0

我正在使用 crossbar HTTP 桥服务调用程序来使用已注册的 RPC。但是当我发出 HTTP POST 消息时,我得到“无效的请求签名”作为响应。

根据http://crossbar.io/docs/HTTP-Bridge-Services-Caller/

签名计算为以下值的 Base64 编码:HMAC[SHA256]_{secret} (key | timestamp | seq | nonce | body)

如何正确进行串联?我尝试了有和没有字符| 和空格。

用于签名请求的交叉开关 config.json 文件的部分:

        "call-signed": {
          "type": "caller",
          "realm": "realm1",
          "role": "anonymous",
          "options": {
            "key": "foobar",
            "secret": "secret",
            "post_body_limit": 0,
            "timestamp_delta_limit": 0,
            "require_ip": [
              "127.0.0.1"
            ],
            "require_tls": false,
            "debug": true
          }
        }

发送请求的python代码:

import hmac
import hashlib
import base64
import requests
import json

key = "foobar"
timestamp = "2011-10-14T16:59:51.123Z"
seq = "0"
nonce = "22"

# construct body
args = [1, 3, 2]
kwargs = None
options = None

proc = 'com.myapp.func'
payload = {"procedure": proc}

if args:
    payload['args'] = list(args)

if kwargs:
    payload['kwargs'] = dict(kwargs)

body = payload
body = json.dumps(body)

# construct signature
# (key | timestamp | seq | nonce | body)
message = key + "" + timestamp + "" + seq + "" + nonce + "" + body

print message

secret = "secret"

signature = base64.b64encode(hmac.new(secret, msg=message, digestmod=hashlib.sha256).digest())

print signature

# HTTP POST

url = "http://127.0.0.1:8080/call-signed?" + \
      "seq=" + seq + \
      "&key=" + key + \
      "&nonce=" + nonce + \
      "&signature=" + signature + \
      "&timestamp=" + timestamp

headers = {'content-type': 'application/json'}

s = requests.Session()
r = s.post(url, data=body, headers=headers)

print r.text
4

1 回答 1

0

我正在使用 CrossbarHTTP https://github.com/thehq/python-crossbarhttp来处理 HTTP 桥接服务,但是如果您坚持使用自己的代码,您可以在此https://github.com中查看 _compute_signature() 方法/thehq/python-crossbarhttp/blob/master/crossbarhttp/crossbarhttp.py文件,它可能会帮助你。

于 2015-12-08T09:59:49.710 回答