Python 3中HMAC签名生成的不一致性？

Question

在python终端中运行create_api_signature()方法总是返回相同的值，而在测试中运行时返回不同的值。

import hashlib
import hmac
import json

import unittest


def create_api_signature(_method, _url, _body, _timestamp, _secret_key):
    unicode_signature = _method.upper() + _url + json.dumps(_body) + str(_timestamp)

    s = hmac.new(_secret_key.encode(), unicode_signature.encode(), hashlib.sha256).hexdigest()

    return s


class MyTestCase(unittest.TestCase):
    def test_create_signature(self):
        method = 'post'
        url = 'https://api.alpha.example.com/v1/tiers'
        body = {
            "mail": "test@gmail.com",
            "mot_de_passe": "MyComplexPassword",
        }
        timestamp = 1433948791
        secret_key = 'SECRET_KEY'

        signature = create_api_signature(method, url, body, timestamp, secret_key)
        expected_signature = '136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7'

        self.assertEqual(expected_signature, signature)


if __name__ == '__main__':
    unittest.main()

错误

Failure
Expected :'136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7'
Actual   :'88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e'
 <Click to see difference>

Traceback (most recent call last):
  File "/home/elopez/projects/portal/tests/test_services.py", line 98, in test_create_signature
    self.assertEqual(expected_signature, signature)
AssertionError: '136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7' != '88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e'
- 136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7
+ 88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e

Answer 1

我前往#python的IRC并通过cdunklau

获得以下答案

  

cdunklau：运行几次，你就会明白为什么

     

PYTHONHASHSEED =随机python3.2 -c＆＃34;导入json; print（json.dumps（{＆＃39; mail＆＃39;：＆＃39; value＆＃39;，＆＃39; mot_de_passe＆＃39;：＆＃39; othervalue＆＃39;}））＆＃34; < / p>      

cdunklau：你依赖于字典的顺序

可变性

$ for i in {1..20}; do PYTHONHASHSEED=random python3.4 -c "import json; print(json.dumps({'mail': 'value', 'mot_de_passe': 'othervalue'}))"; done

给出以下结果（注意 JSON 数据并不总是以相同的顺序）：

{"mail": "value", "mot_de_passe": "othervalue"}
{"mot_de_passe": "othervalue", "mail": "value"}
{"mail": "value", "mot_de_passe": "othervalue"}
{"mot_de_passe": "othervalue", "mail": "value"}
{"mail": "value", "mot_de_passe": "othervalue"}
{"mot_de_passe": "othervalue", "mail": "value"}
{"mot_de_passe": "othervalue", "mail": "value"}
…

解决方案

我从：

更改

 body = {
         "mail": "test@gmail.com",
         "mot_de_passe": "MyComplexPassword",
 }

以序列化的dict作为二进制字符串：

 body = b'{"mail": "test@gmail.com", "mot_de_passe": "MyComplexPassword"}'