django base64 decode encode返回不同​​的值

时间:2010-08-10 07:49:57

标签: django django-models oauth base64 authlogic-oauth

我想知道是否有什么东西可以解释我可能在哪里出错。

我需要生成一个签名密钥,以便与Gigya一起使用一个openauth平台

这是他们的Ruby信息的返工, http://wiki.gigya.com/020_Developer_Guide/70_Server_Side_API_(REST)#tab-2

这是我到目前为止所做的。

#@ escape the status message and replace all + with %20 as spaces are CGI.escaped to +
>message_text = re.subn(r'\+',"%20","Hello")[0]  
user = 1

#@ here are the parameters you need to supply from your Gigya site's settings page.
> api_url = "http://socialize-api.gigya.com/socialize.setStatus"  
api_key = "2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFxRelMdvdAdM"  #not the   real key  
gigya_secret_key = "Vf6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY=" 

#@ decode secret key and prepare nonce.
>gigya_secret = a2b_base64('f6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY=')  
timestamp = int(time.time())
# timestamp = 1281427277

nonce = "%(a)d%(b)i" % {'a':1, 'b':timestamp,}  
http_method = "GET"  

#@ parameters are ordered alphabetically, base string include HTTP method call and its parameters, all separated with unescaped "&"
>parameters = 'apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6&nonce=11281427277&status=Hello&timestamp=1281427277&uid=1' 

>encoded_api = api_url.replace('//', '%3A').replace('/', '%2F') 
# http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus

>encoded_par_1 = re.subn(r'\&', "%26", parameters)[0]
# apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce=11281427277%26status=Hello%26timestamp=1281427277%26uid=1

encoded_parameters = re.subn(r'\=', "%3D", encoded_par_1)[0]  
# apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1
>base_string = '%(a)s&%(b)s&%(c)s' % {'a':http_method, 'b':encoded_api, 'c':encoded_parameters, } 
# GET&http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus&apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1 

#@ hmac/sha1 encription for the gigya secret and the base_string 

>hmacsha1 = hmac.new(gigya_secret, base_string, hashlib.sha1)  

>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]  
# mMWb+7VE7L7+csYwwI00vWYu8IM=

>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F')) 
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D

#@ finalized api request url with the signed signature
>request_url = '%(a)s?apiKey=%(b)s&nonce=%(c)s&status=%(d)s&timestamp=%(e)s&uid=%(f)s&sig=%(g)s' % {'a':api_url, 'b':api_key, 'c':nonce, 'd':message_text, 'e':timestamp, 'f':user, 'g':gigya_sign }
# request_url = http://socialize-api.gigya.com/socialize.setStatus?apiKey=2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFXralMdvdAdM&nonce=11281427277&status=Hello&timestamp=1281427277&uid=1&sig=bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D

现在我似乎总是得到错误的结果。

非常感谢任何帮助。

1 个答案:

答案 0 :(得分:1)

我无法在任何地方找到signature的值。您可以使用Base64编码签名两次

>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]  
# mMWb+7VE7L7+csYwwI00vWYu8IM=

>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F')) 
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D

请注意,您在第一行中为hmacsha1分配了摘要的Base64编码值(为什么要省略结果的最后一个字符?)然后再使用b2a_base64对其进行编码。

我也想知道为什么要手动替换+/; urlquote()应该已经这样做了(如果没有,我会说这是urlquote()中应该修复的错误。)