Optional Huobi’s auth private key signature param

This is a security feature that was introduced briefly, where you were required to upload a public key while generating your api keys, and for authentication you had to use your private keys to sign the request and send it through this “PrivateSignature” param. This security feature was rolled back and it is not mentioned anymore in Huobi’s documentation. For backwards compatibility purposes we should still keep this feature though, they still seem to accept this parameter, I guess if you have one of this old api keys, that was generated with a given public key, you still have to send it.
2026-05-13 23:16:45 +00:00 · 2018-09-29 19:25:38 -03:00
parent a2c5123c9e
commit 0fdf76d264
5 changed files with 30 additions and 22 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -123,6 +123,7 @@ type ExchangeConfig struct {
 	AuthenticatedAPISupport   bool                      `json:"authenticatedApiSupport"`
 	APIKey                    string                    `json:"apiKey"`
 	APISecret                 string                    `json:"apiSecret"`
+	APIAuthPEMKeySupport      bool                      `json:"apiAuthPemKeySupport,omitempty"`
 	APIAuthPEMKey             string                    `json:"apiAuthPemKey,omitempty"`
 	APIURL                    string                    `json:"apiUrl"`
 	APIURLSecondary           string                    `json:"apiUrlSecondary"`
--- a/config_example.json
+++ b/config_example.json
@@ -748,6 +748,7 @@
   "authenticatedApiSupport": false,
   "apiKey": "Key",
   "apiSecret": "Secret",
+   "apiAuthPemKeySupport": false,
   "apiAuthPemKey": "-----BEGIN EC PRIVATE KEY-----\nJUSTADUMMY\n-----END EC PRIVATE KEY-----\n",
   "apiUrl": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API",
   "apiUrlSecondary": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API",
@@ -787,6 +788,7 @@
   "authenticatedApiSupport": false,
   "apiKey": "Key",
   "apiSecret": "Secret",
+   "apiAuthPemKeySupport": false,
   "apiAuthPemKey": "-----BEGIN EC PRIVATE KEY-----\nJUSTADUMMY\n-----END EC PRIVATE KEY-----\n",
   "apiUrl": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API",
   "apiUrlSecondary": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API",
@@ -1297,4 +1299,4 @@
   "supportedExchanges": "ANX,Kraken"
  }
 ]
-}
+}
--- a/exchanges/exchange.go
+++ b/exchanges/exchange.go
@@ -92,6 +92,7 @@ type Base struct {
 	Websocket                                  bool
 	RESTPollingDelay                           time.Duration
 	AuthenticatedAPISupport                    bool
+	APIAuthPEMKeySupport                       bool
 	APISecret, APIKey, APIAuthPEMKey, ClientID string
 	Nonce                                      nonce.Nonce
 	TakerFee, MakerFee, Fee                    float64
--- a/exchanges/huobi/huobi.go
+++ b/exchanges/huobi/huobi.go
@@ -93,6 +93,7 @@ func (h *HUOBI) Setup(exch config.ExchangeConfig) {
 		h.Enabled = true
 		h.AuthenticatedAPISupport = exch.AuthenticatedAPISupport
 		h.SetAPIKeys(exch.APIKey, exch.APISecret, "", false)
+		h.APIAuthPEMKeySupport = exch.APIAuthPEMKeySupport
 		h.APIAuthPEMKey = exch.APIAuthPEMKey
 		h.SetHTTPClientTimeout(exch.HTTPTimeout)
 		h.SetHTTPClientUserAgent(exch.HTTPUserAgent)
@@ -757,31 +758,33 @@ func (h *HUOBI) SendAuthenticatedHTTPRequest(method, endpoint string, values url
 	signature := common.Base64Encode(hmac)
 	values.Set("Signature", signature)

-	pemKey := strings.NewReader(h.APIAuthPEMKey)
-	pemBytes, err := ioutil.ReadAll(pemKey)
-	if err != nil {
-		return fmt.Errorf("Huobi unable to ioutil.ReadAll PEM key: %s", err)
-	}
+	if h.APIAuthPEMKeySupport == true {
+		pemKey := strings.NewReader(h.APIAuthPEMKey)
+		pemBytes, err := ioutil.ReadAll(pemKey)
+		if err != nil {
+			return fmt.Errorf("Huobi unable to ioutil.ReadAll PEM key: %s", err)
+		}

-	block, _ := pem.Decode(pemBytes)
-	if block == nil {
-		return fmt.Errorf("Huobi block is nil")
-	}
+		block, _ := pem.Decode(pemBytes)
+		if block == nil {
+			return fmt.Errorf("Huobi block is nil")
+		}

-	x509Encoded := block.Bytes
-	privKey, err := x509.ParseECPrivateKey(x509Encoded)
-	if err != nil {
-		return fmt.Errorf("Huobi unable to ParseECPrivKey: %s", err)
-	}
+		x509Encoded := block.Bytes
+		privKey, err := x509.ParseECPrivateKey(x509Encoded)
+		if err != nil {
+			return fmt.Errorf("Huobi unable to ParseECPrivKey: %s", err)
+		}

-	r, s, err := ecdsa.Sign(rand.Reader, privKey, common.GetSHA256([]byte(signature)))
-	if err != nil {
-		return fmt.Errorf("Huobi unable to sign: %s", err)
-	}
+		r, s, err := ecdsa.Sign(rand.Reader, privKey, common.GetSHA256([]byte(signature)))
+		if err != nil {
+			return fmt.Errorf("Huobi unable to sign: %s", err)
+		}

-	privSig := r.Bytes()
-	privSig = append(privSig, s.Bytes()...)
-	values.Set("PrivateSignature", common.Base64Encode(privSig))
+		privSig := r.Bytes()
+		privSig = append(privSig, s.Bytes()...)
+		values.Set("PrivateSignature", common.Base64Encode(privSig))
+	}

 	url := fmt.Sprintf("%s%s", h.APIUrl, endpoint)
 	url = common.EncodeURLValues(url, values)
--- a/exchanges/huobihadax/huobihadax.go
+++ b/exchanges/huobihadax/huobihadax.go
@@ -88,6 +88,7 @@ func (h *HUOBIHADAX) Setup(exch config.ExchangeConfig) {
 		h.Enabled = true
 		h.AuthenticatedAPISupport = exch.AuthenticatedAPISupport
 		h.SetAPIKeys(exch.APIKey, exch.APISecret, "", false)
+		h.APIAuthPEMKeySupport = exch.APIAuthPEMKeySupport
 		h.APIAuthPEMKey = exch.APIAuthPEMKey
 		h.SetHTTPClientTimeout(exch.HTTPTimeout)
 		h.SetHTTPClientUserAgent(exch.HTTPUserAgent)