OpenAPI身份验证问题 – 签名计算

huangapple go评论81阅读模式
英文:

OpenAPI Authentication issues - signature calculation

问题

我正在为与HikCentral专业版OpenAPI的集成项目工作。

我想向API发送一些请求,但我无法正确进行身份验证。

我已经创建了合作伙伴的appKey和appSecret,但根据文档,我还必须使用HmacSHA-256和base64计算X-CA-Signature。

目前,我正在尝试通过Postman完成此操作,但在预请求脚本方面并没有太多的运气。

我在Postman内使用以下代码生成签名以设置为变量:

var signature = CryptoJS.HmacSHA256("secret-key").toString();
pm.environment.set("appSignature", signature);

上述代码不起作用(可能是因为缺少base64编码?),尽管CryptoJS是Postman内置库。

我还尝试在单独的Python脚本中生成签名:

import hashlib
import hmac
import base64

secret = "secret-key"

hashed = hmac.new(secret.encode(), b"", hashlib.sha256)
digest = hashed.digest()
base64_encoded = base64.b64encode(digest).decode()

print(base64_encoded)

我已经手动将上述编码的签名设置为Postman头部的值,但响应中出现了超时。

如果有帮助将不胜感激。

英文:

I am working on a project for an integration with HikCentral Professional OpenAPI.

I want to send a couple of requests to the API but I am unable to properly authenticate.

I have created partner appKey and appSecret but based on the documentation I have to also calculate X-CA-Signature with HmacSHA-256 and base64.

I am trying to do this through postman at the moment but I haven't had much luck with the pre-request scripts.

I used the following to generate the signature in JS inside postman in order to set it as a variable:

var signature = CryptoJS.HmacSHA256("secret-key").toString();
pm.environment.set("appSignature", "signature");

The above doesn't work, (probably because it is missing the base64 encoding?) although CryptoJS is a postman built-in library.

I also tried to generate the signature with Python on a separate script:

import hashlib
import hmac
import base64

secret = "secret-key"

hashed = hmac.new(secret.encode(), b"", hashlib.sha256)
digest = hashed.digest()
base64_encoded = base64.b64encode(digest).decode()

print(base64_encoded)

I have set the above encoded signature manually as a value in the headers of postman but I get timeouts in the response.

Any help would be appreciated.

OpenAPI身份验证问题 – 签名计算

答案1

得分: 1

所以,对于任何有兴趣的人,我通过向海康威视提交了一个支持工单来解决了这个问题。他们提供了一份包含详细指导如何在Postman中计算签名的PDF文件,甚至还提供了一个带有示例的Postman集合。

一般来说,您应该使用以下作为先决条件脚本来正确生成签名。

var appSecret = "appSecret";
var textToSign = "POST"+"\n"+"application/json"+"\n"+"application/json;charset=UTF-8"+"\n"+"/artemis/api/resource/v1/vehicle/vehicleList";
console.log(textToSign);
var hash = CryptoJS.HmacSHA256(textToSign, appSecret);
var signature = hash.toString(CryptoJS.enc.Base64);
pm.environment.set("SIGNATURE", signature);

如果有人再次需要帮助,请联系我,我可以提供所有相关文件和Postman集合。

英文:

So, for anyone interested, I was able to resolve the issue by opening a support ticket to HikVision. They provided a PDF with detailed instructions on how to calculate the signature in Postman and they even provided a postman collection with examples.

In general you should use the following as a spre-req script in order to properly generate the signature.

var appSecret = "appSecret";
var textToSign = "POST"+"\n"+"application/json"+"\n"+"application/json;charset=UTF-8"+"\n"+"/artemis/api/resource/v1/vehicle/vehicleList";
console.log(textToSign);
var hash = CryptoJS.HmacSHA256(textToSign, appSecret);
var signature = hash.toString(CryptoJS.enc.Base64);
pm.environment.set("SIGNATURE", signature);

If anyone ever needs help again with this, ping me and I can provide all the relevant files and postman collection.

答案2

得分: 0

我在你的回答中看到,你的服务器托管在10.19.133.55上,这是一个为私人网络保留的IP地址。由于Postman在云中运行,它永远无法直接访问您的本地网络。

有一些解决方法可以在本地进行测试,比如运行Postman的本地企业应用程序,但我建议使用类似cURL的工具进行本地测试。要构建您正在开发的集成/应用程序,我建议使用Python的Requests库或Node.js的axios API。

要小心您的代码运行位置。如果您正在创建Web应用程序,JavaScript很可能在浏览器中运行,因此您需要一种访问本地服务器上API的网关。

英文:

I see in your answer that your server is hosted on 10.19.133.55, which is an IP address reserved for private networks. Since Postman runs in the cloud, it will never be able to access your local network directly.

There are some workarounds to test locally, like running postman's local enterprise application, but I would recommend using a tool like cURL to test locally. To build whatever integration/application your working on, I'd reccomend python's Requests library or node.js's axios api.

Be careful of where your code is running. If you're creating a web app, javascript will likely run in the browser, so you would need some kind of gateway to access the api on a local server.

huangapple
  • 本文由 发表于 2023年7月7日 03:34:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76632049.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定