事件中心 API POST:40103:无效的授权令牌签名
Event Hub API POST: 40103: Invalid authorization token signature
在这被标记为重复之前:我已经阅读了 SO 上的每个 question/answer 和上面的错误消息,其中 none 解决了我的问题。我一定是遗漏了一些简单的东西,因为应该简单的东西不起作用。
我创建了一个事件中心命名空间,在命名空间中有一个 "Send" 共享访问策略和一个事件中心。
使用 Python Event Hub SDK (which was ) 中的代码,我有以下脚本来创建我的 Authorization header:
import time
from base64 import b64encode, b64decode
from hashlib import sha256
from hmac import HMAC
from urllib.parse import quote_plus, urlencode
def generate_sas_token(uri, policy, policy_key, expiry_days=14):
expiry = time.time() + expiry_days * 60 * 60 * 24
encoded_uri = quote_plus(uri)
ttl = int(expiry)
sign_key = '{}\n{}'.format(encoded_uri, ttl)
signature = b64encode(HMAC(b64decode(policy_key), sign_key.encode('utf-8'), sha256).digest())
result = {
'sr': uri,
'sig': signature,
'se': str(ttl),
'skn': policy
}
return 'SharedAccessSignature ' + urlencode(result)
if __name__ == '__main__':
NAMESPACE = input('Namespace: ').strip().lower()
URI = '{}.servicebus.windows.net'.format(NAMESPACE)
POLICY = input('Policy: ').strip()
POLICY_KEY = input('Policy key: ').strip()
EXPIRY_DAYS = int(input('Expiry (days): ').strip())
print(generate_sas_token(URI, POLICY, POLICY_KEY, EXPIRY_DAYS))
现在,如果我 运行 此脚本使用以下(虚拟)值:
NAMESPACE=<my Event Hub Namespace> # let's call it "ehns"
POLICY=<"Send" Shared Access Policy Name> # let's call it "event-publisher"
POLICY_KEY=<Primary Key for the above policy, ends with = sign>
EXPIRY_DAYS=14
然后我得到以下(虚拟)Authorization header:
SharedAccessSignature sr=ehns.servicebus.windows.net&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&se=1574773874&skn=event-publisher
现在,当我 POST 向 API 端点发送一条虚拟消息时,following this page:
curl -i -X POST --data-ascii "test message" -H "Content-Type: text/plain" -H "Authorization: SharedAccessSignature sr=ehns.servicebus.windows.net&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&se=1574773874&skn=event-publisher" https://ehns.servicebus.windows.net/ehresource/messages
我收到以下回复:
HTTP/1.1 401 SubCode=40103: Invalid authorization token signature
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Tue, 12 Nov 2019 13:11:34 GMT
备注:
- 我也曾尝试在 this page 上使用 shell 命令生成共享访问签名,但没有成功。
- 我也试过 Event Hubs Signature Generator,但没有成功。
请使用以下代码:
import time
import hmac
import hashlib
import base64
from urllib.parse import quote_plus, urlencode
def _sign_string(uri, key, key_name):
'''
100000 = milsecond expiry
'''
expiry = int(time.time() + 10000)
string_to_sign = quote_plus(uri) + '\n' + str(expiry)
key = key.encode('utf-8')
string_to_sign = string_to_sign.encode('utf-8')
signed_hmac_sha256 = hmac.HMAC(key, string_to_sign, hashlib.sha256)
signature = signed_hmac_sha256.digest()
signature = base64.b64encode(signature)
return 'SharedAccessSignature sr=' + quote_plus(uri) + '&sig=' + quote_plus(signature) + '&se=' + str(expiry) + '&skn=' + key_name
if __name__ == '__main__':
URI = "your_eventhub_namespace.servicebus.windows.net/your_eventhub_name"
POLICY = "your_policy_name"
POLICY_KEY = "the policy key"
print(_sign_string(URI,POLICY_KEY,POLICY))
测试结果:
在这被标记为重复之前:我已经阅读了 SO 上的每个 question/answer 和上面的错误消息,其中 none 解决了我的问题。我一定是遗漏了一些简单的东西,因为应该简单的东西不起作用。
我创建了一个事件中心命名空间,在命名空间中有一个 "Send" 共享访问策略和一个事件中心。
使用 Python Event Hub SDK (which was Authorization header:
import time
from base64 import b64encode, b64decode
from hashlib import sha256
from hmac import HMAC
from urllib.parse import quote_plus, urlencode
def generate_sas_token(uri, policy, policy_key, expiry_days=14):
expiry = time.time() + expiry_days * 60 * 60 * 24
encoded_uri = quote_plus(uri)
ttl = int(expiry)
sign_key = '{}\n{}'.format(encoded_uri, ttl)
signature = b64encode(HMAC(b64decode(policy_key), sign_key.encode('utf-8'), sha256).digest())
result = {
'sr': uri,
'sig': signature,
'se': str(ttl),
'skn': policy
}
return 'SharedAccessSignature ' + urlencode(result)
if __name__ == '__main__':
NAMESPACE = input('Namespace: ').strip().lower()
URI = '{}.servicebus.windows.net'.format(NAMESPACE)
POLICY = input('Policy: ').strip()
POLICY_KEY = input('Policy key: ').strip()
EXPIRY_DAYS = int(input('Expiry (days): ').strip())
print(generate_sas_token(URI, POLICY, POLICY_KEY, EXPIRY_DAYS))
现在,如果我 运行 此脚本使用以下(虚拟)值:
NAMESPACE=<my Event Hub Namespace> # let's call it "ehns"
POLICY=<"Send" Shared Access Policy Name> # let's call it "event-publisher"
POLICY_KEY=<Primary Key for the above policy, ends with = sign>
EXPIRY_DAYS=14
然后我得到以下(虚拟)Authorization header:
SharedAccessSignature sr=ehns.servicebus.windows.net&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&se=1574773874&skn=event-publisher
现在,当我 POST 向 API 端点发送一条虚拟消息时,following this page:
curl -i -X POST --data-ascii "test message" -H "Content-Type: text/plain" -H "Authorization: SharedAccessSignature sr=ehns.servicebus.windows.net&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&se=1574773874&skn=event-publisher" https://ehns.servicebus.windows.net/ehresource/messages
我收到以下回复:
HTTP/1.1 401 SubCode=40103: Invalid authorization token signature
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Tue, 12 Nov 2019 13:11:34 GMT
备注:
- 我也曾尝试在 this page 上使用 shell 命令生成共享访问签名,但没有成功。
- 我也试过 Event Hubs Signature Generator,但没有成功。
请使用以下代码:
import time
import hmac
import hashlib
import base64
from urllib.parse import quote_plus, urlencode
def _sign_string(uri, key, key_name):
'''
100000 = milsecond expiry
'''
expiry = int(time.time() + 10000)
string_to_sign = quote_plus(uri) + '\n' + str(expiry)
key = key.encode('utf-8')
string_to_sign = string_to_sign.encode('utf-8')
signed_hmac_sha256 = hmac.HMAC(key, string_to_sign, hashlib.sha256)
signature = signed_hmac_sha256.digest()
signature = base64.b64encode(signature)
return 'SharedAccessSignature sr=' + quote_plus(uri) + '&sig=' + quote_plus(signature) + '&se=' + str(expiry) + '&skn=' + key_name
if __name__ == '__main__':
URI = "your_eventhub_namespace.servicebus.windows.net/your_eventhub_name"
POLICY = "your_policy_name"
POLICY_KEY = "the policy key"
print(_sign_string(URI,POLICY_KEY,POLICY))
测试结果: