. And make sure to send the same JSON string as the signed copy.

这篇关于调用服务器到服务器CloudKit Web服务时出现授权错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！