溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要講解了“淘寶h5頁面的sign加密算法是怎么用的”,文中的講解內容簡單清晰,易于學習與理解,下面請大家跟著小編的思路慢慢深入,一起來研究和學習“淘寶h5頁面的sign加密算法是怎么用的”吧!
淘寶對于h6的訪問采用了和客戶端不同的方式,由于在h6的js代碼中保存appsercret具有較高的風險,mtop采用了隨機分配令牌的方式,為每個訪問端分配一個token,保存在用戶的cookie中,通過cookie帶回服務端分配的token, 客戶端利用分配的token對請求的URL參數生成摘要值sign,
MTOP利用這個摘用值和cookie中的token來防止URL篡改。
當本地cookie中的token為空時(通常是第一次訪問),mtop會收到”FAIL_SYS_TOKEN_EXOIRED:: 令牌過期“這個錯誤應答,同時mtop會生成token寫入cookie中(response.cookies)。
第二次請求時,js通過讀取cookie中的token值,按照約定的算法生成sign, sign在mtop的請求中帶上,mtop通過cookie中和token用同樣的方式計算出sign,與請求的sign進行比較,檢查通過將返回api的應答,失敗提示“FAIL_SYS_ILLEGAL_ACCESS:: 非法請求”
cookie中的token是有時效性的,遇到token失效時,將收到應答"FAIL_SYS_TOKEN_EXOIRED:: 令牌過期", 同時會寫入新的token,js利用新的token重新計算sign并重發請求。
關于cookie中的token的自我檢查,由于token在cookie中是明文的,可能會被仿冒,在輸出的cookie中包含一個用非對稱密鑰的公鑰加密后的token, MTOP在每次請求時會先檢查cookie中的token是否是由服務端分配出去的(利用加密后的token和私鑰還原token,與回傳的明文token比較)
關于sign的生成公式:
md5Hex(token&t&appKey&data)
如:md5Hex(“645d1f414d4914297dfaab40f3f76016 &1234&4272&{"itemNumId":"1500011132496"}”)
sign=d2b2f818a03496b296b899a230c03abd
token
關于cookie的有效時長,cookie的有效時長為7天,但是token的有效時長目前為60分鐘
m_h6tk: 格式為 明文token_expireTime, 從response.cookies處獲取,如: 2fcd2baa62fc60f73c0487a9f8a0a9d1_1362559577301
token就是2fcd2baa62fc60f73c0487a9f8a0a9d1
t
很簡單,即時間戳 int(time.time()*1000)
appKey
一般是固定數值
data
一般是提交的參數
example
function get_sign_demo(the_params_for_signing) {function t(e, t) {return e << t | e >>> 32 - t
}function n(e, t) {var n, o, i, r, s;return i = 2147483648 & e, r = 2147483648 & t, n = 1073741824 & e, o = 1073741824 & t, s = (1073741823 & e) + (1073741823 & t), n & o ? 2147483648 ^ s ^ i ^ r : n | o ? 1073741824 & s ? 3221225472 ^ s ^ i ^ r : 1073741824 ^ s ^ i ^ r : s ^ i ^ r
}function o(e, t, n) {return e & t | ~e & n
}function i(e, t, n) {return e & n | t & ~n
}function r(e, t, n) {return e ^ t ^ n
}function s(e, t, n) {return t ^ (e | ~n)
}function a(e, i, r, s, a, p, u) {return e = n(e, n(n(o(i, r, s), a), u)), n(t(e, p), i)
}function p(e, o, r, s, a, p, u) {return e = n(e, n(n(i(o, r, s), a), u)), n(t(e, p), o)
}function u(e, o, i, s, a, p, u) {return e = n(e, n(n(r(o, i, s), a), u)), n(t(e, p), o)
}function c(e, o, i, r, a, p, u) {return e = n(e, n(n(s(o, i, r), a), u)), n(t(e, p), o)
}function d(e) {for (var t, n = e.length, o = n + 8, i = (o - o % 64) / 64, r = 16 * (i + 1), s = new Array(r - 1), a = 0, p = 0; n > p;) {
t = (p - p % 4) / 4, a = p % 4 * 8, s[t] = s[t] | e.charCodeAt(p) << a, p++
}return t = (p - p % 4) / 4, a = p % 4 * 8, s[t] = s[t] | 128 << a, s[r - 2] = n << 3, s[r - 1] = n >>> 29, s
}function l(e) {var t, n, o = "",
i = "";for (n = 0; 3 >= n; n++) {
t = e >>> 8 * n & 255, i = "0" + t.toString(16), o += i.substr(i.length - 2, 2)
}return o
}function f(e) {
e = e.replace(/\r\n/g, "\n");for (var t = "", n = 0; n < e.length; n++) {var o = e.charCodeAt(n);128 > o ? t += String.fromCharCode(o) : o > 127 && 2048 > o ? (t += String.fromCharCode(o >> 6 | 192), t += String.fromCharCode(63 & o | 128)) : (t += String.fromCharCode(o >> 12 | 224), t += String.fromCharCode(o >> 6 & 63 | 128), t += String.fromCharCode(63 & o | 128))
}return t
}var m, h, g, v, _, y, R, w, E, S = [],
O = 7,
b = 12,
T = 17,
q = 22,
A = 5,
x = 9,
C = 14,
N = 20,
J = 4,
k = 11,
L = 16,
D = 23,
I = 6,
P = 10,
F = 15,
j = 21;for (the_params_for_signing = f(the_params_for_signing), S = d(the_params_for_signing), y = 1732584193, R = 4023233417, w = 2562383102, E = 271733878, m = 0; m < S.length; m += 16) {
h = y, g = R, v = w, _ = E, y = a(y, R, w, E, S[m + 0], O, 3614090360), E = a(E, y, R, w, S[m + 1], b, 3905402710), w = a(w, E, y, R, S[m + 2], T, 606105819), R = a(R, w, E, y, S[m + 3], q, 3250441966), y = a(y, R, w, E, S[m + 4], O, 4118548399), E = a(E, y, R, w, S[m + 5], b, 1200080426), w = a(w, E, y, R, S[m + 6], T, 2821735955), R = a(R, w, E, y, S[m + 7], q, 4249261313), y = a(y, R, w, E, S[m + 8], O, 1770035416), E = a(E, y, R, w, S[m + 9], b, 2336552879), w = a(w, E, y, R, S[m + 10], T, 4294925233), R = a(R, w, E, y, S[m + 11], q, 2304563134), y = a(y, R, w, E, S[m + 12], O, 1804603682), E = a(E, y, R, w, S[m + 13], b, 4254626195), w = a(w, E, y, R, S[m + 14], T, 2792965006), R = a(R, w, E, y, S[m + 15], q, 1236535329), y = p(y, R, w, E, S[m + 1], A, 4129170786), E = p(E, y, R, w, S[m + 6], x, 3225465664), w = p(w, E, y, R, S[m + 11], C, 643717713), R = p(R, w, E, y, S[m + 0], N, 3921069994), y = p(y, R, w, E, S[m + 5], A, 3593408605), E = p(E, y, R, w, S[m + 10], x, 38016083), w = p(w, E, y, R, S[m + 15], C, 3634488961), R = p(R, w, E, y, S[m + 4], N, 3889429448), y = p(y, R, w, E, S[m + 9], A, 568446438), E = p(E, y, R, w, S[m + 14], x, 3275163606), w = p(w, E, y, R, S[m + 3], C, 4107603335), R = p(R, w, E, y, S[m + 8], N, 1163531501), y = p(y, R, w, E, S[m + 13], A, 2850285829), E = p(E, y, R, w, S[m + 2], x, 4243563512), w = p(w, E, y, R, S[m + 7], C, 1735328473), R = p(R, w, E, y, S[m + 12], N, 2368359562), y = u(y, R, w, E, S[m + 5], J, 4294588738), E = u(E, y, R, w, S[m + 8], k, 2272392833), w = u(w, E, y, R, S[m + 11], L, 1839030562), R = u(R, w, E, y, S[m + 14], D, 4259657740), y = u(y, R, w, E, S[m + 1], J, 2763975236), E = u(E, y, R, w, S[m + 4], k, 1272893353), w = u(w, E, y, R, S[m + 7], L, 4139469664), R = u(R, w, E, y, S[m + 10], D, 3200236656), y = u(y, R, w, E, S[m + 13], J, 681279174), E = u(E, y, R, w, S[m + 0], k, 3936430074), w = u(w, E, y, R, S[m + 3], L, 3572445317), R = u(R, w, E, y, S[m + 6], D, 76029189), y = u(y, R, w, E, S[m + 9], J, 3654602809), E = u(E, y, R, w, S[m + 12], k, 3873151461), w = u(w, E, y, R, S[m + 15], L, 530742520), R = u(R, w, E, y, S[m + 2], D, 3299628645), y = c(y, R, w, E, S[m + 0], I, 4096336452), E = c(E, y, R, w, S[m + 7], P, 1126891415), w = c(w, E, y, R, S[m + 14], F, 2878612391), R = c(R, w, E, y, S[m + 5], j, 4237533241), y = c(y, R, w, E, S[m + 12], I, 1700485571), E = c(E, y, R, w, S[m + 3], P, 2399980690), w = c(w, E, y, R, S[m + 10], F, 4293915773), R = c(R, w, E, y, S[m + 1], j, 2240044497), y = c(y, R, w, E, S[m + 8], I, 1873313359), E = c(E, y, R, w, S[m + 15], P, 4264355552), w = c(w, E, y, R, S[m + 6], F, 2734768916), R = c(R, w, E, y, S[m + 13], j, 1309151649), y = c(y, R, w, E, S[m + 4], I, 4149444226), E = c(E, y, R, w, S[m + 11], P, 3174756917), w = c(w, E, y, R, S[m + 2], F, 718787259), R = c(R, w, E, y, S[m + 9], j, 3951481745), y = n(y, h), R = n(R, g), w = n(w, v), E = n(E, _)
}var H = l(y) + l(R) + l(w) + l(E);return H.toLowerCase()
}#!/usr/bin/env python# -*- coding:utf-8 -*-import js2pyimport osimport threading
mutex = threading.Lock()# with open(r"D:\taobao_sign.js", encoding='utf-8') as f:cx = f.read()
context = js2py.EvalJs()
context.execute(cx)def get_sign(_m_h6_tk_first, time_dd, data):with open(r"D:\taobao_sign.js", encoding='utf-8') as f:
cx = f.read()
ctx = execjs.compile(cx)
sign_str = _m_h6_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data
sign = ctx.call("get_sign_demo", sign_str)
print("sign : ", sign)
mutex.acquire()
context = js2py.EvalJs()
context.execute(cx)
sign_str = _m_h6_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data
sign = context.get_sign_demo(sign_str)# mutex.release()return sign感謝各位的閱讀,以上就是“淘寶h5頁面的sign加密算法是怎么用的”的內容了,經過本文的學習后,相信大家對淘寶h5頁面的sign加密算法是怎么用的這一問題有了更深刻的體會,具體使用情況還需要大家實踐驗證。這里是億速云,小編將為大家推送更多相關知識點的文章,歡迎關注!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
