如何解决伪装客户签名的端点
我正在使用Spring Feign Client访问Binance API。
诸如SIGNED Endpoint Examples for POST /api/v3/order之类的某些API需要使用-sha256 -hmac
进行签名。
文档介绍了如何使用cURL + OpenSSL
调用签名的API
示例1:作为请求正文
requestBody:
symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559
HMAC SHA256签名:
[linux]$ echo -n "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559" | openssl dgst -sha256 -hmac "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"
(stdin)= c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
curl命令:
(HMAC SHA256)
[linux]$ curl -H "X-MBX-APIKEY: vmPUZE6mv9SD5VNHk4HlWFsOr6aKE2zvsw0MuIgwCIPy6utIco14y7Ju91duEh8A" -X POST 'https://api.binance.com/api/v3/order' -d 'symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559&signature=c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71'
如何使用FeignClient做到这一点?
我必须创建一个RequestInterceptor
吗?
任何建议将不胜感激。
此致
FlávioOliva
解决方法
我能够使用以下代码签署请求:
public class Signature {
public static void main(String args[]) {
String message = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559";
String key = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
String algorithm = "HmacSHA256"; // OPTIONS= HmacSHA512,HmacSHA256,HmacSHA1,HmacMD5
System.out.println(hmacSha(key,message,algorithm));
// output
// c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
}
private static String hmacSha(String KEY,String VALUE,String SHA_TYPE) {
try {
SecretKeySpec signingKey = new SecretKeySpec(KEY.getBytes("UTF-8"),SHA_TYPE);
Mac mac = Mac.getInstance(SHA_TYPE);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(VALUE.getBytes("UTF-8"));
byte[] hexArray = {(byte) '0',(byte) '1',(byte) '2',(byte) '3',(byte) '4',(byte) '5',(byte) '6',(byte) '7',(byte) '8',(byte) '9',(byte) 'a',(byte) 'b',(byte) 'c',(byte) 'd',(byte) 'e',(byte) 'f'};
byte[] hexChars = new byte[rawHmac.length * 2];
for (int j = 0; j < rawHmac.length; j++) {
int v = rawHmac[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
,
这是我的最终解决方案:
我正在使用spring-boot 2.3.3
。
@FeignClient(name = "order",url = "${binance.api.url}",decode404 = true,configuration = SignedEndpointFeignConfiguration.class)
public interface OrderApi {
@PostMapping(value = "/api/v3/order",consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
ResponseEntity<String> newOrder(@SpringQueryMap OrderRequest orderRequest);
}
@Slf4j
public class SignedEndpointFeignConfiguration extends BinanceDefaultFeignConfiguration {
public SignedEndpointFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
super(binanceApi);
}
@Bean
public RequestInterceptor requestInterceptor() {
return new SignatureInterceptor(binanceApi);
}
}
@Slf4j
public class BinanceDefaultFeignConfiguration {
protected final ApplicationProperties.BinanceApi binanceApi;
public BinanceDefaultFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
this.binanceApi = binanceApi;
}
@Bean
public ErrorDecoder errorDecoder() {
return new FeignErrorDecoder();
}
@Bean
public Logger.Level logger() {
return Logger.Level.FULL;
}
@Bean
public Encoder encoder() {
return new JacksonEncoder();
}
@Bean
public Decoder decoder() {
return new ResponseEntityDecoder(new SpringDecoder(feignHttpMessageConverter()));
}
public ObjectFactory<HttpMessageConverters> feignHttpMessageConverter() {
final HttpMessageConverters httpMessageConverters = new HttpMessageConverters(new GateWayMappingJackson2HttpMessageConverter());
return () -> httpMessageConverters;
}
public static class GateWayMappingJackson2HttpMessageConverter extends MappingJackson2HttpMessageConverter {
GateWayMappingJackson2HttpMessageConverter() {
List<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON);
setSupportedMediaTypes(mediaTypes);
}
}
@Bean
public RequestInterceptor requestInterceptor() {
return (RequestTemplate template) -> template.header("X-MBX-APIKEY",binanceApi.apiKey);
}
}
@Slf4j
@AllArgsConstructor
public class SignatureInterceptor implements RequestInterceptor {
protected final ApplicationProperties.BinanceApi binanceApi;
@Override
public void apply(RequestTemplate template) {
addApiKeyToHeader(template);
addSignatureToQueryParams(template);
}
private void addApiKeyToHeader(RequestTemplate template) {
template.header("X-MBX-APIKEY",binanceApi.apiKey);
}
private void addSignatureToQueryParams(RequestTemplate template) {
final String signature = Signature.encode(binanceApi.secretKey,getQueryLineWithoutQuestionMark(template));
log.debug("Signature: {}",signature);
template.query("signature",signature);
}
private static String getQueryLineWithoutQuestionMark(RequestTemplate template) {
final String queryLineWithoutQuestionMark = template.queryLine().substring(1);
log.debug("Request Params: {}",queryLineWithoutQuestionMark);
return template.queryLine().substring(1);
}
}
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
/**
* Utility class used to sign a provided data.
*/
public class Signature {
/**
* @param key the key used to sign the data.
* @param data the data to be signed in UTF-8 format.
* @return the data signature.
*/
public static String encode(String key,String data) {
try {
Mac hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8),"HmacSHA256");
hmac.init(secret_key);
return new String(Hex.encodeHex(hmac.doFinal(data.getBytes(StandardCharsets.UTF_8))));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
@Component
@PropertySource(value = "classpath:/application.yml")
public class ApplicationProperties {
@Component
@ConfigurationProperties(value = "binance.api")
public static class BinanceApi {
@Value("${url}")
public String url;
@Value("${apiKey}")
public String apiKey;
@Value("${secretKey}")
public String secretKey;
}
}
binance:
api:
url: https://api.binance.com
apiKey: vmPUZE6mv9SD5VNHk4HlWFsOr6aKE2zvsw0MuIgwCIPy6utIco14y7Ju91duEh8A
secretKey: NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j
logging:
level:
org.springframework: INFO
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。