protected override Uri ProcessRequestUrl(UriBuilder url, Dictionary <string, object> payload, string method)
{
if (CanMakeAuthenticatedRequest(payload))
{
// must sort case sensitive
var dict = new SortedDictionary <string, object>(StringComparer.Ordinal)
{
["Timestamp"] = CryptoUtility.UnixTimeStampToDateTimeMilliseconds(payload["nonce"].ConvertInvariant <long>()).ToString("s"),
["AccessKeyId"] = PublicApiKey.ToUnsecureString(),
["SignatureMethod"] = "HmacSHA256",
["SignatureVersion"] = "2"
};
if (method == "GET")
{
foreach (var kv in payload)
{
dict.Add(kv.Key, kv.Value);
}
}
string msg = CryptoUtility.GetFormForPayload(dict, false, false, false);
string toSign = $"{method}\n{url.Host}\n{url.Path}\n{msg}";
// calculate signature
var sign = CryptoUtility.SHA256SignBase64(toSign, PrivateApiKey.ToUnsecureBytesUTF8()).UrlEncode();
// append signature to end of message
msg += $"&Signature={sign}";
url.Query = msg;
}
return(url.Uri);
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
string payloadForm = CryptoUtility.GetFormForPayload(payload, false);
request.AddHeader("API-Key", PublicApiKey.ToUnsecureString());
request.AddHeader("Sign", CryptoUtility.SHA256Sign(payloadForm, PrivateApiKey.ToUnsecureBytesUTF8()).ToUpperInvariant());
await request.WriteToRequestAsync(payloadForm);
}
}
protected override Uri ProcessRequestUrl(UriBuilder url, Dictionary <string, object> payload, string method)
{
if (CanMakeAuthenticatedRequest(payload))
{
/*
* 基于安全考虑,除行情API 外的 API 请求都必须进行签名运算。一个合法的请求由以下几部分组成:
* 方法请求地址 即访问服务器地址:api.huobi.pro,api.hadax.com或者api.dm.huobi.br.com后面跟上方法名,比如api.huobi.pro/v1/order/orders。
* API 访问密钥(AccessKeyId) 您申请的 APIKEY 中的AccessKey。
* 签名方法(SignatureMethod) 用户计算签名的基于哈希的协议,此处使用 HmacSHA256。
* 签名版本(SignatureVersion) 签名协议的版本,此处使用2。
* 时间戳(DateTime) 您发出请求的时间 (UTC 时区) (UTC 时区) (UTC 时区) 。在查询请求中包含此值有助于防止第三方截取您的请求。如:2017-05-11T16:22:06。再次强调是 (UTC 时区) 。
* 必选和可选参数 每个方法都有一组用于定义 API 调用的必需参数和可选参数。可以在每个方法的说明中查看这些参数及其含义。 请一定注意:对于GET请求,每个方法自带的参数都需要进行签名运算; 对于POST请求,每个方法自带的参数不进行签名认证,即POST请求中需要进行签名运算的只有AccessKeyId、SignatureMethod、SignatureVersion、Timestamp四个参数,其它参数放在body中。
* 签名 签名计算得出的值,用于确保签名有效和未被篡改。
*/
// must sort case sensitive
var dict = new SortedDictionary <string, object>(StringComparer.Ordinal)
{
["DateTime"] =
CryptoUtility.UnixTimeStampToDateTimeMilliseconds(payload["nonce"].ConvertInvariant <long>())
.ToString("s"),
//这里的逻辑是生成一个随机数,然后把这个随机数转成正常的日期。然后转成UTC时间 带T的那种 。有点脱了裤子放屁的感觉。
["AccessKeyId"] = PublicApiKey.ToUnsecureString(),
["SignatureMethod"] = "HmacSHA256",
["SignatureVersion"] = "2"
};
if (method == "GET") //只有get需要验证参数内的内容
{
foreach (var kv in payload)
{
dict.Add(kv.Key, kv.Value);
}
}
string msg = dict.GetFormForPayload(false, false, false);
string toSign = $"{method}\n{url.Host}\n{url.Path}\n{msg}";
// calculate signature
var sign = CryptoUtility.SHA256SignBase64(toSign, PrivateApiKey.ToUnsecureBytesUTF8()).UrlEncode();
// append signature to end of message
msg += $"&Signature={sign}";
url.Query = msg;
}
return(url.Uri);
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (payload == null || request.Method == "GET")
{
return;
}
string secret = this.PrivateApiKey.ToUnsecureString();
payload.Add("secret_key", secret);
string body = CryptoUtility.GetFormForPayload(payload);
string sign = CryptoUtility.MD5Sign(body, PrivateApiKey.ToUnsecureBytesUTF8());
payload.Remove("secret_key");
payload.Add("sign", sign);
body = payload.GetFormForPayload();
await CryptoUtility.WriteToRequestAsync(request, body);
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
var signature = string.Empty;
payload.Add("key", PublicApiKey.ToUnsecureString());
var jsonContent = payload.GetJsonForPayload();
if (!string.IsNullOrEmpty(jsonContent))
{
signature = CryptoUtility.SHA512Sign(jsonContent, PrivateApiKey.ToUnsecureBytesUTF8()).ToLowerInvariant();
}
request.AddHeader("Hash", signature);
var content = jsonContent.ToBytesUTF8();
await request.WriteAllAsync(content, 0, content.Length);
}
}