我正在关注 Composing Web Service Requests
执行 Discovering All User Identities (GET users/discover) .
我们的想法是让这个简单的请求正常工作,然后再发出更复杂的请求,例如上传 Assets 。
下面的代码从请求中返回一个错误。
import (
"bytes"
"crypto/ecdsa"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"math/big"
"net/http"
"time"
//...
)
func main() {
fmt.Printf("\nprivate key:\n")
const privPEM = `-----BEGIN EC PRIVATE KEY-----
MyProvateKey
-----END EC PRIVATE KEY-----`
// https://golang.org/pkg/crypto/x509/#example_ParsePKIXPublicKey
privBlock, _ := pem.Decode([]byte(privPEM))
if privBlock == nil {
panic("failed to parse PEM block containing the public key")
}
requestPathStr := "/database/1/iCloud.<MyContainer>/development/public/users/discover"
var requestPath []byte
requestPath = []byte(requestPathStr)
fmt.Printf("requestPath: %s\n", requestPath)
requestBody := ""
var jsonStr = []byte(requestBody)
//
h := sha256.New()
h.Write([]byte(requestBody))
b := h.Sum(nil)
hashedBody := base64.StdEncoding.EncodeToString(b)
//
f := "2006-01-02T15:04:05Z"
requestDate := time.Now().UTC().Format(f)
fmt.Println(requestDate)
rawPayload := []byte(requestDate + ":" + hashedBody + ":" + requestPathStr)
r, s, err := pkSign(rawPayload, privBlock)
if err != nil {
fmt.Printf("signing hash error: %s\n", err)
}
fmt.Printf("r: %v\n", r)
fmt.Printf("s: %v\n", s)
fmt.Printf("\npublic key:\n")
const pubPEM = `-----BEGIN PUBLIC KEY-----
MyPublicKey
-----END PUBLIC KEY-----`
pubBlock, _ := pem.Decode([]byte(pubPEM))
if pubBlock == nil {
panic("failed to parse PEM block containing the public key")
}
// ECDSA signature
ECDSAsignature := r.Bytes()
ECDSAsignature = append(ECDSAsignature, s.Bytes()...)
fmt.Printf("ECDSAsignature : %x\n", ECDSAsignature)
verify := pkVerify(rawPayload, pubBlock, r, s)
fmt.Printf("signature verification result: %t\n", verify)
// GET [path]/database/[version]/[container]/[environment]/public/users/discover
url := "https://api.apple-cloudkit.com/" + requestPathStr
fmt.Printf("\nurl:%v\n", url)
fmt.Printf("\njsonStr:%s\n", jsonStr)
fmt.Printf("\nrequestDate:%s\n", requestDate)
client := &http.Client{}
// GET [path]/database/[version]/[container]/[environment]/public/users/discover
req, err := http.NewRequest("GET", url, bytes.NewBuffer(jsonStr))
var authKeyID = "MyKeyID"
req.Header.Add("content-type", "text/plain")
req.Header.Add("X-Apple-CloudKit-Request-KeyID", authKeyID)
req.Header.Add("X-Apple-CloudKit-Request-ISO8601Date", requestDate)
ECDSAsignatureBase64 := base64.StdEncoding.EncodeToString(ECDSAsignature)
req.Header.Add("X-Apple-CloudKit-Request-SignatureV1", ECDSAsignatureBase64)
resp, _ := client.Do(req)
fmt.Printf("\nresp:%v\n", resp)
resp, err = client.Do(req)
if err != nil {
fmt.Printf("\nerr:%v\n", err.Error())
} else {
resp.Body.Close()
fmt.Printf("\nresp.Body:%v\n", resp.Body)
}
fmt.Printf("\nresp:%v\n", resp)
}
func pkSign(hash []byte, block *pem.Block) (r, s *big.Int, err error) {
zero := big.NewInt(0)
private_key, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
return zero, zero, err
}
// Sign signs a hash (which should be the result of hashing a larger message)
// using the private key, priv.
// If the hash is longer than the bit-length of the private key's curve order,
// the hash will be truncated to that length.
// It returns the signature as a pair of integers.
// The security of the private key depends on the entropy of rand.
r, s, err = ecdsa.Sign(rand.Reader, private_key, hash)
if err != nil {
return zero, zero, err
}
return r, s, nil
}
func pkVerify(hash []byte, block *pem.Block, r *big.Int, s *big.Int) (result bool) {
public_key, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false
}
switch public_key := public_key.(type) {
case *ecdsa.PublicKey:
return ecdsa.Verify(public_key, hash, r, s)
default:
return false
}
}
我得到的错误如下:
resp:&{503 Service Unavailable 503 HTTP/1.1 1 1 map[Access-Control-Expose-Headers:[X-Apple-Request-UUID Via] Connection:[keep-alive] Content-Length:[0] Content-Type:[text/plain] Date:[Mon, 24 Jun 2019 07:47:52 GMT] Retry-After:[30] Server:[AppleHttpServer/70a91026] Via:[icloudedge:mi01p00ic-zteu02110401:7401:19RC207:Miami] X-Apple-Cache:[false] X-Apple-Request-Uuid:[ddeb0fa3-ea16-40e9-a15b-c2e68cb5fe78]] {} 0 [] false false map[] 0xc00015c000 0xc0000ce2c0}
resp.Body:{}
最佳答案
如果有人需要,这里有一个可行的解决方案。
package main
import (
"bytes"
"crypto/ecdsa"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"encoding/asn1"
"encoding/base64"
"encoding/pem"
"fmt"
"io/ioutil"
"math/big"
"net/http"
"time"
)
const projectID = "<your ID>"
//
const authKeyID = "your ID"
const path = "https://api.apple-cloudkit.com"
const version = "1"
const container = "your container"
const environment = "development"
const database = "public"
const privPEM = `-----BEGIN EC PRIVATE KEY-----
your privste key
-----END EC PRIVATE KEY-----`
const pubPEM = `-----BEGIN PUBLIC KEY-----
your public key
-----END PUBLIC KEY-----`
type ecdsaSignature struct {
R, S *big.Int
}
func main() {
t0 := time.Now().UTC()
t1 := time.Now().UTC()
// fmt.Printf("\nprivate key:\n")
// https://golang.org/pkg/crypto/x509/#example_ParsePKIXPublicKey
privBlock, _ := pem.Decode([]byte(privPEM))
if privBlock == nil {
panic("failed to parse PEM block containing the public key")
}
private_key, err := x509.ParseECPrivateKey(privBlock.Bytes)
if err != nil {
panic("failed to parse PEM block containing the public key")
}
pubBlock, _ := pem.Decode([]byte(pubPEM))
if pubBlock == nil {
panic("failed to parse PEM block containing the public key")
}
var public_key *ecdsa.PublicKey
public_k, err := x509.ParsePKIXPublicKey(pubBlock.Bytes)
if err != nil {
panic("failed to parse PEM block containing the public key")
}
switch public_k1 := public_k.(type) {
case *ecdsa.PublicKey:
public_key = public_k1
default:
//return false
}
//////////
// Config
//////////
requestPath := "/database/" +
version + "/" +
container + "/" +
environment + "/" +
database + "/" +
"records/query"
requestBody := `{"query": {"recordType": "<your record type"}}`
f := "2006-01-02T15:04:05Z"
requestDate := time.Now().UTC().Format(f)
h := sha256.New()
h.Write([]byte(requestBody))
b := h.Sum(nil)
hashedBody := base64.StdEncoding.EncodeToString(b)
rawPayload := requestDate + ":" + hashedBody + ":" + requestPath
signedSignature, err := SignMessage(private_key, []byte(rawPayload))
if err != nil {
fmt.Printf("SignMessage error: %s\n", err.Error())
}
verify := VerifyMessage(public_key, []byte(rawPayload), signedSignature)
fmt.Printf("signature verification result: %t\n", verify)
requestSignature := base64.StdEncoding.EncodeToString(signedSignature)
url := path + requestPath
req, err := http.NewRequest("POST", url, bytes.NewBuffer([]byte(requestBody)))
req.Header.Add("content-type", "text/plain")
req.Header.Add("X-Apple-CloudKit-Request-KeyID", authKeyID)
req.Header.Add("X-Apple-CloudKit-Request-ISO8601Date", requestDate)
req.Header.Add("X-Apple-CloudKit-Request-SignatureV1", requestSignature)
resp, err := http.DefaultClient.Do(req)
if err != nil {
fmt.Printf("\nresp.err:%v\n", err.Error())
}
defer resp.Body.Close()
rbody, err := ioutil.ReadAll(resp.Body)
if err != nil {
fmt.Printf("\nioutil.ReadAll.err:%v\n", err.Error())
}
fmt.Printf("\nrbody:%s\n", rbody)
curl := "curl -X POST -H \"content-type: text/plain\"" + " " +
"-H X-Apple-CloudKit-Request-KeyID:" + authKeyID + " " +
"-H X-Apple-CloudKit-Request-ISO8601Date:" + requestDate + " " +
"-H X-Apple-CloudKit-Request-SignatureV1:" + base64.StdEncoding.EncodeToString(signedSignature) + " " +
" -d " + "'" + requestBody + "'" + " " +
url
fmt.Printf("\n%s\n", curl)
}
func SignMessage(priv *ecdsa.PrivateKey, message []byte) ([]byte, error) {
hashed := sha256.Sum256(message)
r, s, err := ecdsa.Sign(rand.Reader, priv, hashed[:])
if err != nil {
return nil, err
}
return asn1.Marshal(ecdsaSignature{r, s})
}
func VerifyMessage(pub *ecdsa.PublicKey, message []byte, signature []byte) bool {
var rs ecdsaSignature
if _, err := asn1.Unmarshal(signature, &rs); err != nil {
return false
}
hashed := sha256.Sum256(message)
return ecdsa.Verify(pub, hashed[:], rs.R, rs.S)
}
关于go - 如何执行 CloudKit 服务器到服务器的身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56732247/
我正在学习如何使用Nokogiri,根据这段代码我遇到了一些问题:require'rubygems'require'mechanize'post_agent=WWW::Mechanize.newpost_page=post_agent.get('http://www.vbulletin.org/forum/showthread.php?t=230708')puts"\nabsolutepathwithtbodygivesnil"putspost_page.parser.xpath('/html/body/div/div/div/div/div/table/tbody/tr/td/div
总的来说,我对ruby还比较陌生,我正在为我正在创建的对象编写一些rspec测试用例。许多测试用例都非常基础,我只是想确保正确填充和返回值。我想知道是否有办法使用循环结构来执行此操作。不必为我要测试的每个方法都设置一个assertEquals。例如:describeitem,"TestingtheItem"doit"willhaveanullvaluetostart"doitem=Item.new#HereIcoulddotheitem.name.shouldbe_nil#thenIcoulddoitem.category.shouldbe_nilendend但我想要一些方法来使用
我正在尝试使用ruby和Savon来使用网络服务。测试服务为http://www.webservicex.net/WS/WSDetails.aspx?WSID=9&CATID=2require'rubygems'require'savon'client=Savon::Client.new"http://www.webservicex.net/stockquote.asmx?WSDL"client.get_quotedo|soap|soap.body={:symbol=>"AAPL"}end返回SOAP异常。检查soap信封,在我看来soap请求没有正确的命名空间。任何人都可以建议我
关闭。这个问题是opinion-based.它目前不接受答案。想要改进这个问题?更新问题,以便editingthispost可以用事实和引用来回答它.关闭4年前。Improvethisquestion我想在固定时间创建一系列低音和高音调的哔哔声。例如:在150毫秒时发出高音调的蜂鸣声在151毫秒时发出低音调的蜂鸣声200毫秒时发出低音调的蜂鸣声250毫秒的高音调蜂鸣声有没有办法在Ruby或Python中做到这一点?我真的不在乎输出编码是什么(.wav、.mp3、.ogg等等),但我确实想创建一个输出文件。
给定这段代码defcreate@upgrades=User.update_all(["role=?","upgraded"],:id=>params[:upgrade])redirect_toadmin_upgrades_path,:notice=>"Successfullyupgradeduser."end我如何在该操作中实际验证它们是否已保存或未重定向到适当的页面和消息? 最佳答案 在Rails3中,update_all不返回任何有意义的信息,除了已更新的记录数(这可能取决于您的DBMS是否返回该信息)。http://ar.ru
我在使用omniauth/openid时遇到了一些麻烦。在尝试进行身份验证时,我在日志中发现了这一点:OpenID::FetchingError:Errorfetchinghttps://www.google.com/accounts/o8/.well-known/host-meta?hd=profiles.google.com%2Fmy_username:undefinedmethod`io'fornil:NilClass重要的是undefinedmethodio'fornil:NilClass来自openid/fetchers.rb,在下面的代码片段中:moduleNetclass
我在我的项目目录中完成了compasscreate.和compassinitrails。几个问题:我已将我的.sass文件放在public/stylesheets中。这是放置它们的正确位置吗?当我运行compasswatch时,它不会自动编译这些.sass文件。我必须手动指定文件:compasswatchpublic/stylesheets/myfile.sass等。如何让它自动运行?文件ie.css、print.css和screen.css已放在stylesheets/compiled。如何在编译后不让它们重新出现的情况下删除它们?我自己编译的.sass文件编译成compiled/t
我想安装一个带有一些身份验证的私有(private)Rubygem服务器。我希望能够使用公共(public)Ubuntu服务器托管内部gem。我读到了http://docs.rubygems.org/read/chapter/18.但是那个没有身份验证-如我所见。然后我读到了https://github.com/cwninja/geminabox.但是当我使用基本身份验证(他们在他们的Wiki中有)时,它会提示从我的服务器获取源。所以。如何制作带有身份验证的私有(private)Rubygem服务器?这是不可能的吗?谢谢。编辑:Geminabox问题。我尝试“捆绑”以安装新的gem..
我正在寻找执行以下操作的正确语法(在Perl、Shell或Ruby中):#variabletoaccessthedatalinesappendedasafileEND_OF_SCRIPT_MARKERrawdatastartshereanditcontinues. 最佳答案 Perl用__DATA__做这个:#!/usr/bin/perlusestrict;usewarnings;while(){print;}__DATA__Texttoprintgoeshere 关于ruby-如何将脚
Rackup通过Rack的默认处理程序成功运行任何Rack应用程序。例如:classRackAppdefcall(environment)['200',{'Content-Type'=>'text/html'},["Helloworld"]]endendrunRackApp.new但是当最后一行更改为使用Rack的内置CGI处理程序时,rackup给出“NoMethodErrorat/undefinedmethod`call'fornil:NilClass”:Rack::Handler::CGI.runRackApp.newRack的其他内置处理程序也提出了同样的反对意见。例如Rack