将一个clientsecret转换成一个私钥 [英] Convert a clientsecret into a private key

问题描述

我正在AppEngine中使用Google云端存储，并试图使用POST表单将文件上传到GCS。我遇到的问题是签署政策文件所需的步骤。我可以很容易地从API Console给我的 client_secrets.json 中获取client_secret，它是一个字符串。然而，为了创建签名，我需要将该字符串转换为 PrivateKey 对象。以下是我的代码的样子：

  //创建策略文档并对其进行编码
 String policyDocument = ... //为简洁省略
 String encodedPolicy = Base64.encodeString（policyDocument）; 
 
 //使用带RSA的SHA256签名
 String secretKey = ... //我从client_secrets.json获取它$ b $ Signature sig = Signature.getInstance（SHA256withRSA）; 
 sig.initSign（secretKey）; //这就是问题！ 
 sig.update（encodedPolicy.getBytes（UTF-8））; 
 String signature = new String（Base64.encode（sig.sign（）））; 
 
 //将值放入请求属性中，以便我们可以从JSP 
中获取它们req.setAttribute（policy，encodedPolicy）; 
 req.setAttribute（签名，签名）; 
  

如上所述，我的问题在于行

  sig.initSign（secretKey）; //这就是问题！ 
  

secretKey 是一个字符串。 Signature.initSign（）需要一个 PrivateKey ，或者它的一个后代对象。如何将 client_secrets.json 中的字符串转换为可以传递 Signature.initSign ？

任何帮助将不胜感激。谢谢

好的，这就是我现在所处的位置。我尝试了下面的建议，并且所有文档都敦促我使用从Google API控制台下载的client_secrets.json文件中的client_secret ，而不是服务帐户。此外，我试图构建用户上传的示例，而不是服务帐户。

我在另一页上找到了以下代码：

  public static String signPolicyDocument（String policyDocument，String secret）{
 try {
 Mac mac = Mac.getInstance（HmacSHA256）; 
 byte [] secretBytes = secret.getBytes（）; 
 SecretKeySpec signingKey = new SecretKeySpec（secretBytes，HmacSHA256）; 
 mac.init（signingKey）; 
 byte [] signedSecretBytes = mac.doFinal（policyDocument.getBytes（））; 
返回新的字符串（Base64.encode（signedSecretBytes））; 
} catch（InvalidKeyException e）{
抛出新的RuntimeException（e）; 
} catch（NoSuchAlgorithmException e）{
抛出新的RuntimeException（e）; 
} 
  

它让我完成整个过程......直到我提交由此产生的形式。然后我得到以下回应：

 我们计算的请求签名与您提供的签名不匹配。检查您的Google密钥和签名方法。 
  

寻找什么签名方法？

解决方案

要从Appengine上传文件到GCS，您可以使用blobstore Api。按照在GCS中使用Blobstore 。好处是您不必担心密钥，代码也更简单。

I'm working with Google Cloud Storage in AppEngine and I'm attempting to use a POST form to upload a file to GCS. The problem I'm having is with the steps needed to sign the policy document. I can easily fetch the client_secret, which is a String from the client_secrets.json that the API Console gave me. however, in order to create a signature, I need to convert that string into a PrivateKey object. Here's what my code looks like:

//create the policy document and encode it
String policyDocument = ...  //omitted for brevity
String encodedPolicy = Base64.encodeString(policyDocument);

//sign using SHA256 with RSA
String secretKey = ... //I fetch this from client_secrets.json
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initSign(secretKey); //THIS IS THE PROBLEM!  
sig.update(encodedPolicy.getBytes("UTF-8"));        
String signature = new String(Base64.encode(sig.sign()));

//put the values in the request attributes so we can fetch them from a JSP
req.setAttribute("policy", encodedPolicy);
req.setAttribute("signature", signature);

As noted above, my problem is in the line

sig.initSign(secretKey); //THIS IS THE PROBLEM!  

secretKey is a String. Signature.initSign() expects a PrivateKey, or one of its descendant objects. How do I convert the string in the client_secrets.json into a PrivateKey (or derived) object that I can pass Signature.initSign?

Any help would be greatly appreciated. Thanks

OK, here's where I am right now. I tried the suggestions below, and all of the documentation is urging me to use the client_secret in the client_secrets.json file downloaded from the Google API console, not the service account. And besides, I'm trying to construct an example of a user's upload, not a service account.

I found the following code on another page:

public static String signPolicyDocument(String policyDocument, String secret) {     
try {
        Mac mac = Mac.getInstance("HmacSHA256");
        byte[] secretBytes = secret.getBytes();
        SecretKeySpec signingKey = new SecretKeySpec(secretBytes, "HmacSHA256");
        mac.init(signingKey);
        byte[] signedSecretBytes = mac.doFinal(policyDocument.getBytes());          
        return new String(Base64.encode(signedSecretBytes));
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }

And it gets me all the way through the process...until I submit the resulting form. Then I get the following response:

The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.

What signing method is it looking for?

解决方案

To upload a file to GCS from Appengine you can use the blobstore Api. Follow the steps described in Using Blobstore with GCS. The advantage is that you don't have to worry about keys and the code is much simpler.

这篇关于将一个clientsecret转换成一个私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！