I am trying to login to Netsuite through the API but it keeps giving me the Invalid Signature error. I have checked the other answers and blogs but could not find what is missing. I changed the order and added the parameters manually in the alphabetic order but I still got the same error.
The AccountId contains the '_' symbol while the URL contains the '-' symbol.
Once or twice during random testing it showed invalid timestamp error, but still didn't work and I don't remember exactly what was the error to cause this issue.
i am providing all the required details as input like
- Token id
- token secret
- customer key
- customer secret
- Account id
- URL
Here is my code:
public class OAuthSignatureGenerator {
Encoder encode;
public String generateOauthHeader(String method, UserFields userFields, String baseUrl) {
long timestamp = new Date().getTime() / 1000;
String nonce = getAlphaNumericString();
ArrayList<String> parameters = new ArrayList<>();
parameters.add(ApplicationConstants.CONSUMER_KEY + "=" + userFields.getConsumerKey());
parameters.add(ApplicationConstants.NONCE + "=" + nonce);
parameters.add(ApplicationConstants.SIGNATURE_METHOD_KEY + "="
+ ApplicationConstants.SIGNATURE_METHOD_VAL);
parameters.add(ApplicationConstants.TIMESTAMP + "=" + timestamp);
parameters.add(ApplicationConstants.OAUTH_TOKEN + "=" + userFields.getTokenId());
parameters.add(ApplicationConstants.VERSION_KEY + "=" + ApplicationConstants.VERSION_VAL);
/*
* parameters.add("oauth_consumer_key=\"" + userFields.getConsumerKey()+"\"");
* parameters.add(ApplicationConstants.NONCE + "=\"" + nonce+"\"");
* parameters.add(ApplicationConstants.SIGNATURE_METHOD_KEY + "=\"" +
* ApplicationConstants.SIGNATURE_METHOD_VAL+"\"");
* parameters.add(ApplicationConstants.TIMESTAMP + "=\"" + timestamp+"\"");
* parameters.add(ApplicationConstants.OAUTH_TOKEN + "=\"" + userFields.getTokenId()+"\"");
* parameters.add(ApplicationConstants.VERSION_KEY + "=\"" +
* ApplicationConstants.VERSION_VAL+"\"");
*/
Collections.sort(parameters);
StringBuffer parametersList = new StringBuffer();
for (int i = 0; i < parameters.size(); i++) {
parametersList.append(((i > 0) ? "&" : "") + parameters.get(i));
}
String signature = null;
try {
String signatureString = method + "&" + URLEncoder.encode(baseUrl, StandardCharsets.UTF_8)
+ "&" + URLEncoder.encode(parametersList.toString(), StandardCharsets.UTF_8);
/*
* method + "&" + URLEncoder.encode(baseUrl, StandardCharsets.UTF_8.toString()) +
* URLEncoder.encode("&" + ApplicationConstants.CONSUMER_KEY + "=\"" +
* userFields.getConsumerKey() + "\"&" + ApplicationConstants.NONCE + "=\"" + nonce + "\"&" +
* ApplicationConstants.SIGNATURE_METHOD_KEY + "=\"" +
* ApplicationConstants.SIGNATURE_METHOD_VAL + "\"&" + ApplicationConstants.TIMESTAMP + "=\""
* + timestamp + "\"&" + ApplicationConstants.TOKEN_ID + "=\"" + userFields.getTokenId() +
* "\"&" + ApplicationConstants.VERSION_KEY + "=\"" + ApplicationConstants.VERSION_VAL + "\"",
* StandardCharsets.UTF_8.toString());
*/
System.out.println("SignatureString = " + signatureString);
// String signKey = URLEncoder.encode(userFields.getConsumerSecret(), StandardCharsets.UTF_8)
// + "&" + URLEncoder.encode(userFields.getTokenSecret(), StandardCharsets.UTF_8);// +
// userFields.getTokenSecret();
SecretKeySpec signingKey = new SecretKeySpec(
(userFields.getConsumerSecret() + "&" ).getBytes(),
"HmacSHA256");
Mac m = Mac.getInstance("HmacSHA256");
m.init(signingKey);
m.update(signatureString.getBytes());
byte[] res = m.doFinal();
signature = Base64Coder.encodeLines(res);
// URLEncoder.encode(Base64.getEncoder().encodeToString(res), StandardCharsets.UTF_8);
/*
* OAuthHmacSigner signer = new OAuthHmacSigner(); signer.clientSharedSecret =
* userFields.getConsumerSecret(); signer.tokenSharedSecret = userFields.getTokenSecret();
* GenericUrl urlgen = new GenericUrl(baseUrl); OAuthParameters oauthParameters = new
* OAuthParameters(); oauthParameters.consumerKey = userFields.getConsumerKey();
* oauthParameters.token = userFields.getTokenId(); oauthParameters.nonce = nonce;
* oauthParameters.signatureMethod = "HMAC-SHA256"; oauthParameters.timestamp =
* String.valueOf(timestamp); oauthParameters.version = ApplicationConstants.VERSION_VAL;
* oauthParameters.signer = signer; oauthParameters.computeSignature(method, urlgen);
* oauthParameters.realm = userFields.getAccountId();
*
* signature = oauthParameters.signature;
*/
} catch (Exception e) {
System.err.println("Unable to append signature");
}
System.out.println("signature= " + signature);
String authHeaderString = "OAuth " + ApplicationConstants.REALM + "=\""
+ userFields.getAccountId() + "\"," + ApplicationConstants.CONSUMER_KEY + "=\""
+ userFields.getConsumerKey() + "\"," + ApplicationConstants.OAUTH_TOKEN + "=\""
+ userFields.getTokenId() + "\"," + ApplicationConstants.SIGNATURE_METHOD_KEY + "=\""
+ ApplicationConstants.SIGNATURE_METHOD_VAL + "\"," + ApplicationConstants.TIMESTAMP + "=\""
+ timestamp + "\"," + ApplicationConstants.NONCE + "=\"" + nonce + "\","
+ ApplicationConstants.VERSION_KEY + "=\"" + ApplicationConstants.VERSION_VAL + "\","
+ ApplicationConstants.SIGNATURE + "=\"" // + signature
+ URLEncoder.encode(signature.trim(), StandardCharsets.UTF_8) + "\"";
System.out.println("authHeaderString = " + authHeaderString);
return authHeaderString;
}
String getAlphaNumericString() {
return UUID.randomUUID().toString().replace("-", "").substring(0, 10);
}
}
