我想知道是否有什么东西可以解释我可能在哪里出错。
我需要生成一个签名密钥,以便与Gigya一起使用一个openauth平台
这是他们的Ruby信息的返工, http://wiki.gigya.com/020_Developer_Guide/70_Server_Side_API_(REST)#tab-2
这是我到目前为止所做的。
#@ escape the status message and replace all + with %20 as spaces are CGI.escaped to +
>message_text = re.subn(r'\+',"%20","Hello")[0]
user = 1
#@ here are the parameters you need to supply from your Gigya site's settings page.
> api_url = "http://socialize-api.gigya.com/socialize.setStatus"
api_key = "2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFxRelMdvdAdM" #not the real key
gigya_secret_key = "Vf6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY="
#@ decode secret key and prepare nonce.
>gigya_secret = a2b_base64('f6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY=')
timestamp = int(time.time())
# timestamp = 1281427277
nonce = "%(a)d%(b)i" % {'a':1, 'b':timestamp,}
http_method = "GET"
#@ parameters are ordered alphabetically, base string include HTTP method call and its parameters, all separated with unescaped "&"
>parameters = 'apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6&nonce=11281427277&status=Hello×tamp=1281427277&uid=1'
>encoded_api = api_url.replace('//', '%3A').replace('/', '%2F')
# http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus
>encoded_par_1 = re.subn(r'\&', "%26", parameters)[0]
# apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce=11281427277%26status=Hello%26timestamp=1281427277%26uid=1
encoded_parameters = re.subn(r'\=', "%3D", encoded_par_1)[0]
# apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1
>base_string = '%(a)s&%(b)s&%(c)s' % {'a':http_method, 'b':encoded_api, 'c':encoded_parameters, }
# GET&http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus&apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1
#@ hmac/sha1 encription for the gigya secret and the base_string
>hmacsha1 = hmac.new(gigya_secret, base_string, hashlib.sha1)
>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]
# mMWb+7VE7L7+csYwwI00vWYu8IM=
>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F'))
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
#@ finalized api request url with the signed signature
>request_url = '%(a)s?apiKey=%(b)s&nonce=%(c)s&status=%(d)s×tamp=%(e)s&uid=%(f)s&sig=%(g)s' % {'a':api_url, 'b':api_key, 'c':nonce, 'd':message_text, 'e':timestamp, 'f':user, 'g':gigya_sign }
# request_url = http://socialize-api.gigya.com/socialize.setStatus?apiKey=2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFXralMdvdAdM&nonce=11281427277&status=Hello×tamp=1281427277&uid=1&sig=bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
现在我似乎总是得到错误的结果。
非常感谢任何帮助。
答案 0 :(得分:1)
我无法在任何地方找到signature
的值。您可以使用Base64编码签名两次:
>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]
# mMWb+7VE7L7+csYwwI00vWYu8IM=
>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F'))
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
请注意,您在第一行中为hmacsha1
分配了摘要的Base64编码值(为什么要省略结果的最后一个字符?)然后再使用b2a_base64
对其进行编码。
我也想知道为什么要手动替换+
和/
; urlquote()
应该已经这样做了(如果没有,我会说这是urlquote()
中应该修复的错误。)