//构造创建文件夹的签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token //path //root QString kpSDK::getCreateFolderSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr,\ const QString &oauTknStr, const QString &oauTknSercetStr,\ bool &isAppPath, QString &folderName) { QString createFolderBaseUrl; createFolderBaseUrl.clear(); //将请求的URI路径进行URL编码 createFolderBaseUrl.append("GET&"); createFolderBaseUrl.append(QUrl::toPercentEncoding(KP_CREATE_FOLDER_URL)); createFolderBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); paraStr.append("&"); paraStr.append(FOLDER_NAME); paraStr.append(QString(QUrl::toPercentEncoding(folderName))); paraStr.append("&"); paraStr.append(FOLDER_ROOT); if(isAppPath) { paraStr.append("app_folder"); } else { paraStr.append("kuaipan"); } createFolderBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),createFolderBaseUrl.toLatin1()); //返回签名 }
inline QByteArray SessionStore::signSession(const QByteArray &message) const { if (priv->macSecret.isEmpty()) return message; return message + ':' + hmacSha1(priv->macSecret, message); }
void MessageAuthenticator::authenticateMessage(QByteArray msg) { //take raw message and hash with key QByteArray mac = hmacSha1(key, msg); msg.append(mac); emit messageAuthenticated(msg); }
/** * Generates HMAC-SHA1 signature * @param signatureBase signature base * @return HMAC-SHA1 signature */ QByteArray OAuth::generateSignatureHMACSHA1(const QByteArray& signatureBase) { //OAuth spec. 9.2 https://oauth.net/core/1.0/#anchor16 QByteArray key = m_oauthConsumerSecret + '&' + m_oauthTokenSecret; QByteArray result = hmacSha1(signatureBase, key); QByteArray resultBE64 = result.toBase64(); QByteArray resultPE = resultBE64.toPercentEncoding(); return resultPE; }
QString HMACSha1Signature::getSignature(QString baseString, QString apiSecret, QString tokenSecret) { QByteArray key = apiSecret.toUtf8().toPercentEncoding(); key.append('&'); if(!tokenSecret.isEmpty()) { QByteArray tokenSecretEncode = tokenSecret.toUtf8().toPercentEncoding(); key.append(tokenSecretEncode); } QByteArray baseStringByte = baseString.toUtf8(); return hmacSha1(key, baseStringByte); }
//构造reqToken 获取签名 // oauth_consumer_key // oauth_nonce // oauth_timestamp QString kpSDK::getReqTknSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr) { QString ReqTokenBaseUrl; ReqTokenBaseUrl.clear(); //将请求的URI路径进行URL编码 ReqTokenBaseUrl.append("GET&"); ReqTokenBaseUrl.append(QUrl::toPercentEncoding(KP_REQUEST_TOKEN_SRC_URL)); ReqTokenBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); ReqTokenBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 return hmacSha1((consKeySecretStr+"&").toLatin1(),ReqTokenBaseUrl.toLatin1()); //返回签名 }
inline QByteArray SessionStore::unsignSession(const QByteArray &message) const { if (priv->macSecret.isEmpty()) return message; const int indexOfColon(message.lastIndexOf(':')); const QByteArray unhashedMessage(message.left(indexOfColon)); const QByteArray hash(message.mid(indexOfColon + 1)); if (hmacSha1(priv->macSecret, unhashedMessage) != hash) return QByteArray(); return unhashedMessage; }
//构造上传文件 签名 QString kpSDK::getUploadFileSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &oauTknStr, const QString &oauTknSercetStr,\ const bool &isOverWrite, const bool &isAppPath, const QString &toPath, const QString &fullUrl) { QString uploadFileBaseUrl; uploadFileBaseUrl.clear(); //将请求的URI路径进行URL编码 uploadFileBaseUrl.append("POST&"); uploadFileBaseUrl.append(QUrl::toPercentEncoding(fullUrl)); uploadFileBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); paraStr.append("&"); paraStr.append(UPLOAD_OVER_WRITE); //overwrite if(isOverWrite) paraStr.append("True"); else paraStr.append("False"); paraStr.append("&"); paraStr.append(FOLDER_NAME); //path paraStr.append(QUrl::toPercentEncoding(toPath)); paraStr.append("&"); paraStr.append(FOLDER_ROOT); //root if(isAppPath) { paraStr.append("app_folder"); } else { paraStr.append("kuaipan"); } uploadFileBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),uploadFileBaseUrl.toLatin1()); //返回签名 }
//构造获取上传节点 签名 QString kpSDK::getUploadLocateSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &oauTknStr, const QString &oauTknSercetStr) { QString upLocaBaseUrl; upLocaBaseUrl.clear(); //将请求的URI路径进行URL编码 upLocaBaseUrl.append("GET&"); upLocaBaseUrl.append(QUrl::toPercentEncoding(KP_UPLOAD_LOCATE_URL)); upLocaBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); upLocaBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),upLocaBaseUrl.toLatin1()); //返回签名 }
//构造获取用户信息 的签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token QString kpSDK::getUsrInfoSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr,\ const QString &oauTknStr, const QString &oauTknSercetStr) { QString getUsrInfoBaseUrl; getUsrInfoBaseUrl.clear(); //将请求的URI路径进行URL编码 getUsrInfoBaseUrl.append("GET&"); getUsrInfoBaseUrl.append(QUrl::toPercentEncoding(KP_GET_USR_INFO_URL)); getUsrInfoBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); getUsrInfoBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),getUsrInfoBaseUrl.toLatin1()); //返回签名 }
//构造请求accessToken 签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token QString kpSDK::getAcesTknSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &tmpTknStr, const QString &tmpTknSercetStr) { QString acesTknBaseUrl; acesTknBaseUrl.clear(); //将请求的URI路径进行URL编码 acesTknBaseUrl.append("GET&"); acesTknBaseUrl.append(QUrl::toPercentEncoding(KP_ACCESS_TOKEN_SRC_URL)); acesTknBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); paraStr.append(tmpTknStr); acesTknBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&"; secret=secret.append(tmpTknSercetStr); return hmacSha1(secret.toLatin1(),acesTknBaseUrl.toLatin1()); //返回签名 }
//构造 分享文件 签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token QString kpSDK::getShareFileSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &oauTknStr, const QString &oauTknSercetStr, \ const QString &newShareFileUrl) { QString shareFileBaseUrl; shareFileBaseUrl.clear(); //将请求的URI路径进行URL编码 shareFileBaseUrl.append("GET&"); shareFileBaseUrl.append(QUrl::toPercentEncoding(newShareFileUrl)); shareFileBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); shareFileBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),shareFileBaseUrl.toLatin1()); //返回签名 }
//构造删除文件 的签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token //path //root //to_recycle QString kpSDK::getDelFileSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &oauTknStr, const QString &oauTknSercetStr, \ bool &isAppPath, QString &fileName, bool &toRecyle) { QString delFileBaseUrl; delFileBaseUrl.clear(); //将请求的URI路径进行URL编码 delFileBaseUrl.append("GET&"); delFileBaseUrl.append(QUrl::toPercentEncoding(KP_DEL_FILE_URL)); delFileBaseUrl.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); paraStr.append("&"); paraStr.append(FOLDER_NAME); paraStr.append(QString(QUrl::toPercentEncoding(fileName))); paraStr.append("&"); paraStr.append(FOLDER_ROOT); if(isAppPath) { paraStr.append("app_folder&"); } else { paraStr.append("kuaipan&"); } paraStr.append(TO_RECYLE); if(toRecyle) { paraStr.append("True"); } else paraStr.append("False"); delFileBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),delFileBaseUrl.toLatin1()); //返回签名 }
void FbxAPI::requestSession() { QJsonObject json; json.insert("app_id", mApplicationId); json.insert("app_version",mApiInfo.version); json.insert("password",hmacSha1(mApplicationToken.toUtf8(), mChallenge.toUtf8())); QJsonDocument doc(json); QNetworkReply * reply = post(myCreateRequest("login/session"), doc.toJson()); connect(reply,SIGNAL(finished()),this,SLOT(requestSessionFinished())); connect(reply,SIGNAL(error(QNetworkReply::NetworkError)),this,SLOT(errorReceived(QNetworkReply::NetworkError))); qDebug()<<"app Id " <<mApplicationId; qDebug()<<"challenge "<<mChallenge; qDebug()<<reply->url(); qDebug()<<doc.toJson(); }
QString Utl::getAuthorizationCode(const QString &acc_key, const QString &method, const QMap<QString, QString> &headers, const QString &resource) { QString content_md5 = headers.value("Content-Md5",""); QString content_type = headers.value("Content-Type",""); QString date = headers.value("Date",""); QString canonicalized_resource = resource; QString canonicalized_oss_headers = ""; QMap<QString,QString> tmp_headers = _formatHeader(headers); if (tmp_headers.size()>0){ QMapIterator<QString,QString> it(tmp_headers); while(it.hasNext()){ it.next(); if (it.key().startsWith(self_define_header_prefix)){ canonicalized_oss_headers+=it.key()+":"+it.value()+"\n"; } } } QString string_to_sign=method + "\n" + content_md5 + "\n" + content_type + "\n" + date + "\n" + canonicalized_oss_headers + canonicalized_resource; // qDebug()<<canonicalized_oss_headers; return hmacSha1(acc_key.toLocal8Bit(),string_to_sign.toLocal8Bit()); }
//构造 下载文件的签名 //oauth_consumer_key //oauth_nonce //oauth_timestamp //oauth_token //path //root QString kpSDK::getDownFileSignature(QString ¶Str, const QString &consKeyStr, const QString &consKeySecretStr, \ const QString &oauTknStr, const QString &oauTknSercetStr, \ bool &isAppPath, const QString &fromPath) { QString dwnFileBaseUrl; dwnFileBaseUrl.clear(); //将请求的URI路径进行URL编码 dwnFileBaseUrl.append("GET&"); dwnFileBaseUrl.append(QUrl::toPercentEncoding(KP_DOWNLOAD_FILE_URL)); dwnFileBaseUrl.append("&"); paraStr.append(DATA_FROM_PATH); paraStr.append(QUrl::toPercentEncoding(fromPath)); paraStr.append("&"); //对参数进行升序排列 然后合并 addTknNonceTimes(paraStr,consKeyStr); paraStr.append("&"); paraStr.append(OATOKEN); //oauth_token paraStr.append(oauTknStr); paraStr.append("&"); paraStr.append(FOLDER_NAME); paraStr.append(QUrl::toPercentEncoding(fromPath)); paraStr.append("&"); paraStr.append(FOLDER_ROOT); if(isAppPath) { paraStr.append("app_folder"); } else { paraStr.append("kuaipan"); } dwnFileBaseUrl.append(QUrl::toPercentEncoding(paraStr));// 对参数进行编码 然后合并成源串 QString secret=consKeySecretStr+"&";//构建密钥 secret=secret.append(oauTknSercetStr); return hmacSha1(secret.toLatin1(),dwnFileBaseUrl.toLatin1()); //返回签名 }
QString saltPassword(const QString &salt, const QString &password) { return hmacSha1(password.toUtf8(), salt.toUtf8()).toBase64(); }
void Exchange_BTCChina::sendToApi(int reqType, QByteArray method, bool auth, bool sendNow, QByteArray commands) { if(auth) { if(julyHttpAuth==0) { julyHttpAuth=new JulyHttp("api.btcchina.com","",this,true,true,"application/json-rpc"); connect(julyHttpAuth,SIGNAL(anyDataReceived()),baseValues_->mainWindow_,SLOT(anyDataReceived())); connect(julyHttpAuth,SIGNAL(setDataPending(bool)),baseValues_->mainWindow_,SLOT(setDataPending(bool))); connect(julyHttpAuth,SIGNAL(apiDown(bool)),baseValues_->mainWindow_,SLOT(setApiDown(bool))); connect(julyHttpAuth,SIGNAL(errorSignal(QString)),baseValues_->mainWindow_,SLOT(showErrorMessage(QString))); connect(julyHttpAuth,SIGNAL(sslErrorSignal(const QList<QSslError> &)),this,SLOT(sslErrors(const QList<QSslError> &))); connect(julyHttpAuth,SIGNAL(dataReceived(QByteArray,int)),this,SLOT(dataReceivedAuth(QByteArray,int))); } QByteArray signatureParams; signatureParams=commands; signatureParams.replace("\"",""); signatureParams.replace("true","1"); signatureParams.replace("false",""); QByteArray postData; QByteArray appendedHeader; static int tonceCounter=0; static quint32 lastTonce=QDateTime::currentDateTime().toTime_t(); quint32 newTonce=QDateTime::currentDateTime().toTime_t(); if(lastTonce!=newTonce) { tonceCounter=0; lastTonce=newTonce; } else { tonceCounter+=10; if(tonceCounter>99)tonceCounter=0; } QByteArray tonceCounterData=QByteArray::number(tonceCounter); if(tonceCounter>9)tonceCounterData.append("0000"); else tonceCounterData.append("00000"); QByteArray tonce=QByteArray::number(newTonce)+tonceCounterData; QByteArray signatureString="tonce="+tonce+"&accesskey="+getApiKey()+"&requestmethod=post&id=1&method="+method+"¶ms="+signatureParams; signatureString=getApiKey()+":"+hmacSha1(getApiSign(),signatureString).toHex(); if(debugLevel&&reqType>299)logThread->writeLog(postData); postData="{\"method\":\""+method+"\",\"params\":["+commands+"],\"id\":1}"; appendedHeader="Authorization: Basic "+signatureString.toBase64()+"\r\n"; appendedHeader+="Json-Rpc-Tonce: "+tonce+"\r\n"; if(sendNow) julyHttpAuth->sendData(reqType, "POST /api_trade_v1.php",postData,appendedHeader); else julyHttpAuth->prepareData(reqType, "POST /api_trade_v1.php",postData,appendedHeader); }
QByteArray QtHmacSha1::hmacSha1(QByteArray buffer, int offset, int length) { return hmacSha1(buffer.mid(offset,length)); }