python 的hmac与php的hash_hmac的签名校验
引入库:from urllib import quote, urlencode
import urllib2
import time
import uuid
import hmac, hashlib
关键代码:
items=request.params.get('items','')
gid=request.params.get('gid','')
platform=request.params.get('platform','')
game=request.params.get('app','')
sig=request.params.get('sig','')
KEY = 'dX^&c' #双方规定的密钥
params={'items':items}
params = urllib.urlencode(params) #url转码
params=params+'&gid=%s&platform=%s&app=%s' % (gid,platform,game)#拼凑对接字符串
h = hmac.new(KEY, params, hashlib.sha1)
s = h.digest()
signature = s.encode('base64').rstrip() #生成签名
if sig != signature: #判断双方签名
ret['ret']= 3
ret['msg']='sig not match'
return ujson.dumps(ret)
页:
[1]