我使用crossbar HTTP桥接服务调用者来使用已注册的RPC。但是当我发出HTTP POST消息时,我得到了无效的请求签名'作为回应。
根据http://crossbar.io/docs/HTTP-Bridge-Services-Caller/,
签名计算为以下值的Base64编码:HMAC [SHA256] _ {secret}(key | timestamp | seq | nonce | body)
如何正确连接?我尝试了有和没有角色|和空间。
已签名请求的交叉开关config.json文件的部分:
"call-signed": {
"type": "caller",
"realm": "realm1",
"role": "anonymous",
"options": {
"key": "foobar",
"secret": "secret",
"post_body_limit": 0,
"timestamp_delta_limit": 0,
"require_ip": [
"127.0.0.1"
],
"require_tls": false,
"debug": true
}
}
发送请求的python代码:
import hmac
import hashlib
import base64
import requests
import json
key = "foobar"
timestamp = "2011-10-14T16:59:51.123Z"
seq = "0"
nonce = "22"
# construct body
args = [1, 3, 2]
kwargs = None
options = None
proc = 'com.myapp.func'
payload = {"procedure": proc}
if args:
payload['args'] = list(args)
if kwargs:
payload['kwargs'] = dict(kwargs)
body = payload
body = json.dumps(body)
# construct signature
# (key | timestamp | seq | nonce | body)
message = key + "" + timestamp + "" + seq + "" + nonce + "" + body
print message
secret = "secret"
signature = base64.b64encode(hmac.new(secret, msg=message, digestmod=hashlib.sha256).digest())
print signature
# HTTP POST
url = "http://127.0.0.1:8080/call-signed?" + \
"seq=" + seq + \
"&key=" + key + \
"&nonce=" + nonce + \
"&signature=" + signature + \
"×tamp=" + timestamp
headers = {'content-type': 'application/json'}
s = requests.Session()
r = s.post(url, data=body, headers=headers)
print r.text
答案 0 :(得分:0)
我正在使用CrossbarHTTP https://github.com/thehq/python-crossbarhttp来处理HTTP桥接服务,但如果您坚持使用自己的代码,则可以检查此https://github.com/thehq/python-crossbarhttp/blob/master/crossbarhttp/crossbarhttp.py文件中的_compute_signature()方法,它可能会对您有所帮助。