From 0fdf76d26438a32875b879c554fe52068066bf03 Mon Sep 17 00:00:00 2001 From: herenow Date: Sat, 29 Sep 2018 19:25:38 -0300 Subject: [PATCH] =?UTF-8?q?Optional=20Huobi=E2=80=99s=20auth=20private=20k?= =?UTF-8?q?ey=20signature=20param?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a security feature that was introduced briefly, where you were required to upload a public key while generating your api keys, and for authentication you had to use your private keys to sign the request and send it through this “PrivateSignature” param. This security feature was rolled back and it is not mentioned anymore in Huobi’s documentation. For backwards compatibility purposes we should still keep this feature though, they still seem to accept this parameter, I guess if you have one of this old api keys, that was generated with a given public key, you still have to send it. --- config/config.go | 1 + config_example.json | 4 ++- exchanges/exchange.go | 1 + exchanges/huobi/huobi.go | 45 ++++++++++++++++-------------- exchanges/huobihadax/huobihadax.go | 1 + 5 files changed, 30 insertions(+), 22 deletions(-) diff --git a/config/config.go b/config/config.go index 1c4cedd2..6bd023d6 100644 --- a/config/config.go +++ b/config/config.go @@ -123,6 +123,7 @@ type ExchangeConfig struct { AuthenticatedAPISupport bool `json:"authenticatedApiSupport"` APIKey string `json:"apiKey"` APISecret string `json:"apiSecret"` + APIAuthPEMKeySupport bool `json:"apiAuthPemKeySupport,omitempty"` APIAuthPEMKey string `json:"apiAuthPemKey,omitempty"` APIURL string `json:"apiUrl"` APIURLSecondary string `json:"apiUrlSecondary"` diff --git a/config_example.json b/config_example.json index b9751cee..28ed43e9 100644 --- a/config_example.json +++ b/config_example.json @@ -748,6 +748,7 @@ "authenticatedApiSupport": false, "apiKey": "Key", "apiSecret": "Secret", + "apiAuthPemKeySupport": false, "apiAuthPemKey": "-----BEGIN EC PRIVATE KEY-----\nJUSTADUMMY\n-----END EC PRIVATE KEY-----\n", "apiUrl": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API", "apiUrlSecondary": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API", @@ -787,6 +788,7 @@ "authenticatedApiSupport": false, "apiKey": "Key", "apiSecret": "Secret", + "apiAuthPemKeySupport": false, "apiAuthPemKey": "-----BEGIN EC PRIVATE KEY-----\nJUSTADUMMY\n-----END EC PRIVATE KEY-----\n", "apiUrl": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API", "apiUrlSecondary": "NON_DEFAULT_HTTP_LINK_TO_EXCHANGE_API", @@ -1297,4 +1299,4 @@ "supportedExchanges": "ANX,Kraken" } ] -} \ No newline at end of file +} diff --git a/exchanges/exchange.go b/exchanges/exchange.go index 92f192aa..57124186 100644 --- a/exchanges/exchange.go +++ b/exchanges/exchange.go @@ -92,6 +92,7 @@ type Base struct { Websocket bool RESTPollingDelay time.Duration AuthenticatedAPISupport bool + APIAuthPEMKeySupport bool APISecret, APIKey, APIAuthPEMKey, ClientID string Nonce nonce.Nonce TakerFee, MakerFee, Fee float64 diff --git a/exchanges/huobi/huobi.go b/exchanges/huobi/huobi.go index 0b3b14c8..cf96520d 100644 --- a/exchanges/huobi/huobi.go +++ b/exchanges/huobi/huobi.go @@ -93,6 +93,7 @@ func (h *HUOBI) Setup(exch config.ExchangeConfig) { h.Enabled = true h.AuthenticatedAPISupport = exch.AuthenticatedAPISupport h.SetAPIKeys(exch.APIKey, exch.APISecret, "", false) + h.APIAuthPEMKeySupport = exch.APIAuthPEMKeySupport h.APIAuthPEMKey = exch.APIAuthPEMKey h.SetHTTPClientTimeout(exch.HTTPTimeout) h.SetHTTPClientUserAgent(exch.HTTPUserAgent) @@ -757,31 +758,33 @@ func (h *HUOBI) SendAuthenticatedHTTPRequest(method, endpoint string, values url signature := common.Base64Encode(hmac) values.Set("Signature", signature) - pemKey := strings.NewReader(h.APIAuthPEMKey) - pemBytes, err := ioutil.ReadAll(pemKey) - if err != nil { - return fmt.Errorf("Huobi unable to ioutil.ReadAll PEM key: %s", err) - } + if h.APIAuthPEMKeySupport == true { + pemKey := strings.NewReader(h.APIAuthPEMKey) + pemBytes, err := ioutil.ReadAll(pemKey) + if err != nil { + return fmt.Errorf("Huobi unable to ioutil.ReadAll PEM key: %s", err) + } - block, _ := pem.Decode(pemBytes) - if block == nil { - return fmt.Errorf("Huobi block is nil") - } + block, _ := pem.Decode(pemBytes) + if block == nil { + return fmt.Errorf("Huobi block is nil") + } - x509Encoded := block.Bytes - privKey, err := x509.ParseECPrivateKey(x509Encoded) - if err != nil { - return fmt.Errorf("Huobi unable to ParseECPrivKey: %s", err) - } + x509Encoded := block.Bytes + privKey, err := x509.ParseECPrivateKey(x509Encoded) + if err != nil { + return fmt.Errorf("Huobi unable to ParseECPrivKey: %s", err) + } - r, s, err := ecdsa.Sign(rand.Reader, privKey, common.GetSHA256([]byte(signature))) - if err != nil { - return fmt.Errorf("Huobi unable to sign: %s", err) - } + r, s, err := ecdsa.Sign(rand.Reader, privKey, common.GetSHA256([]byte(signature))) + if err != nil { + return fmt.Errorf("Huobi unable to sign: %s", err) + } - privSig := r.Bytes() - privSig = append(privSig, s.Bytes()...) - values.Set("PrivateSignature", common.Base64Encode(privSig)) + privSig := r.Bytes() + privSig = append(privSig, s.Bytes()...) + values.Set("PrivateSignature", common.Base64Encode(privSig)) + } url := fmt.Sprintf("%s%s", h.APIUrl, endpoint) url = common.EncodeURLValues(url, values) diff --git a/exchanges/huobihadax/huobihadax.go b/exchanges/huobihadax/huobihadax.go index 5fff626d..b2da9799 100644 --- a/exchanges/huobihadax/huobihadax.go +++ b/exchanges/huobihadax/huobihadax.go @@ -88,6 +88,7 @@ func (h *HUOBIHADAX) Setup(exch config.ExchangeConfig) { h.Enabled = true h.AuthenticatedAPISupport = exch.AuthenticatedAPISupport h.SetAPIKeys(exch.APIKey, exch.APISecret, "", false) + h.APIAuthPEMKeySupport = exch.APIAuthPEMKeySupport h.APIAuthPEMKey = exch.APIAuthPEMKey h.SetHTTPClientTimeout(exch.HTTPTimeout) h.SetHTTPClientUserAgent(exch.HTTPUserAgent)