Fatal编程技术网
  • python/
  • Python Crossbar.io:HTTP网桥服务调用方:正确发送已签名的请求

Python Crossbar.io:HTTP网桥服务调用方:正确发送已签名的请求

python

Python Crossbar.io:HTTP网桥服务调用方:正确发送已签名的请求,python,autobahn,crossbar,wamp-protocol,Python,Autobahn,Crossbar,Wamp Protocol,我正在使用crossbar HTTP网桥服务调用程序来使用已注册的RPC。但是当我发出HTTPPOST消息时,我得到了“无效的请求签名”作为响应 据报道, 作为以下值的Base64编码计算的签名:HMAC[SHA256]{secret}(key | timestamp | seq | nonce | body) 如何正确地进行连接?我尝试了使用和不使用字符和空格 已签名请求的crossbar config.json文件部分: "call-signed": {

我正在使用crossbar HTTP网桥服务调用程序来使用已注册的RPC。但是当我发出HTTPPOST消息时,我得到了“无效的请求签名”作为响应

据报道,

作为以下值的Base64编码计算的签名:HMAC[SHA256]{secret}(key | timestamp | seq | nonce | body)

如何正确地进行连接?我尝试了使用和不使用字符和空格

已签名请求的crossbar config.json文件部分:

        "call-signed": {
          "type": "caller",
          "realm": "realm1",
          "role": "anonymous",
          "options": {
            "key": "foobar",
            "secret": "secret",
            "post_body_limit": 0,
            "timestamp_delta_limit": 0,
            "require_ip": [
              "127.0.0.1"
            ],
            "require_tls": false,
            "debug": true
          }
        }

import hmac
import hashlib
import base64
import requests
import json

key = "foobar"
timestamp = "2011-10-14T16:59:51.123Z"
seq = "0"
nonce = "22"

# construct body
args = [1, 3, 2]
kwargs = None
options = None

proc = 'com.myapp.func'
payload = {"procedure": proc}

if args:
    payload['args'] = list(args)

if kwargs:
    payload['kwargs'] = dict(kwargs)

body = payload
body = json.dumps(body)

# construct signature
# (key | timestamp | seq | nonce | body)
message = key + "" + timestamp + "" + seq + "" + nonce + "" + body

print message

secret = "secret"

signature = base64.b64encode(hmac.new(secret, msg=message, digestmod=hashlib.sha256).digest())

print signature

# HTTP POST

url = "http://127.0.0.1:8080/call-signed?" + \
      "seq=" + seq + \
      "&key=" + key + \
      "&nonce=" + nonce + \
      "&signature=" + signature + \
      "&timestamp=" + timestamp

headers = {'content-type': 'application/json'}

s = requests.Session()
r = s.post(url, data=body, headers=headers)

print r.text
发送请求的python代码:

        "call-signed": {
          "type": "caller",
          "realm": "realm1",
          "role": "anonymous",
          "options": {
            "key": "foobar",
            "secret": "secret",
            "post_body_limit": 0,
            "timestamp_delta_limit": 0,
            "require_ip": [
              "127.0.0.1"
            ],
            "require_tls": false,
            "debug": true
          }
        }

import hmac
import hashlib
import base64
import requests
import json

key = "foobar"
timestamp = "2011-10-14T16:59:51.123Z"
seq = "0"
nonce = "22"

# construct body
args = [1, 3, 2]
kwargs = None
options = None

proc = 'com.myapp.func'
payload = {"procedure": proc}

if args:
    payload['args'] = list(args)

if kwargs:
    payload['kwargs'] = dict(kwargs)

body = payload
body = json.dumps(body)

# construct signature
# (key | timestamp | seq | nonce | body)
message = key + "" + timestamp + "" + seq + "" + nonce + "" + body

print message

secret = "secret"

signature = base64.b64encode(hmac.new(secret, msg=message, digestmod=hashlib.sha256).digest())

print signature

# HTTP POST

url = "http://127.0.0.1:8080/call-signed?" + \
      "seq=" + seq + \
      "&key=" + key + \
      "&nonce=" + nonce + \
      "&signature=" + signature + \
      "&timestamp=" + timestamp

headers = {'content-type': 'application/json'}

s = requests.Session()
r = s.post(url, data=body, headers=headers)

print r.text
我正在使用CrossbarHTTP来处理HTTP网桥服务,但如果您坚持使用自己的代码,您可以检查此文件中的_compute_signature()方法,这可能会对您有所帮助。

此堆栈问题的未来访问者应该访问,而不是发布的不再有效的URL