protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload) { // Only Private APIs are POST and need Authorization if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST") { string requestContentBase64String = string.Empty; string nonce = payload["nonce"] as string; payload.Remove("nonce"); string jsonContent = CryptoUtility.GetJsonForPayload(payload); if (!String.IsNullOrEmpty(jsonContent)) { using (MD5 md5 = MD5.Create()) { requestContentBase64String = Convert.ToBase64String(md5.ComputeHash(Encoding.UTF8.GetBytes(jsonContent))); } } else { request.ContentLength = 0; } string baseSig = string.Concat(PublicApiKey.ToUnsecureString(), request.Method, Uri.EscapeDataString(request.RequestUri.AbsoluteUri).ToLower(), nonce, requestContentBase64String); string signature = CryptoUtility.SHA256SignBase64(baseSig, Convert.FromBase64String(PrivateApiKey.ToUnsecureString())); request.Headers.Add(HttpRequestHeader.Authorization, string.Format("amx {0}:{1}:{2}", PublicApiKey.ToUnsecureString(), signature, nonce)); // Cryptopia is very picky on how the payload is passed. There might be a better way to do this, but this works... using (Stream stream = await request.GetRequestStreamAsync()) { byte[] content = Encoding.UTF8.GetBytes(jsonContent); stream.Write(content, 0, content.Length); } } }
protected override Uri ProcessRequestUrl(UriBuilder url, Dictionary <string, object> payload, string method) { if (CanMakeAuthenticatedRequest(payload)) { if (!payload.ContainsKey("method")) { return(url.Uri); } method = payload["method"].ToStringInvariant(); payload.Remove("method"); var dict = new Dictionary <string, object> { ["Timestamp"] = DateTime.UtcNow.ToString("s"), ["AccessKeyId"] = PublicApiKey.ToUnsecureString(), ["SignatureMethod"] = "HmacSHA256", ["SignatureVersion"] = "2" }; string msg = null; if (method == "GET") { dict = dict.Concat(payload).ToDictionary(x => x.Key, x => x.Value); } msg = CryptoUtility.GetFormForPayload(dict, false); // must sort case sensitive msg = string.Join("&", new SortedSet <string>(msg.Split('&'), StringComparer.Ordinal)); StringBuilder sb = new StringBuilder(); sb.Append(method).Append("\n") .Append(url.Host).Append("\n") .Append(url.Path).Append("\n") .Append(msg); var sig = CryptoUtility.SHA256SignBase64(sb.ToString(), PrivateApiKey.ToBytes()); msg += "&Signature=" + Uri.EscapeDataString(sig); url.Query = msg; } return(url.Uri); }
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload) { if (CanMakeAuthenticatedRequest(payload)) { // gdax is funny and wants a seconds double for the nonce, weird... we convert it to double and back to string invariantly to ensure decimal dot is used and not comma string timestamp = payload["nonce"].ToStringInvariant(); payload.Remove("nonce"); string form = CryptoUtility.GetJsonForPayload(payload); byte[] secret = CryptoUtility.ToBytesBase64Decode(PrivateApiKey); string toHash = timestamp + request.Method.ToUpper() + request.RequestUri.PathAndQuery + form; string signatureBase64String = CryptoUtility.SHA256SignBase64(toHash, secret); secret = null; toHash = null; request.Headers["CB-ACCESS-KEY"] = PublicApiKey.ToUnsecureString(); request.Headers["CB-ACCESS-SIGN"] = signatureBase64String; request.Headers["CB-ACCESS-TIMESTAMP"] = timestamp; request.Headers["CB-ACCESS-PASSPHRASE"] = CryptoUtility.ToUnsecureString(Passphrase); await CryptoUtility.WriteToRequestAsync(request, form); } }
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload) { if (CanMakeAuthenticatedRequest(payload)) { payload.Remove("nonce"); string body = CryptoUtility.GetJsonForPayload(payload); string timestamp = ((int)DateTime.UtcNow.UnixTimestampFromDateTimeSeconds()).ToStringInvariant(); string msg = timestamp + request.Method + request.RequestUri.PathAndQuery + (request.Method.Equals("POST") ? body : string.Empty); string sign = CryptoUtility.SHA256SignBase64(msg, CryptoUtility.ToBytesBase64Decode(PrivateApiKey)); request.Headers["AC-ACCESS-KEY"] = CryptoUtility.ToUnsecureString(PublicApiKey); request.Headers["AC-ACCESS-SIGN"] = sign; request.Headers["AC-ACCESS-TIMESTAMP"] = timestamp; request.Headers["AC-ACCESS-PASSPHRASE"] = CryptoUtility.ToUnsecureString(Passphrase); if (request.Method == "POST") { await CryptoUtility.WriteToRequestAsync(request, body); } } }