2

我正在开发一个 Django 项目,它将使用 BankID 进行授权和数字签名。我正在使用pybankid,关于该项目,我只能说好话。我的问题在于尝试使用 bankIDs 文档提供的代码。

二维码文档

import hashlib
import hmac
import time
 
qr_start_token = rp_response["qrStartToken"]
# "67df3917-fa0d-44e5-b327-edcc928297f8"
 
qr_start_secret = rp_response["qrStartSecret"]
# "d28db9a7-4cde-429e-a983-359be676944c"
 
order_time = time.time()
# (The time in seconds when the response from the BankID service was delivered)
 
qr_time = str(int(time.time() - order_time))
# ("0" or another string with a higher number depending on order_time and current time)
 
qr_auth_code = hmac.new(qr_start_secret, qr_time, hashlib.sha256).hexdigest()
# "dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8" (qr_time="0")
# "949d559bf23403952a94d103e67743126381eda00f0b3cbddbf7c96b1adcbce2" (qr_time="1")
# "a9e5ec59cb4eee4ef4117150abc58fad7a85439a6a96ccbecc3668b41795b3f3" (qr_time="2")
# (64 chars hex)
 
qr_data = str.join(".", "bankid", qr_start_token, qr_time, qr_auth_code)
# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.0.dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8" (qr_time="0")
# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.1.949d559bf23403952a94d103e67743126381eda00f0b3cbddbf7c96b1adcbce2" (qr_time="1")
# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.2.a9e5ec59cb4eee4ef4117150abc58fad7a85439a6a96ccbecc3668b41795b3f3" (qr_time="2")

我得到 TypeError: key: expected bytes or bytearray, but got 'str',当我尝试将 qr_start_secret 转换为字节时,我得到 Unicode 对象必须在散列之前进行编码。我不知所措。有没有人有任何想法?

编辑:这是我当前的代码,它有效。目前正在努力如何呈现不断变化的二维码值客户端,因为上下文只会传输静态值。

if request.META['HTTP_USER_AGENT']:
 ua_string = request.META['HTTP_USER_AGENT']
 user_agent = parse(ua_string)
 if user_agent.is_pc:
                        
  status=client.collect(order_ref=auth["orderRef"])["status"]
                        order_time = time.time()
                        while status == "pending":

  qr_start_token = auth["qrStartToken"]

  qr_start_secret = auth["qrStartSecret"]

  qr_time = str(int(time.time() - order_time))

  qr_auth_code = hmac.new(qr_start_secret.encode(), qr_time.encode(), hashlib.sha256).hexdigest()

  qr_data = ".".join(["bankid", qr_start_token, qr_time, qr_auth_code])

  print(f'qr_data: {qr_data}')

                            
  status=client.collect(order_ref=auth["orderRef"])["status"]

  print(status)

  qr = segno.make(qr_data)
  qr.save('media/img/temp/' + personal_number + '.svg')

  if status == "complete":
   print("Logged on")
   dj_login(request, user)
   return render(request, 'home/auth-login-Success.html')

  time.sleep(1)
4

1 回答 1

2

他们的示例代码存在多个问题

  1. 它看起来像qr_start_token并且qr_start_secret是字符串。
  2. str.join接收 4 个参数将引发错误

尝试:

import hashlib
import hmac
import time
 
qr_start_token = "67df3917-fa0d-44e5-b327-edcc928297f8"
 
qr_start_secret = "d28db9a7-4cde-429e-a983-359be676944c"
 
order_time = time.time()
# (The time in seconds when the response from the BankID service was delivered)
 
qr_time = str(int(time.time() - order_time))
# ("0" or another string with a higher number depending on order_time and current time)
print(f'qr_time: {qr_time}')
qr_auth_code = hmac.new(qr_start_secret.encode(), qr_time.encode(), hashlib.sha256).hexdigest()
# "dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8" (qr_time="0")
# "949d559bf23403952a94d103e67743126381eda00f0b3cbddbf7c96b1adcbce2" (qr_time="1")
# "a9e5ec59cb4eee4ef4117150abc58fad7a85439a6a96ccbecc3668b41795b3f3" (qr_time="2")
# (64 chars hex)

print(f'qr_auth_code: {qr_auth_code}')
print(qr_auth_code == "dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8")
 
qr_data = str.join(".", ["bankid", qr_start_token, qr_time, qr_auth_code])
# or better
# qr_data = ".".join(["bankid", qr_start_token, qr_time, qr_auth_code])

# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.0.dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8" (qr_time="0")
# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.1.949d559bf23403952a94d103e67743126381eda00f0b3cbddbf7c96b1adcbce2" (qr_time="1")
# "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.2.a9e5ec59cb4eee4ef4117150abc58fad7a85439a6a96ccbecc3668b41795b3f3" (qr_time="2")

print(f'qr_data: {qr_data}')

输出:

qr_time: 0
qr_auth_code: dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8
True
qr_data: bankid.67df3917-fa0d-44e5-b327-edcc928297f8.0.dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8
于 2021-10-25T20:09:08.800 回答