这篇文章主要讲解了“淘宝h5页面的sign加密算法是怎么用的”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“淘宝h5页面的sign加密算法是怎么用的”吧!
淘宝对于h6的访问采用了和客户端不同的方式,由于在h6的js代码中保存appsercret具有较高的风险,mtop采用了随机分配令牌的方式,为每个访问端分配一个token,保存在用户的cookie中,通过cookie带回服务端分配的token, 客户端利用分配的token对请求的URL参数生成摘要值sign,
MTOP利用这个摘用值和cookie中的token来防止URL篡改。
当本地cookie中的token为空时(通常是第一次访问),mtop会收到”FAIL_SYS_TOKEN_EXOIRED:: 令牌过期“这个错误应答,同时mtop会生成token写入cookie中(response.cookies)。
第二次请求时,js通过读取cookie中的token值,按照约定的算法生成sign, sign在mtop的请求中带上,mtop通过cookie中和token用同样的方式计算出sign,与请求的sign进行比较,检查通过将返回api的应答,失败提示“FAIL_SYS_ILLEGAL_ACCESS:: 非法请求”
cookie中的token是有时效性的,遇到token失效时,将收到应答"FAIL_SYS_TOKEN_EXOIRED:: 令牌过期", 同时会写入新的token,js利用新的token重新计算sign并重发请求。
关于cookie中的token的自我检查,由于token在cookie中是明文的,可能会被仿冒,在输出的cookie中包含一个用非对称密钥的公钥加密后的token, MTOP在每次请求时会先检查cookie中的token是否是由服务端分配出去的(利用加密后的token和私钥还原token,与回传的明文token比较)
关于sign的生成公式:
md5Hex(token&t&appKey&data)
如:md5Hex(“645d1f414d4914297dfaab40f3f76016 &1234&4272&{"itemNumId":"1500011132496"}”)
sign=d2b2f818a03496b296b899a230c03abd
token
关于cookie的有效时长,cookie的有效时长为7天,但是token的有效时长目前为60分钟
m_h6tk: 格式为 明文token_expireTime, 从response.cookies处获取,如: 2fcd2baa62fc60f73c0487a9f8a0a9d1_1362559577301
token就是2fcd2baa62fc60f73c0487a9f8a0a9d1
t
很简单,即时间戳 int(time.time()*1000)
appKey
一般是固定数值
data
一般是提交的参数
example
function get_sign_demo(the_params_for_signing) {function t(e, t) {return e << t | e >>> 32 - t }function n(e, t) {var n, o, i, r, s;return i = 2147483648 & e, r = 2147483648 & t, n = 1073741824 & e, o = 1073741824 & t, s = (1073741823 & e) + (1073741823 & t), n & o ? 2147483648 ^ s ^ i ^ r : n | o ? 1073741824 & s ? 3221225472 ^ s ^ i ^ r : 1073741824 ^ s ^ i ^ r : s ^ i ^ r }function o(e, t, n) {return e & t | ~e & n }function i(e, t, n) {return e & n | t & ~n }function r(e, t, n) {return e ^ t ^ n }function s(e, t, n) {return t ^ (e | ~n) }function a(e, i, r, s, a, p, u) {return e = n(e, n(n(o(i, r, s), a), u)), n(t(e, p), i) }function p(e, o, r, s, a, p, u) {return e = n(e, n(n(i(o, r, s), a), u)), n(t(e, p), o) }function u(e, o, i, s, a, p, u) {return e = n(e, n(n(r(o, i, s), a), u)), n(t(e, p), o) }function c(e, o, i, r, a, p, u) {return e = n(e, n(n(s(o, i, r), a), u)), n(t(e, p), o) }function d(e) {for (var t, n = e.length, o = n + 8, i = (o - o % 64) / 64, r = 16 * (i + 1), s = new Array(r - 1), a = 0, p = 0; n > p;) { t = (p - p % 4) / 4, a = p % 4 * 8, s[t] = s[t] | e.charCodeAt(p) << a, p++ }return t = (p - p % 4) / 4, a = p % 4 * 8, s[t] = s[t] | 128 << a, s[r - 2] = n << 3, s[r - 1] = n >>> 29, s }function l(e) {var t, n, o = "", i = "";for (n = 0; 3 >= n; n++) { t = e >>> 8 * n & 255, i = "0" + t.toString(16), o += i.substr(i.length - 2, 2) }return o }function f(e) { e = e.replace(/\r\n/g, "\n");for (var t = "", n = 0; n < e.length; n++) {var o = e.charCodeAt(n);128 > o ? t += String.fromCharCode(o) : o > 127 && 2048 > o ? (t += String.fromCharCode(o >> 6 | 192), t += String.fromCharCode(63 & o | 128)) : (t += String.fromCharCode(o >> 12 | 224), t += String.fromCharCode(o >> 6 & 63 | 128), t += String.fromCharCode(63 & o | 128)) }return t }var m, h, g, v, _, y, R, w, E, S = [], O = 7, b = 12, T = 17, q = 22, A = 5, x = 9, C = 14, N = 20, J = 4, k = 11, L = 16, D = 23, I = 6, P = 10, F = 15, j = 21;for (the_params_for_signing = f(the_params_for_signing), S = d(the_params_for_signing), y = 1732584193, R = 4023233417, w = 2562383102, E = 271733878, m = 0; m < S.length; m += 16) { h = y, g = R, v = w, _ = E, y = a(y, R, w, E, S[m + 0], O, 3614090360), E = a(E, y, R, w, S[m + 1], b, 3905402710), w = a(w, E, y, R, S[m + 2], T, 606105819), R = a(R, w, E, y, S[m + 3], q, 3250441966), y = a(y, R, w, E, S[m + 4], O, 4118548399), E = a(E, y, R, w, S[m + 5], b, 1200080426), w = a(w, E, y, R, S[m + 6], T, 2821735955), R = a(R, w, E, y, S[m + 7], q, 4249261313), y = a(y, R, w, E, S[m + 8], O, 1770035416), E = a(E, y, R, w, S[m + 9], b, 2336552879), w = a(w, E, y, R, S[m + 10], T, 4294925233), R = a(R, w, E, y, S[m + 11], q, 2304563134), y = a(y, R, w, E, S[m + 12], O, 1804603682), E = a(E, y, R, w, S[m + 13], b, 4254626195), w = a(w, E, y, R, S[m + 14], T, 2792965006), R = a(R, w, E, y, S[m + 15], q, 1236535329), y = p(y, R, w, E, S[m + 1], A, 4129170786), E = p(E, y, R, w, S[m + 6], x, 3225465664), w = p(w, E, y, R, S[m + 11], C, 643717713), R = p(R, w, E, y, S[m + 0], N, 3921069994), y = p(y, R, w, E, S[m + 5], A, 3593408605), E = p(E, y, R, w, S[m + 10], x, 38016083), w = p(w, E, y, R, S[m + 15], C, 3634488961), R = p(R, w, E, y, S[m + 4], N, 3889429448), y = p(y, R, w, E, S[m + 9], A, 568446438), E = p(E, y, R, w, S[m + 14], x, 3275163606), w = p(w, E, y, R, S[m + 3], C, 4107603335), R = p(R, w, E, y, S[m + 8], N, 1163531501), y = p(y, R, w, E, S[m + 13], A, 2850285829), E = p(E, y, R, w, S[m + 2], x, 4243563512), w = p(w, E, y, R, S[m + 7], C, 1735328473), R = p(R, w, E, y, S[m + 12], N, 2368359562), y = u(y, R, w, E, S[m + 5], J, 4294588738), E = u(E, y, R, w, S[m + 8], k, 2272392833), w = u(w, E, y, R, S[m + 11], L, 1839030562), R = u(R, w, E, y, S[m + 14], D, 4259657740), y = u(y, R, w, E, S[m + 1], J, 2763975236), E = u(E, y, R, w, S[m + 4], k, 1272893353), w = u(w, E, y, R, S[m + 7], L, 4139469664), R = u(R, w, E, y, S[m + 10], D, 3200236656), y = u(y, R, w, E, S[m + 13], J, 681279174), E = u(E, y, R, w, S[m + 0], k, 3936430074), w = u(w, E, y, R, S[m + 3], L, 3572445317), R = u(R, w, E, y, S[m + 6], D, 76029189), y = u(y, R, w, E, S[m + 9], J, 3654602809), E = u(E, y, R, w, S[m + 12], k, 3873151461), w = u(w, E, y, R, S[m + 15], L, 530742520), R = u(R, w, E, y, S[m + 2], D, 3299628645), y = c(y, R, w, E, S[m + 0], I, 4096336452), E = c(E, y, R, w, S[m + 7], P, 1126891415), w = c(w, E, y, R, S[m + 14], F, 2878612391), R = c(R, w, E, y, S[m + 5], j, 4237533241), y = c(y, R, w, E, S[m + 12], I, 1700485571), E = c(E, y, R, w, S[m + 3], P, 2399980690), w = c(w, E, y, R, S[m + 10], F, 4293915773), R = c(R, w, E, y, S[m + 1], j, 2240044497), y = c(y, R, w, E, S[m + 8], I, 1873313359), E = c(E, y, R, w, S[m + 15], P, 4264355552), w = c(w, E, y, R, S[m + 6], F, 2734768916), R = c(R, w, E, y, S[m + 13], j, 1309151649), y = c(y, R, w, E, S[m + 4], I, 4149444226), E = c(E, y, R, w, S[m + 11], P, 3174756917), w = c(w, E, y, R, S[m + 2], F, 718787259), R = c(R, w, E, y, S[m + 9], j, 3951481745), y = n(y, h), R = n(R, g), w = n(w, v), E = n(E, _) }var H = l(y) + l(R) + l(w) + l(E);return H.toLowerCase() }
#!/usr/bin/env python# -*- coding:utf-8 -*-import js2pyimport osimport threading mutex = threading.Lock()# with open(r"D:\taobao_sign.js", encoding='utf-8') as f:cx = f.read() context = js2py.EvalJs() context.execute(cx)def get_sign(_m_h6_tk_first, time_dd, data):with open(r"D:\taobao_sign.js", encoding='utf-8') as f: cx = f.read() ctx = execjs.compile(cx) sign_str = _m_h6_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data sign = ctx.call("get_sign_demo", sign_str) print("sign : ", sign) mutex.acquire() context = js2py.EvalJs() context.execute(cx) sign_str = _m_h6_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data sign = context.get_sign_demo(sign_str)# mutex.release()return sign
感谢各位的阅读,以上就是“淘宝h5页面的sign加密算法是怎么用的”的内容了,经过本文的学习后,相信大家对淘宝h5页面的sign加密算法是怎么用的这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是亿速云,小编将为大家推送更多相关知识点的文章,欢迎关注!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。