I am using crossbar HTTP bridge service caller to use a registered RPC. But when I issue the HTTP POST message, I get 'invalid request signature' as the response.
According to http://crossbar.io/docs/HTTP-Bridge-Services-Caller/, the
The signature computed as the Base64 encoding of the following value: HMAC[SHA256]_{secret} (key | timestamp | seq | nonce | body)
How to do the concatenation correctly? I tried both with and without character | and spaces.
section of the crossbar config.json file for signed requests:
"call-signed": {
"type": "caller",
"realm": "realm1",
"role": "anonymous",
"options": {
"key": "foobar",
"secret": "secret",
"post_body_limit": 0,
"timestamp_delta_limit": 0,
"require_ip": [
"127.0.0.1"
],
"require_tls": false,
"debug": true
}
}
python code to send requests:
import hmac
import hashlib
import base64
import requests
import json
key = "foobar"
timestamp = "2011-10-14T16:59:51.123Z"
seq = "0"
nonce = "22"
# construct body
args = [1, 3, 2]
kwargs = None
options = None
proc = 'com.myapp.func'
payload = {"procedure": proc}
if args:
payload['args'] = list(args)
if kwargs:
payload['kwargs'] = dict(kwargs)
body = payload
body = json.dumps(body)
# construct signature
# (key | timestamp | seq | nonce | body)
message = key + "" + timestamp + "" + seq + "" + nonce + "" + body
print message
secret = "secret"
signature = base64.b64encode(hmac.new(secret, msg=message, digestmod=hashlib.sha256).digest())
print signature
# HTTP POST
url = "http://127.0.0.1:8080/call-signed?" + \
"seq=" + seq + \
"&key=" + key + \
"&nonce=" + nonce + \
"&signature=" + signature + \
"×tamp=" + timestamp
headers = {'content-type': 'application/json'}
s = requests.Session()
r = s.post(url, data=body, headers=headers)
print r.text
