Feign 客户端签名端点

【问题标题】:Feign Client Signed EndpointFeign 客户端签名端点
【发布时间】:2020-12-20 01:11:26
【问题描述】:

我正在使用 Spring Feign Client 访问 Binance API。

SIGNED Endpoint Examples for POST /api/v3/order 等某些 API 需要使用 -sha256 -hmac 进行签名。

文档讲述了如何使用 cURL + OpenSSL 调用签名的 API

示例 1:作为请求正文

请求正文:

symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559

HMAC SHA256 签名:

[linux]$ echo -n "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559" | openssl dgst -sha256 -hmac "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"
(stdin)= c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71

卷曲命令:

(HMAC SHA256)
[linux]$ curl -H "X-MBX-APIKEY: vmPUZE6mv9SD5VNHk4HlWFsOr6aKE2zvsw0MuIgwCIPy6utIco14y7Ju91duEh8A" -X POST 'https://api.binance.com/api/v3/order' -d 'symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559&signature=c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71'

我如何使用 FeignClient 来做到这一点?

我必须创建一个RequestInterceptor吗?

任何建议将不胜感激。

问候,

弗拉维奥·奥利瓦

【问题讨论】:

    标签: spring endpoint hmac signed feign


    【解决方案1】:

    我能够使用以下代码签署请求:

    public class Signature {
    public static void main(String args[]) {

        String message = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000&timestamp=1499827319559";
        String key = "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j";
        String algorithm = "HmacSHA256";  // OPTIONS= HmacSHA512, HmacSHA256, HmacSHA1, HmacMD5

        System.out.println(hmacSha(key, message, algorithm));
        // output
        // c8db56825ae71d6d79447849e617115f4a920fa2acdcab2b053c4b2838bd6b71

    }

    private static String hmacSha(String KEY, String VALUE, String SHA_TYPE) {
        try {
            SecretKeySpec signingKey = new SecretKeySpec(KEY.getBytes("UTF-8"), SHA_TYPE);
            Mac mac = Mac.getInstance(SHA_TYPE);
            mac.init(signingKey);
            byte[] rawHmac = mac.doFinal(VALUE.getBytes("UTF-8"));
            byte[] hexArray = {(byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f'};
            byte[] hexChars = new byte[rawHmac.length * 2];
            for (int j = 0; j < rawHmac.length; j++) {
                int v = rawHmac[j] & 0xFF;
                hexChars[j * 2] = hexArray[v >>> 4];
                hexChars[j * 2 + 1] = hexArray[v & 0x0F];
            }
            return new String(hexChars);
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }
}

    【讨论】:

      【解决方案2】:

      这是我的最终解决方案:

      我正在使用 spring-boot 2.3.3

      @FeignClient(name = "order", url = "${binance.api.url}", decode404 = true, configuration = SignedEndpointFeignConfiguration.class)
public interface OrderApi {


    @PostMapping(value = "/api/v3/order", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
    ResponseEntity<String> newOrder(@SpringQueryMap OrderRequest orderRequest);

}

      @Slf4j
public class SignedEndpointFeignConfiguration extends BinanceDefaultFeignConfiguration {

    public SignedEndpointFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
        super(binanceApi);
    }

    @Bean
    public RequestInterceptor requestInterceptor() {
        return new SignatureInterceptor(binanceApi);
    }

}

      @Slf4j
public class BinanceDefaultFeignConfiguration {

    protected final ApplicationProperties.BinanceApi binanceApi;

    public BinanceDefaultFeignConfiguration(ApplicationProperties.BinanceApi binanceApi) {
        this.binanceApi = binanceApi;
    }

    @Bean
    public ErrorDecoder errorDecoder() {
        return new FeignErrorDecoder();
    }

    @Bean
    public Logger.Level logger() {
        return Logger.Level.FULL;
    }

    @Bean
    public Encoder encoder() {
        return new JacksonEncoder();
    }

    @Bean
    public Decoder decoder() {
        return new ResponseEntityDecoder(new SpringDecoder(feignHttpMessageConverter()));
    }

    public ObjectFactory<HttpMessageConverters> feignHttpMessageConverter() {
        final HttpMessageConverters httpMessageConverters = new HttpMessageConverters(new GateWayMappingJackson2HttpMessageConverter());
        return () -> httpMessageConverters;
    }

    public static class GateWayMappingJackson2HttpMessageConverter extends MappingJackson2HttpMessageConverter {
        GateWayMappingJackson2HttpMessageConverter() {
            List<MediaType> mediaTypes = new ArrayList<>();
            mediaTypes.add(MediaType.APPLICATION_JSON);
            setSupportedMediaTypes(mediaTypes);
        }
    }

    @Bean
    public RequestInterceptor requestInterceptor() {
        return (RequestTemplate template) -> template.header("X-MBX-APIKEY", binanceApi.apiKey);
    }
}

      @Slf4j
@AllArgsConstructor
public class SignatureInterceptor implements RequestInterceptor {

    protected final ApplicationProperties.BinanceApi binanceApi;

    @Override
    public void apply(RequestTemplate template) {
        addApiKeyToHeader(template);
        addSignatureToQueryParams(template);
    }

    private void addApiKeyToHeader(RequestTemplate template) {
        template.header("X-MBX-APIKEY", binanceApi.apiKey);
    }

    private void addSignatureToQueryParams(RequestTemplate template) {
        final String signature = Signature.encode(binanceApi.secretKey, getQueryLineWithoutQuestionMark(template));
        log.debug("Signature: {}", signature);
        template.query("signature", signature);
    }


    private static String getQueryLineWithoutQuestionMark(RequestTemplate template) {
        final String queryLineWithoutQuestionMark = template.queryLine().substring(1);
        log.debug("Request Params: {}", queryLineWithoutQuestionMark);
        return template.queryLine().substring(1);
    }

}

      import org.apache.commons.codec.binary.Hex;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;

/**
 * Utility class used to sign a provided data.
 */
public class Signature {
    /**
     * @param key the key used to sign the data.
     * @param data the data to be signed in UTF-8 format.
     * @return the data signature.
     */
    public static String encode(String key, String data) {
        try {
            Mac hmac = Mac.getInstance("HmacSHA256");
            SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
            hmac.init(secret_key);
            return new String(Hex.encodeHex(hmac.doFinal(data.getBytes(StandardCharsets.UTF_8))));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

      @Component
@PropertySource(value = "classpath:/application.yml")
public class ApplicationProperties {

    @Component
    @ConfigurationProperties(value = "binance.api")
    public static class BinanceApi {

        @Value("${url}")
        public String url;

        @Value("${apiKey}")
        public String apiKey;

        @Value("${secretKey}")
        public String secretKey;

    }

}

      binance:
  api:
    url: https://api.binance.com
    apiKey: abc
    secretKey: xyz


logging:
  level:
    org.springframework: INFO

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2019-11-04
        • 1970-01-01
        • 2020-09-10
        • 2018-12-01
        • 2018-03-21
        • 2018-04-19
        • 2021-09-27
        • 2018-12-10
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode