Azure Cosmos DB emulator原始授权值格式
我必须从3party应用程序访问cosmos DB存储过程,该应用程序只允许以原始HTTP格式配置和发送请求 为了模拟这一点,我使用了fiddler,但我不知道当我有emulator密钥时如何生成正确的授权令牌 Cosmos DB默认仿真器密钥为Azure Cosmos DB emulator原始授权值格式,azure,https,azure-cosmosdb,Azure,Https,Azure Cosmosdb,我必须从3party应用程序访问cosmos DB存储过程,该应用程序只允许以原始HTTP格式配置和发送请求 为了模拟这一点,我使用了fiddler,但我不知道当我有emulator密钥时如何生成正确的授权令牌 Cosmos DB默认仿真器密钥为C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2NQ9NDUVTQOBD4B8MGYMBIZNQYMSECAGQY67XIW/Jw== 我的原始请求: POST https://localhost:8081/
C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2NQ9NDUVTQOBD4B8MGYMBIZNQYMSECAGQY67XIW/Jw== POST https://localhost:8081/dbs/Orders/colls/volcano1/sprocs/GetDocumentsAndTransform HTTP/1.1
x-ms-date: Wed, 09 Dec 2015 18:05:07 GMT
Cache-Control: no-cache
authorization: type%3dmaster%26ver%3d1.0%26sig%3dkOU%2bC2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==%3d
User-Agent: contoso/1.0
x-ms-version: 2015-08-06
Accept: application/json
Content-Type: application/json
Host: localhost:8081
Content-Length: 9
Expect: 100-continue
["World"]
它因授权问题而失败。您知道如何将密钥转换为HTTPs请求的正确授权值吗?您可以看看Java SDK,它是开源的。 例如
/**
*该类在客户端(用于生成带有主/系统密钥的auth头)和网关内部使用,当
*正在验证Azure Cosmos DB数据库服务中的身份验证标头。
*/
公共类BaseAuthorizationTokenProvider实现AuthorizationTokenProvider{
私有最终字符串主密钥;
私人终审法院;
public BaseAuthorizationTokenProvider(字符串主密钥){
this.masterKey=masterKey;
byte[]masterKeyDecodedBytes=Utils.Base64Decoder.decode(this.masterKey.getBytes());
SecretKey signingKey=newsecretkeyspec(masterKeyDecodedBytes,“HMACSHA256”);
试一试{
this.macInstance=Mac.getInstance(“HMACSHA256”);
this.macInstance.init(signingKey);
}捕获(NoSuchAlgorithmException | InvalidKeyException e){
抛出新的非法状态异常(e);
}
}
/**
*此API是一个帮助器方法,用于基于使用masterkey的客户端请求创建auth头。
*
*@param动词
*@param resourceIdOrFullName资源id或全名
*@param resourceSegment资源段
*@param headers请求头
*@返回密钥授权签名
*/
公共字符串generateKeyAuthorizationSignature(字符串动词,
字符串resourceIdOrFullName,
字符串资源段,
地图标题){
if(verb==null | | verb.isEmpty()){
抛出新的非法辩论例外(“动词”);
}
if(resourceIdOrFullName==null){
resourceIdOrFullName=“”;
}
if(resourceSegment==null){
抛出新的IllegalArgumentException(“resourceSegment”);
}
if(headers==null){
抛出新的IllegalArgumentException(“标题”);
}
if(this.masterKey==null | | this.masterKey.isEmpty()){
抛出新的IllegalArgumentException(“masterKey”);
}
如果(!PathsHelper.isNameBased(resourceIdOrFullName)){
resourceIdOrFullName=resourceIdOrFullName.toLowerCase(Locale.ROOT);
}
//跳过resourceId的小写,因为它现在可能包含资源的“ID”作为全名的一部分
String body=String.format(“%s\n%s\n%s\n”,
动词.toLowerCase(),
资源部分,
resourceIdOrFullName);
if(headers.containsKey(HttpConstants.HttpHeaders.X_DATE)){
body+=headers.get(HttpConstants.HttpHeaders.X_DATE).toLowerCase();
}
正文+='\n';
if(headers.containsKey(HttpConstants.HttpHeaders.HTTP_DATE)){
body+=headers.get(HttpConstants.HttpHeaders.HTTP_DATE).toLowerCase();
}
正文+='\n';
Mac=null;
试一试{
mac=(mac)this.macInstance.clone();
}捕获(CloneNotSupportedException e){
抛出新的非法状态异常(e);
}
byte[]digest=mac.doFinal(body.getBytes());
String auth=Utils.encodeBase64String(摘要);
字符串authtoken=“type=master&ver=1.0&sig=“+auth;
返回authtoken;
}
/**
* This class is used internally by both client (for generating the auth header with master/system key) and by the Gateway when
* verifying the auth header in the Azure Cosmos DB database service.
*/
public class BaseAuthorizationTokenProvider implements AuthorizationTokenProvider {
private final String masterKey;
private final Mac macInstance;
public BaseAuthorizationTokenProvider(String masterKey) {
this.masterKey = masterKey;
byte[] masterKeyDecodedBytes = Utils.Base64Decoder.decode(this.masterKey.getBytes());
SecretKey signingKey = new SecretKeySpec(masterKeyDecodedBytes, "HMACSHA256");
try {
this.macInstance = Mac.getInstance("HMACSHA256");
this.macInstance.init(signingKey);
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
throw new IllegalStateException(e);
}
}
/**
* This API is a helper method to create auth header based on client request using masterkey.
*
* @param verb the verb
* @param resourceIdOrFullName the resource id or full name
* @param resourceSegment the resource segment
* @param headers the request headers
* @return the key authorization signature
*/
public String generateKeyAuthorizationSignature(String verb,
String resourceIdOrFullName,
String resourceSegment,
Map<String, String> headers) {
if (verb == null || verb.isEmpty()) {
throw new IllegalArgumentException("verb");
}
if (resourceIdOrFullName == null) {
resourceIdOrFullName = "";
}
if (resourceSegment == null) {
throw new IllegalArgumentException("resourceSegment");
}
if (headers == null) {
throw new IllegalArgumentException("headers");
}
if (this.masterKey == null || this.masterKey.isEmpty()) {
throw new IllegalArgumentException("masterKey");
}
if(!PathsHelper.isNameBased(resourceIdOrFullName)) {
resourceIdOrFullName = resourceIdOrFullName.toLowerCase(Locale.ROOT);
}
// Skipping lower casing of resourceId since it may now contain "ID" of the resource as part of the FullName
String body = String.format("%s\n%s\n%s\n",
verb.toLowerCase(),
resourceSegment,
resourceIdOrFullName);
if (headers.containsKey(HttpConstants.HttpHeaders.X_DATE)) {
body += headers.get(HttpConstants.HttpHeaders.X_DATE).toLowerCase();
}
body += '\n';
if (headers.containsKey(HttpConstants.HttpHeaders.HTTP_DATE)) {
body += headers.get(HttpConstants.HttpHeaders.HTTP_DATE).toLowerCase();
}
body += '\n';
Mac mac = null;
try {
mac = (Mac) this.macInstance.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException(e);
}
byte[] digest = mac.doFinal(body.getBytes());
String auth = Utils.encodeBase64String(digest);
String authtoken = "type=master&ver=1.0&sig=" + auth;
return authtoken;
}