0

I'm trying to consume services from NetSuite via signedrequest4j. The only result im getting is 401 Access denied, using the same credentials with Postman it works.

this the method to get the authorisation header :

public String buildAuthorizationHeader(String myRealm, String consumerKey, String consumerSecret, String tokenId, String tockenSecret, String url){
    OAuthConsumer consumer = new OAuthConsumer(consumerKey, consumerSecret);
    OAuthAccessToken accessToken = new OAuthAccessToken(tokenId, tockenSecret);
    OAuthRealm realm = new OAuthRealm(myRealm);
    SignedRequest request = SignedRequestFactory.create(realm, consumer, accessToken);
    request.readQueryStringAndAddToSignatureBaseString(url);
    request.setHeader("Content-Type", "application/json");
    String oAuthNonce = createNonce();
    Long oAuthTimestamp = System.currentTimeMillis() / 1000L;
    String signature = request.getSignature(url, HttpMethod.GET, oAuthNonce, oAuthTimestamp);
    String authorizationHeader = request.getAuthorizationHeader(signature, oAuthNonce, oAuthTimestamp);
    return authorizationHeader;
}

to create OauthNonce :

public static String createNonce() {
    String nonce = "";

    try {
        SecureRandom prng = SecureRandom.getInstance("SHA256PRNG");
        String randomNum = String.valueOf(prng.nextInt());

        MessageDigest sha = MessageDigest.getInstance("SHA-256");
        byte[] result = sha.digest(randomNum.getBytes());
        nonce = hexEncode(result);
    } catch (Exception e) {
    }

    return nonce;
}

public static String hexEncode(byte[] aInput) {
    StringBuilder result = new StringBuilder();

    char[] digits = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
            'a', 'b', 'c', 'd', 'e', 'f' };

    for (int idx = 0; idx < aInput.length; ++idx) {
        byte b = aInput[idx];
        result.append(digits[(b & 0xf0) >> 4]);
        result.append(digits[b & 0x0f]);
    }

    return result.toString();
}

and the method to get get the response:

public Response postOAuth(String url, String token, String contentType, String content ) throws IOException, RestException {
    if (url == null)
        throw new IOException("No URL specified");
    if (content == null)
        throw new IOException("No content specified");
    
    try {
        URL u = new URL(url);
        HttpURLConnection con = (HttpURLConnection) u.openConnection();
        try {
            if (keepAlive != null && !keepAlive.booleanValue())
                con.setRequestProperty("Connection", "Close");
            con.setDoOutput(true);
       
            
            byte[] data = content.getBytes(Charset.forName("UTF8"));

            con.addRequestProperty("Authorization", token);
            
            try (OutputStream out = con.getOutputStream(); 
                InputStream in = new ByteArrayInputStream(data)) {
                Utils.copy(in, out);
            }
            
            contentType = con.getContentType();
            int contentLength = con.getContentLength();
            InputStream in = con.getInputStream();
            return new Response(contentType, contentLength, in);
        } finally {
            if (con instanceof HttpURLConnection)
                ((HttpURLConnection) con).disconnect();
        }
    } catch (MalformedURLException e) {
        throw e;
    } catch (FileNotFoundException e) {
        if (e.getMessage() != null && e.getMessage().contains(url))
            throw new RestException(HttpConstants.HTTP_NOT_FOUND, "Invalid URL - please check REST server: " + e.getMessage(), e);
        throw e;
    } catch (ConnectException e) {
        throw new RestException(HttpConstants.HTTP_UNAVAILABLE, "Connection refused - please check REST server: " + e.getMessage(), e);
    } catch (IOException e) {
        String msg = e.getMessage().toUpperCase();
        int http = msg.indexOf(" HTTP ");
        if (http > 0) {
            int col = msg.indexOf(':', http);
            if (col > 0) {
                msg = msg.substring(col+1).trim();
                int end = msg.indexOf(' ');
                if (end > 0 && end < 5) {
                    try {
                        int httpError = Integer.parseInt(msg.substring(0, end));
                        switch (httpError) {
                        case HttpConstants.HTTP_FORBIDDEN :
                        case HttpConstants.HTTP_UNAUTHORIZED :
                        case HttpConstants.HTTP_PAYMENT_REQUIRED :
                            throw new RestException(httpError, "Access denied to " + url + ": " + e.getMessage(), e);
                        case HttpConstants.HTTP_BAD_REQUEST :
                        case HttpConstants.HTTP_BAD_METHOD :
                        case HttpConstants.HTTP_NOT_ACCEPTABLE :
                            throw new RestException(httpError, "REST bad request " + url + ": " + e.getMessage(), e);
                        default :
                            throw new RestException(httpError, "REST server error for " + url + ": " + e.getMessage(), e);
                        }
                    } catch (NumberFormatException ignore) {
                        throw e;
                    }
                }
            }
        }
        throw e;
    }
}

ps: signedrequest4j doesn't support SHA256, thats's why I downloaded the project and implemented a new SignedMethode for the HMAC-SHA256

the Project I'm using to get the authorisation header is : signedrequest4j

ElyMan
  • 45
  • 8

1 Answers1

0

We had a similar issue last week (the system not authenticating but the postman test connection from a laptop worked) and it was traced back to the fact that the system's clock ended up being set a few minutes fast.

geoduck
  • 1
  • 1