I was wondering if something can shed some light on where I might be going wrong with this.
I need to generate a signed Key for use with Gigya an openauth platform
This is a rework from their Ruby info, http://wiki.gigya.com/020_Developer_Guide/70_Server_Side_API_(REST)#tab-2
Here is what I have thus far.
#@ escape the status message and replace all + with %20 as spaces are CGI.escaped to +
>message_text = re.subn(r'\+',"%20","Hello")[0]
user = 1
#@ here are the parameters you need to supply from your Gigya site's settings page.
> api_url = "http://socialize-api.gigya.com/socialize.setStatus"
api_key = "2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFxRelMdvdAdM" #not the real key
gigya_secret_key = "Vf6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY="
#@ decode secret key and prepare nonce.
>gigya_secret = a2b_base64('f6IE6X59tKwDYuvKgsOOA5W6Gon4l6b9C+xVx0zsbY=')
timestamp = int(time.time())
# timestamp = 1281427277
nonce = "%(a)d%(b)i" % {'a':1, 'b':timestamp,}
http_method = "GET"
#@ parameters are ordered alphabetically, base string include HTTP method call and its parameters, all separated with unescaped "&"
>parameters = 'apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6&nonce=11281427277&status=Hello×tamp=1281427277&uid=1'
>encoded_api = api_url.replace('//', '%3A').replace('/', '%2F')
# http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus
>encoded_par_1 = re.subn(r'\&', "%26", parameters)[0]
# apiKey=U\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce=11281427277%26status=Hello%26timestamp=1281427277%26uid=1
encoded_parameters = re.subn(r'\=', "%3D", encoded_par_1)[0]
# apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1
>base_string = '%(a)s&%(b)s&%(c)s' % {'a':http_method, 'b':encoded_api, 'c':encoded_parameters, }
# GET&http:%3Asocialize-api.gigya.com%2Fsocialize.setStatus&apiKey%3DU\xfe\x88\x13\xa5\xf9\xf6\xd2\xb0\r\x8b\xaf*\x0b\x0e8\x0eV\xe8j'\xe2^\x9b\xf4/\x97\xc6\xfd3\xb1\xb6%26nonce%3D11281427277%26status%3DHello%26timestamp%3D1281427277%26uid%3D1
#@ hmac/sha1 encription for the gigya secret and the base_string
>hmacsha1 = hmac.new(gigya_secret, base_string, hashlib.sha1)
>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]
# mMWb+7VE7L7+csYwwI00vWYu8IM=
>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F'))
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
#@ finalized api request url with the signed signature
>request_url = '%(a)s?apiKey=%(b)s&nonce=%(c)s&status=%(d)s×tamp=%(e)s&uid=%(f)s&sig=%(g)s' % {'a':api_url, 'b':api_key, 'c':nonce, 'd':message_text, 'e':timestamp, 'f':user, 'g':gigya_sign }
# request_url = http://socialize-api.gigya.com/socialize.setStatus?apiKey=2_qf6pKytdGqrvufl3TW2jY-D6nDaMFsHJ1mg4ZR-xtjyq-PtyyDnwFXr开发者_JS百科alMdvdAdM&nonce=11281427277&status=Hello×tamp=1281427277&uid=1&sig=bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
Now I always seem to be getting the wrong result for the key.
Any help would be greatly appreciated.
I can't find the value for signature
anywhere. It is possible that you encode the signature twice with Base64:
>hmacsha1 = binascii.b2a_base64(hmacsha1.digest())[:-1]
# mMWb+7VE7L7+csYwwI00vWYu8IM=
>gigya_sign = urlquote(b2a_base64(hmacsha1).replace('\n', '').replace('\+', '%2B').replace('\/', '%2F'))
# bU1XYis3VkU3TDcrY3NZd3dJMDB2V1l1OElNPQ%3D%3D
Note that you assign hmacsha1
with the Base64 encoded value of the digest in the first line (why do you omit the last character of the result?) and then you encode that again with b2a_base64
.
I'm also wondering why you replace +
and /
manually; urlquote()
should already do that (if not, I'd say that's a bug in urlquote()
which should be fixed).
精彩评论