REST API Azure Event Hub ExpiredToken

0
votes

I'm testing the API using the Rest tool Chrome client to validate that the POST request I make is right in order to use it in a Java application. My request is in the following format:

POST /androidhub/publishers/android/messages?timeout=60&api-version=2014-01 
HTTP/1.1 HOST: androidhub-124.servicebus.windows.net 
authorization: SharedAccessSignature sr=androidhub-124.servicebus.windows.net&sig=mykeySAS=&se=146480684&skn=RootManageSharedAccessKey 
content-type: application/json, application/atom+xml;type=entry;charset=utf-8 
content-length: 45  { "DeviceId":"dev-01", "Temperature":"37.0" }

But I have the following error.

<Error>
<Code>401</Code>
<Detail>ExpiredToken: . TrackingId:2f6d284e-d7d2-4c9c-81a5-79c542ce8eee_G7, SystemTracker:androidhub-124.servicebus.windows.net:androidhub/publishers/android/messages, Timestamp:5/25/2016 7:13:33 PM</Detail>
</Error>

The key was regenerated before I used it. How I can I not get that error or make the request without putting the time of expiration of the key?

Thank you

2
javaapirestazureazure-eventhub

2 Answers

1
votes

Per my experience, if the se value 146480684 was correctly post here, I think the issue was caused by the expiry time as the se key which is measured in seconds between the current time and midnight, January 1, 1970 UTC.

So the expiry time as the value of the se key should be got using Java code below.

long now = System.currentTimeMillis();
int expiry = (int)(now/1000) + 3600;

As reference, you can refer to the offical document for C#, please see https://msdn.microsoft.com/en-us/library/azure/mt652140.aspx.

0
votes

Along with setting the correct se value, you will also have to ensure that the sig is a cryptographically signed (Using HMAC 256) base64 string consisting of both the namespace (in your case androidhub-124) and the se, using the SAS key for signing.

Example code to generate the sig in java is provided by Microsoft here:

private static String GetSASToken(String resourceUri, String keyName, String key)
{
    long epoch = System.currentTimeMillis()/1000L;
    int week = 60*60*24*7;
    String expiry = Long.toString(epoch + week);

    String sasToken = null;
    try {
        String stringToSign = URLEncoder.encode(resourceUri, "UTF-8") + "\n" + expiry;
        String signature = getHMAC256(key, stringToSign);
        sasToken = "SharedAccessSignature sr=" + URLEncoder.encode(resourceUri, "UTF-8") +"&sig=" +
                URLEncoder.encode(signature, "UTF-8") + "&se=" + expiry + "&skn=" + keyName;
    } catch (UnsupportedEncodingException e) {

        e.printStackTrace();
    }

    return sasToken;
}


public static String getHMAC256(String key, String input) {
    Mac sha256_HMAC = null;
    String hash = null;
    try {
        sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256");
        sha256_HMAC.init(secret_key);
        Encoder encoder = Base64.getEncoder();

        hash = new String(encoder.encode(sha256_HMAC.doFinal(input.getBytes("UTF-8"))));

    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (IllegalStateException e) {
        e.printStackTrace();
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    }

    return hash;
}