In order to verify the data coming from the Google Safe Browsing API, you can calculate a Message Authentication Code (MAC) for each update. The instructions to do this (from Google) are:
为了验证来自Google Safe Browsing API的数据,您可以为每次更新计算邮件验证代码(MAC)。执行此操作的说明(来自Google)包括:
The MAC is computed from an MD5 Digest over the following information: client_key|separator|table data|separator|client_key. The separator is the string:coolgoog: - that is a colon followed by "coolgoog" followed by a colon. The resulting 128-bit MD5 digest is websafe base-64 encoded.
通过以下信息从MD5摘要计算MAC:client_key | separator | table data | separator | client_key。分隔符是字符串:coolgoog: - 这是一个冒号,后跟“coolgoog”,然后是冒号。得到的128位MD5摘要是网络安全base-64编码。
There's also example data to check against:
还有一些要检查的示例数据:
client key: "8eirwN1kTwCzgWA2HxTaRQ=="
response:
[goog-black-hash 1.180 update][mac=dRalfTU+bXwUhlk0NCGJtQ==]
+8070465bdf3b9c6ad6a89c32e8162ef1
+86fa593a025714f89d6bc8c9c5a191ac
+bbbd7247731cbb7ec1b3a5814ed4bc9d
*Note that there are tabs at the end of each line.
I'm unable to get a match. Please either point out where I'm going wrong, or just write the couple of lines of Python code necessary to do this!
我无法得到一场比赛。请指出我出错的地方,或者只写几行必要的Python代码!
FWIW, I expected to be able to do something like this:
FWIW,我希望能够做到这样的事情:
>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ=="
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'qfb50mxpHrS82yTofPkcEg==\n'
But as you can see, 'qfb50mxpHrS82yTofPkcEg==\n' != 'dRalfTU+bXwUhlk0NCGJtQ=='.
但正如你所看到的,'qfb50mxpHrS82yTofPkcEg == \ n'!='dRalfTU + bXwUhlk0NCGJtQ =='。
2 个解决方案
#1
1
c="8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')
#2
2
Anders' answer gives the necessary information, but isn't that clear: the client key needs to be decoded before it is combined. (The example above is also missing a newline at the end of the final table data).
Anders的回答提供了必要的信息,但不是那么清楚:客户端密钥需要在组合之前进行解码。 (上面的示例也缺少最终表数据末尾的换行符)。
So the working code is:
所以工作代码是:
>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t\n"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'dRalfTU+bXwUhlk0NCGJtQ==\n'
#1
1
c="8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')
#2
2
Anders' answer gives the necessary information, but isn't that clear: the client key needs to be decoded before it is combined. (The example above is also missing a newline at the end of the final table data).
Anders的回答提供了必要的信息,但不是那么清楚:客户端密钥需要在组合之前进行解码。 (上面的示例也缺少最终表数据末尾的换行符)。
So the working code is:
所以工作代码是:
>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t\n"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'dRalfTU+bXwUhlk0NCGJtQ==\n'