假装客户端签名端点
Feign Client Signed Endpoint
我正在使用 Spring Feign 客户端访问 Binance API。
某些API如SIGNED Endpoint Examples for POST /api/v3/order需要使用-sha256 -hmac签名。
文档说明如何使用 cURL + OpenSSL
调用已签名的 API
示例 1:作为请求正文
请求正文:
symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559
HMAC SHA256 签名:
[linux]$ echo -n "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559" | openssl dgst -sha256 -hmac "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"
(stdin)= c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
curl 命令:
(HMAC SHA256)
[linux]$ curl -H "X-MBX-APIKEY: vmPUZE6mv9SD5VNHk4HlWFsOr6aKE2zvsw0MuIgwCIPy6utIco14y7Ju91duEh8A" -X POST 'https://api.binance.com/api/v3/order' -d 'symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559&signature=c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71'
如何使用 FeignClient 来实现?
我必须创建一个 RequestInterceptor 吗?
如有任何建议,我们将不胜感激。
此致,
弗拉维奥·奥利瓦
我能够使用以下代码签署请求:
public class Signature {
public static void main(String args[]) {
String message = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559";
String key = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
String algorithm = "HmacSHA256"; // OPTIONS= HmacSHA512, HmacSHA256, HmacSHA1, HmacMD5
System.out.println(hmacSha(key, message, algorithm));
// output
// c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
}
private static String hmacSha(String KEY, String VALUE, String SHA_TYPE) {
try {
SecretKeySpec signingKey = new SecretKeySpec(KEY.getBytes("UTF-8"), SHA_TYPE);
Mac mac = Mac.getInstance(SHA_TYPE);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(VALUE.getBytes("UTF-8"));
byte[] hexArray = {(byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f'};
byte[] hexChars = new byte[rawHmac.length * 2];
for (int j = 0; j < rawHmac.length; j++) {
int v = rawHmac[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
这是我的最终解决方案:
我正在使用 spring-boot 2.3.3.
@FeignClient(name = "order", url = "${binance.api.url}", decode404 = true, configuration = SignedEndpointFeignConfiguration.class)
public interface OrderApi {
@PostMapping(value = "/api/v3/order", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
ResponseEntity<String> newOrder(@SpringQueryMap OrderRequest orderRequest);
}
@Slf4j
public class SignedEndpointFeignConfiguration extends BinanceDefaultFeignConfiguration {
public SignedEndpointFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
super(binanceApi);
}
@Bean
public RequestInterceptor requestInterceptor() {
return new SignatureInterceptor(binanceApi);
}
}
@Slf4j
public class BinanceDefaultFeignConfiguration {
protected final ApplicationProperties.BinanceApi binanceApi;
public BinanceDefaultFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
this.binanceApi = binanceApi;
}
@Bean
public ErrorDecoder errorDecoder() {
return new FeignErrorDecoder();
}
@Bean
public Logger.Level logger() {
return Logger.Level.FULL;
}
@Bean
public Encoder encoder() {
return new JacksonEncoder();
}
@Bean
public Decoder decoder() {
return new ResponseEntityDecoder(new SpringDecoder(feignHttpMessageConverter()));
}
public ObjectFactory<HttpMessageConverters> feignHttpMessageConverter() {
final HttpMessageConverters httpMessageConverters = new HttpMessageConverters(new GateWayMappingJackson2HttpMessageConverter());
return () -> httpMessageConverters;
}
public static class GateWayMappingJackson2HttpMessageConverter extends MappingJackson2HttpMessageConverter {
GateWayMappingJackson2HttpMessageConverter() {
List<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON);
setSupportedMediaTypes(mediaTypes);
}
}
@Bean
public RequestInterceptor requestInterceptor() {
return (RequestTemplate template) -> template.header("X-MBX-APIKEY", binanceApi.apiKey);
}
}
@Slf4j
@AllArgsConstructor
public class SignatureInterceptor implements RequestInterceptor {
protected final ApplicationProperties.BinanceApi binanceApi;
@Override
public void apply(RequestTemplate template) {
addApiKeyToHeader(template);
addSignatureToQueryParams(template);
}
private void addApiKeyToHeader(RequestTemplate template) {
template.header("X-MBX-APIKEY", binanceApi.apiKey);
}
private void addSignatureToQueryParams(RequestTemplate template) {
final String signature = Signature.encode(binanceApi.secretKey, getQueryLineWithoutQuestionMark(template));
log.debug("Signature: {}", signature);
template.query("signature", signature);
}
private static String getQueryLineWithoutQuestionMark(RequestTemplate template) {
final String queryLineWithoutQuestionMark = template.queryLine().substring(1);
log.debug("Request Params: {}", queryLineWithoutQuestionMark);
return template.queryLine().substring(1);
}
}
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
/**
* Utility class used to sign a provided data.
*/
public class Signature {
/**
* @param key the key used to sign the data.
* @param data the data to be signed in UTF-8 format.
* @return the data signature.
*/
public static String encode(String key, String data) {
try {
Mac hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
hmac.init(secret_key);
return new String(Hex.encodeHex(hmac.doFinal(data.getBytes(StandardCharsets.UTF_8))));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
@Component
@PropertySource(value = "classpath:/application.yml")
public class ApplicationProperties {
@Component
@ConfigurationProperties(value = "binance.api")
public static class BinanceApi {
@Value("${url}")
public String url;
@Value("${apiKey}")
public String apiKey;
@Value("${secretKey}")
public String secretKey;
}
}
binance:
api:
url: https://api.binance.com
apiKey: abc
secretKey: xyz
logging:
level:
org.springframework: INFO
我正在使用 Spring Feign 客户端访问 Binance API。
某些API如SIGNED Endpoint Examples for POST /api/v3/order需要使用-sha256 -hmac签名。
文档说明如何使用 cURL + OpenSSL
示例 1:作为请求正文
请求正文:
symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559
HMAC SHA256 签名:
[linux]$ echo -n "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559" | openssl dgst -sha256 -hmac "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"
(stdin)= c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
curl 命令:
(HMAC SHA256)
[linux]$ curl -H "X-MBX-APIKEY: vmPUZE6mv9SD5VNHk4HlWFsOr6aKE2zvsw0MuIgwCIPy6utIco14y7Ju91duEh8A" -X POST 'https://api.binance.com/api/v3/order' -d 'symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559&signature=c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71'
如何使用 FeignClient 来实现?
我必须创建一个 RequestInterceptor 吗?
如有任何建议,我们将不胜感激。
此致,
弗拉维奥·奥利瓦
我能够使用以下代码签署请求:
public class Signature {
public static void main(String args[]) {
String message = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559";
String key = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
String algorithm = "HmacSHA256"; // OPTIONS= HmacSHA512, HmacSHA256, HmacSHA1, HmacMD5
System.out.println(hmacSha(key, message, algorithm));
// output
// c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71
}
private static String hmacSha(String KEY, String VALUE, String SHA_TYPE) {
try {
SecretKeySpec signingKey = new SecretKeySpec(KEY.getBytes("UTF-8"), SHA_TYPE);
Mac mac = Mac.getInstance(SHA_TYPE);
mac.init(signingKey);
byte[] rawHmac = mac.doFinal(VALUE.getBytes("UTF-8"));
byte[] hexArray = {(byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f'};
byte[] hexChars = new byte[rawHmac.length * 2];
for (int j = 0; j < rawHmac.length; j++) {
int v = rawHmac[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
这是我的最终解决方案:
我正在使用 spring-boot 2.3.3.
@FeignClient(name = "order", url = "${binance.api.url}", decode404 = true, configuration = SignedEndpointFeignConfiguration.class)
public interface OrderApi {
@PostMapping(value = "/api/v3/order", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
ResponseEntity<String> newOrder(@SpringQueryMap OrderRequest orderRequest);
}
@Slf4j
public class SignedEndpointFeignConfiguration extends BinanceDefaultFeignConfiguration {
public SignedEndpointFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
super(binanceApi);
}
@Bean
public RequestInterceptor requestInterceptor() {
return new SignatureInterceptor(binanceApi);
}
}
@Slf4j
public class BinanceDefaultFeignConfiguration {
protected final ApplicationProperties.BinanceApi binanceApi;
public BinanceDefaultFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
this.binanceApi = binanceApi;
}
@Bean
public ErrorDecoder errorDecoder() {
return new FeignErrorDecoder();
}
@Bean
public Logger.Level logger() {
return Logger.Level.FULL;
}
@Bean
public Encoder encoder() {
return new JacksonEncoder();
}
@Bean
public Decoder decoder() {
return new ResponseEntityDecoder(new SpringDecoder(feignHttpMessageConverter()));
}
public ObjectFactory<HttpMessageConverters> feignHttpMessageConverter() {
final HttpMessageConverters httpMessageConverters = new HttpMessageConverters(new GateWayMappingJackson2HttpMessageConverter());
return () -> httpMessageConverters;
}
public static class GateWayMappingJackson2HttpMessageConverter extends MappingJackson2HttpMessageConverter {
GateWayMappingJackson2HttpMessageConverter() {
List<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON);
setSupportedMediaTypes(mediaTypes);
}
}
@Bean
public RequestInterceptor requestInterceptor() {
return (RequestTemplate template) -> template.header("X-MBX-APIKEY", binanceApi.apiKey);
}
}
@Slf4j
@AllArgsConstructor
public class SignatureInterceptor implements RequestInterceptor {
protected final ApplicationProperties.BinanceApi binanceApi;
@Override
public void apply(RequestTemplate template) {
addApiKeyToHeader(template);
addSignatureToQueryParams(template);
}
private void addApiKeyToHeader(RequestTemplate template) {
template.header("X-MBX-APIKEY", binanceApi.apiKey);
}
private void addSignatureToQueryParams(RequestTemplate template) {
final String signature = Signature.encode(binanceApi.secretKey, getQueryLineWithoutQuestionMark(template));
log.debug("Signature: {}", signature);
template.query("signature", signature);
}
private static String getQueryLineWithoutQuestionMark(RequestTemplate template) {
final String queryLineWithoutQuestionMark = template.queryLine().substring(1);
log.debug("Request Params: {}", queryLineWithoutQuestionMark);
return template.queryLine().substring(1);
}
}
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
/**
* Utility class used to sign a provided data.
*/
public class Signature {
/**
* @param key the key used to sign the data.
* @param data the data to be signed in UTF-8 format.
* @return the data signature.
*/
public static String encode(String key, String data) {
try {
Mac hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
hmac.init(secret_key);
return new String(Hex.encodeHex(hmac.doFinal(data.getBytes(StandardCharsets.UTF_8))));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
@Component
@PropertySource(value = "classpath:/application.yml")
public class ApplicationProperties {
@Component
@ConfigurationProperties(value = "binance.api")
public static class BinanceApi {
@Value("${url}")
public String url;
@Value("${apiKey}")
public String apiKey;
@Value("${secretKey}")
public String secretKey;
}
}
binance:
api:
url: https://api.binance.com
apiKey: abc
secretKey: xyz
logging:
level:
org.springframework: INFO