如何在Django中签署sha1签名?
[英]how do I sign sha1 signature in Django?
问题描述
I have not really dug in deep into django and signatures 
我还没有真正深入研究Django和签名
I am trying to create a signature based on a given requirements 我正在尝试根据给定的要求创建签名
i = my username, v = expiration, and s = signature i =我的用户名,v =到期,s =签名
i: MYUSERNAME 我: MYUSERNAME
v: UNIX TIMESTAMP + 2 hours v: UNIX TIMESTAMP + 2小时
a: MY_API_KEY 一个: MY_API_KEY
s: SHA1 SIGNATURE that is ("i=MYUSERNAME&v=(UNIX_TIMESTAMP + API_KEY)") s: SHA1签名,即(“ i = MYUSERNAME&v =(UNIX_TIMESTAMP + API_KEY)”)
What I have so far. 到目前为止我所拥有的。
import hashlib
import datetime
from datetime import timedelta
import time
now = datetime.datetime.now()
now = now + timedelta(hours=2)
seconds = time.mktime(now.timetuple())
seconds = seconds
API = "87df234207v4444444"
signature = hashlib.sha1()
signature.update("i=MYUSERNAME&v=%s%s" % (seconds, API))
Then when I ping the url, I get a "Bad Signature" response 然后,当我ping通URL时,会收到“错误签名”响应
Again my knowledge in this area is limited, your help is much appreciated 同样,我在这方面的知识有限,非常感谢您的帮助
and the valid iframe to get the correct code is http://api.myurl.com/i=MYUSERNAME&v=UNIX TIMESTAMP + 2 HOURS&s=MY VALID SIGNATURE 而获得正确代码的有效iframe是http://api.myurl.com/i=MYUSERNAME&v=UNIX TIMESTAMP + 2 HOURS&s=MY VALID SIGNATURE
PDF Documentation PDF文件
Imagine that we need to calculate the signature for the following URI: 假设我们需要计算以下URI的签名:
http://framed.incloode.com/index.php?i=TEST&arg1=val1&arg2=val2&t=123 http://framed.incloode.com/index.php?i=TEST&arg1=val1&arg2=val2&t=123
The method to calculate the signature is as follows: 计算签名的方法如下:
- Go through the full list of parameters and the values, 浏览完整的参数和值列表,
- Append these into one long string HTML safestring,like a normal GET request, 将它们附加到一个长字符串HTML安全字符串中,例如普通的GET请求,
For the above URI this long string would end-up looking like this: i=TEST&arg1=val1&arg2=val2&t=123
- To specify until when this link should be valid, a validity must be added. 要指定此链接何时有效,必须添加有效性。 The validity is a UNIX timestamp – for a validity of 2 hours, the value time() + 7200 should be passed. 有效期为UNIX时间戳–有效期为2小时,应传递值time()+ 7200。 This validity (parameter and value) must also appended to the string to sign. 此有效性(参数和值)也必须附加到字符串后才能签名。 For the above URI this would now look like this: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890 The requests in the initial URI should be replaced by this list. 对于上面的URI,现在看起来像这样:i = TEST&arg1 = val1&arg2 = val2&t = 123&v = 1444567890初始URI中的请求应替换为该列表。
- The above collected string is then decoded from HTML(htmlspecialchars_decode()) so one ends up with a string looking like this: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890 上面收集的字符串然后从HTML(htmlspecialchars_decode())进行解码,因此最终得到的字符串如下所示:i = TEST&arg1 = val1&arg2 = val2&t = 123&v = 1444567890
- The “INCLOODE_API_SECRET” that you have been supplied with must be appended to this string: i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890**INCLOODE_API_SECRET** 您提供的“ INCLOODE_API_SECRET”必须附加到此字符串:i = TEST&arg1 = val1&arg2 = val2&t = 123&v = 1444567890 ** INCLOODE_API_SECRET **
- Then,finallytheSHA1checksumofthatstringmustbegenerated.Then,itis appended to the parameter/value list retrieved at step (3). 然后,最后必须生成该字符串的SHA1校验和。然后,将炎症附加到在步骤(3)检索的参数/值列表中。 This could end up looking like this: http://framed.incloode.com? 最终可能看起来像这样:http://framed.incloode.com? i=TEST&arg1=val1&arg2=val2&t=123&v=1444567890&s=abcdef0123456789 i = TEST&arg1 = val1&arg2 = val2&t = 123&v = 1444567890&s = abcdef0123456789
对于上面的URI,这个长字符串最终看起来像这样:i = TEST&arg1 = val1&arg2 = val2&t = 123
1 个解决方案
解决方案1
0 2011-05-18 13:49:24
The only thing I can see from your description is that you are not grabbing the hex digest at the end, which I can only assume is what the server expects. 从您的描述中我唯一可以看到的是,您最终并没有掌握十六进制摘要,我只能假设这是服务器所期望的。 Send this value instead: 而是发送此值:
hashed = signature.hexdigest()
Otherwise please post the documentation for this web service and make sure you are honoring case requirements (you never know...) 否则,请发布此Web服务的文档,并确保您遵守案例要求(您永远不会知道...)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.