如何认证 · 开发者平台

此认证只适用于此wintelapi接口

如何使用

需要在http请求头中添加如下字段

X-WSSE:UsernameToken Username="420110002",PasswordDigest="FXxvCwZ7RO0sOL4HBhAQ7JKldyY=",Nonce="NzI0Y2NmOTAzZjc1OWRkMg==",Created="1372834488"

字段说明

X-WSSE
http请求头的键名（大小写无关）
UsernameToken
固定字符串，后面添加一个空格
Username="420110002"
=后面的值为企业代码（企业账号的唯一标识），引号为必需的，后续再添加一个英文逗号
PasswordDigest="FXxvCwZ7RO0sOL4HBhAQ7JKldyY="
密码摘要，计算方式如下：
```
base64_encode(sha1(base64_decode($nonce).$created.$secret, true))
```
其中 $nonce 为任意的随机数，每次请求可以固定，也可以每次都不一样、 $created 为当前请求的时间的时间戳、 $secret 为企业账号对应的密码（系统提供）， base64_decode 为base64加密， sha1 为sha1哈希加密，引号为必需的，后续再添加一个英文逗号
Nonce="NzI0Y2NmOTAzZjc1OWRkMg=="
随机字符串，引号为必需的，后续再添加一个英文逗号
Created="1372834488"
当前请求的时间的时间戳，引号为必需的

例子

PHP

$url = "http://...";//接口地址
$params = "vcc_code=test&start_date=2014-06-16 20:10:20&end_date=2014-06-16 6:10:10";
$method = 'post';
$nonce = "123456"; //随机数
$Created = "123456"; //当前时间的时间戳
$secret ="28395dfd93640d760c36cb858b4277de"; //账号对应的密码
$username = "8015012701"; //企业代码vcc_code
$PasswordDigest = base64_encode(sha1(base64_decode($nonce).$Created.$secret, true));
$wsse = 'UsernameToken Username="'.$username.'",PasswordDigest="'.$PasswordDigest.'", Nonce="'.$nonce.'", Created="'.$Created.'"';
$header = array("X-WSSE"=>$wsse);

function request($url, $params, $method, $my_header)
{
    /* 开始一个新会话 */
    $curl_session = curl_init();

    /* 基本设置 */
    curl_setopt($curl_session, CURLOPT_FORBID_REUSE, true); // 处理完后，关闭连接，释放资源
    curl_setopt($curl_session, CURLOPT_HEADER, true);//结果中包含头部信息
    curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, true);//把结果返回，而非直接输出
    curl_setopt($curl_session, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);//采用1.0版的HTTP协议
    $url_parts = parse_raw_url($url); //处理URL
    $header = array();
    /* 设置主机 */
    $header[] = 'Host: ' . $url_parts['host'];
    /* 格式化自定义头部信息 */
    if ($my_header && is_array($my_header))
    {
        foreach ($my_header AS $key => $value)
        {
            $header[] = $key . ': ' . $value;
        }
    }

    if ($method === 'GET')
    {
        curl_setopt($curl_session, CURLOPT_HTTPGET, true);
        $url .= $params ? '?' . $params : '';
    }
    else
    {
        curl_setopt($curl_session, CURLOPT_POST, true);
        $header[] = 'Content-Type: application/x-www-form-urlencoded';
        $header[] = 'Content-Length: ' . strlen($params);
        curl_setopt($curl_session, CURLOPT_POSTFIELDS, $params);
    }

    /* 设置请求地址 */
    curl_setopt($curl_session, CURLOPT_URL, $url);
    /* 设置头部信息 */
    curl_setopt($curl_session, CURLOPT_HTTPHEADER, $header);
    /* 发送请求 */
    $http_response = curl_exec($curl_session);

    if (curl_errno($curl_session) != 0)
    {
        return false;
    }
    $separator = '/\r\n\r\n|\n\n|\r\r/';
    list($http_header, $http_body) = preg_split($separator, $http_response, 2);

    $http_response = array('header' => $http_header,//肯定有值
                           'body'   => $http_body); //可能为空
    curl_close($curl_session);
    return $http_response;
}

function parse_raw_url($raw_url)
{
    $retval   = array();
    $raw_url  = (string) $raw_url;
    if (strpos($raw_url, '://') === false)
    {
      $raw_url = 'http://' . $raw_url;
    }
    $retval = parse_url($raw_url);
    if (!isset($retval['path']))
    {
      $retval['path'] = '/';
    }
    if (!isset($retval['port']))
    {
      $retval['port'] = '80';
    }
    return $retval;
}

JAVA

package Hi;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class httpdemo {

    public static void main(String[] args) throws Exception
    {
        HttpClient client = new HttpClient();
        client.getHostConfiguration().setHost("接口地址", 80, "http");
        HttpMethod method = getPostMethod();
        client.executeMethod(method);
        System.out.println(method.getStatusLine());
        String response =   new String(method.getResponseBodyAsString().getBytes("utf-8"));
        System.out.println(response);
        method.releaseConnection();
    }

    public static String MD5(String str){
        MessageDigest md = null;
        byte[] message = null;
        try {
             md = MessageDigest.getInstance("MD5");
             message =  md.digest(str.getBytes());
        } catch (NoSuchAlgorithmException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return new BigInteger(1, message).toString(16);
    }

    public static String encode(String nonce, String created, String secret) throws Exception {
        MessageDigest md = MessageDigest.getInstance("SHA-1");
        md.reset();
        String decode = decryptBASE64(nonce)+created+secret;
        return new BASE64Encoder().encode(md.digest(decode.getBytes()));
    }
    public static String decryptBASE64(String key){
        BASE64Decoder decoder = new BASE64Decoder();
        try {
            return new String(decoder.decodeBuffer(key));
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return "";
    }
    private static HttpMethod getPostMethod() throws Exception {
        PostMethod post = new PostMethod("/wintelapi/web/callin");
        String Username = "420110002";
        String Nonce = "123456abc";
        String secret = "e10adc3949ba59abbe56e057f20f883e";
        String Created = "123456abc";
        String PasswordDigest = encode(Nonce,Created,secret);
        String headerValue = "UsernameToken Username=\""+ Username +"\",PasswordDigest=\""+PasswordDigest+"\",Nonce=\""+Nonce+"\",Created=\""+Created+"\"";
        post.setRequestHeader("X-WSSE",headerValue);
        String test = "{\"filter\":{\"start_time\":\"2014-05-06 00:00:00\"}}";
        NameValuePair model0 = new NameValuePair("vcc_code","420110002");
        NameValuePair model1 = new NameValuePair("start_date","2014-10-10 00:00:00");
        post.setRequestBody(new NameValuePair[] { model0,model1});
        return post;
    }
}

认证失败返回结果

字段	说明
code	结果编码
message	结果说明

结果编码说明

code	说明
900	认证失败；用户名密码不对应
901	请求头缺少项:x-wsse,或格式错误