From ede344b553a1076d70994ce6a7e237cb957fc4cf Mon Sep 17 00:00:00 2001 From: antlen Date: Sun, 7 Nov 2021 10:40:03 +0900 Subject: [PATCH] #402 - Secret key should be stored as a byte[] --- .../api/client/BinanceApiClientFactory.java | 39 ++++++++++++++++--- .../BinanceApiAsyncMarginRestClientImpl.java | 2 +- .../impl/BinanceApiAsyncRestClientImpl.java | 2 +- .../impl/BinanceApiMarginRestClientImpl.java | 2 +- .../client/impl/BinanceApiRestClientImpl.java | 2 +- .../impl/BinanceApiServiceGenerator.java | 5 ++- .../impl/BinanceApiSwapRestClientImpl.java | 2 +- .../security/AuthenticationInterceptor.java | 4 +- .../api/client/security/HmacSHA256Signer.java | 4 +- 9 files changed, 46 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/binance/api/client/BinanceApiClientFactory.java b/src/main/java/com/binance/api/client/BinanceApiClientFactory.java index 7ba5551bb..122102130 100755 --- a/src/main/java/com/binance/api/client/BinanceApiClientFactory.java +++ b/src/main/java/com/binance/api/client/BinanceApiClientFactory.java @@ -17,7 +17,7 @@ public class BinanceApiClientFactory { /** * Secret. */ - private String secret; + private byte[] secret; /** * Instantiates a new binance api client factory. @@ -25,7 +25,7 @@ public class BinanceApiClientFactory { * @param apiKey the API key * @param secret the Secret */ - private BinanceApiClientFactory(String apiKey, String secret) { + private BinanceApiClientFactory(String apiKey, byte[] secret) { this.apiKey = apiKey; this.secret = secret; BinanceApiConfig.useTestnet = false; @@ -40,7 +40,7 @@ private BinanceApiClientFactory(String apiKey, String secret) { * @param useTestnet true if endpoint is spot test network URL; false if endpoint is production spot API URL. * @param useTestnetStreaming true for spot test network websocket streaming; false for no streaming. */ - private BinanceApiClientFactory(String apiKey, String secret, boolean useTestnet, boolean useTestnetStreaming) { + private BinanceApiClientFactory(String apiKey, byte[] secret, boolean useTestnet, boolean useTestnetStreaming) { this(apiKey, secret); if (useTestnet) { BinanceApiConfig.useTestnet = true; @@ -55,10 +55,24 @@ private BinanceApiClientFactory(String apiKey, String secret, boolean useTestnet * * @return the binance api client factory */ - public static BinanceApiClientFactory newInstance(String apiKey, String secret) { + public static BinanceApiClientFactory newInstance(String apiKey, byte[] secret) { return new BinanceApiClientFactory(apiKey, secret); } + /** + * New instance. + * + * @param apiKey the API key + * @param secret the Secret + * + * @return the binance api client factory + * @deprecated use byte[] to store the secret + */ + @Deprecated + public static BinanceApiClientFactory newInstance(String apiKey, String secret) { + return newInstance(apiKey, secret.getBytes()); + } + /** * New instance with optional Spot Test Network endpoint. * @@ -69,10 +83,25 @@ public static BinanceApiClientFactory newInstance(String apiKey, String secret) * * @return the binance api client factory. */ - public static BinanceApiClientFactory newInstance(String apiKey, String secret, boolean useTestnet, boolean useTestnetStreaming) { + public static BinanceApiClientFactory newInstance(String apiKey, byte[] secret, boolean useTestnet, boolean useTestnetStreaming) { return new BinanceApiClientFactory(apiKey, secret, useTestnet, useTestnetStreaming); } + /** + * New instance with optional Spot Test Network endpoint. + * + * @param apiKey the API key + * @param secret the Secret + * @param useTestnet true if endpoint is spot test network URL; false if endpoint is production spot API URL. + * @param useTestnetStreaming true for spot test network websocket streaming; false for no streaming. + * + * @return the binance api client factory. + * @deprecated use byte[] to store the secret + */ + @Deprecated + public static BinanceApiClientFactory newInstance(String apiKey, String secret, boolean useTestnet, boolean useTestnetStreaming) { + return newInstance(apiKey, secret.getBytes(), useTestnet, useTestnetStreaming); + } /** * New instance without authentication. * diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiAsyncMarginRestClientImpl.java b/src/main/java/com/binance/api/client/impl/BinanceApiAsyncMarginRestClientImpl.java index d3e5c22f6..367229a3d 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiAsyncMarginRestClientImpl.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiAsyncMarginRestClientImpl.java @@ -22,7 +22,7 @@ public class BinanceApiAsyncMarginRestClientImpl implements BinanceApiAsyncMargi private final BinanceApiService binanceApiService; - public BinanceApiAsyncMarginRestClientImpl(String apiKey, String secret) { + public BinanceApiAsyncMarginRestClientImpl(String apiKey, byte[] secret) { binanceApiService = createService(BinanceApiService.class, apiKey, secret); } diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiAsyncRestClientImpl.java b/src/main/java/com/binance/api/client/impl/BinanceApiAsyncRestClientImpl.java index e6ea387b9..9d312730a 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiAsyncRestClientImpl.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiAsyncRestClientImpl.java @@ -42,7 +42,7 @@ public class BinanceApiAsyncRestClientImpl implements BinanceApiAsyncRestClient private final BinanceApiService binanceApiService; - public BinanceApiAsyncRestClientImpl(String apiKey, String secret) { + public BinanceApiAsyncRestClientImpl(String apiKey, byte[] secret) { binanceApiService = createService(BinanceApiService.class, apiKey, secret); } diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiMarginRestClientImpl.java b/src/main/java/com/binance/api/client/impl/BinanceApiMarginRestClientImpl.java index 959fa2a5f..20d158234 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiMarginRestClientImpl.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiMarginRestClientImpl.java @@ -21,7 +21,7 @@ public class BinanceApiMarginRestClientImpl implements BinanceApiMarginRestClien private final BinanceApiService binanceApiService; - public BinanceApiMarginRestClientImpl(String apiKey, String secret) { + public BinanceApiMarginRestClientImpl(String apiKey, byte[] secret) { binanceApiService = createService(BinanceApiService.class, apiKey, secret); } diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiRestClientImpl.java b/src/main/java/com/binance/api/client/impl/BinanceApiRestClientImpl.java index c80c7a06d..8f2b465cb 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiRestClientImpl.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiRestClientImpl.java @@ -23,7 +23,7 @@ public class BinanceApiRestClientImpl implements BinanceApiRestClient { private final BinanceApiService binanceApiService; - public BinanceApiRestClientImpl(String apiKey, String secret) { + public BinanceApiRestClientImpl(String apiKey, byte[] secret) { binanceApiService = createService(BinanceApiService.class, apiKey, secret); } diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiServiceGenerator.java b/src/main/java/com/binance/api/client/impl/BinanceApiServiceGenerator.java index dec8d3047..87ec3ffcf 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiServiceGenerator.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiServiceGenerator.java @@ -7,6 +7,7 @@ import okhttp3.Dispatcher; import okhttp3.OkHttpClient; import okhttp3.ResponseBody; +import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import retrofit2.Call; import retrofit2.Converter; @@ -54,7 +55,7 @@ public static S createService(Class serviceClass) { * * @return a new implementation of the API endpoints for the Binance API service. */ - public static S createService(Class serviceClass, String apiKey, String secret) { + public static S createService(Class serviceClass, String apiKey, byte[] secret) { String baseUrl = null; if (!BinanceApiConfig.useTestnet) { baseUrl = BinanceApiConfig.getApiBaseUrl(); } else { @@ -67,7 +68,7 @@ public static S createService(Class serviceClass, String apiKey, String s .baseUrl(baseUrl) .addConverterFactory(converterFactory); - if (StringUtils.isEmpty(apiKey) || StringUtils.isEmpty(secret)) { + if (StringUtils.isEmpty(apiKey) || ArrayUtils.isEmpty(secret)) { retrofitBuilder.client(sharedClient); } else { // `adaptedClient` will use its own interceptor, but share thread pool etc with the 'parent' client diff --git a/src/main/java/com/binance/api/client/impl/BinanceApiSwapRestClientImpl.java b/src/main/java/com/binance/api/client/impl/BinanceApiSwapRestClientImpl.java index 4f1a18bc4..dc52903dc 100755 --- a/src/main/java/com/binance/api/client/impl/BinanceApiSwapRestClientImpl.java +++ b/src/main/java/com/binance/api/client/impl/BinanceApiSwapRestClientImpl.java @@ -17,7 +17,7 @@ public class BinanceApiSwapRestClientImpl implements BinanceApiSwapRestClient { private final BinanceApiService binanceApiService; - public BinanceApiSwapRestClientImpl(String apiKey, String secret) { + public BinanceApiSwapRestClientImpl(String apiKey, byte[] secret) { binanceApiService = createService(BinanceApiService.class, apiKey, secret); } diff --git a/src/main/java/com/binance/api/client/security/AuthenticationInterceptor.java b/src/main/java/com/binance/api/client/security/AuthenticationInterceptor.java index 197aaabcb..6b5d0d72e 100755 --- a/src/main/java/com/binance/api/client/security/AuthenticationInterceptor.java +++ b/src/main/java/com/binance/api/client/security/AuthenticationInterceptor.java @@ -19,9 +19,9 @@ public class AuthenticationInterceptor implements Interceptor { private final String apiKey; - private final String secret; + private final byte[] secret; - public AuthenticationInterceptor(String apiKey, String secret) { + public AuthenticationInterceptor(String apiKey, byte[] secret) { this.apiKey = apiKey; this.secret = secret; } diff --git a/src/main/java/com/binance/api/client/security/HmacSHA256Signer.java b/src/main/java/com/binance/api/client/security/HmacSHA256Signer.java index 17309e273..5a666465a 100755 --- a/src/main/java/com/binance/api/client/security/HmacSHA256Signer.java +++ b/src/main/java/com/binance/api/client/security/HmacSHA256Signer.java @@ -16,10 +16,10 @@ public class HmacSHA256Signer { * @param secret secret key * @return a signed message */ - public static String sign(String message, String secret) { + public static String sign(String message, byte[] secret) { try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); - SecretKeySpec secretKeySpec = new SecretKeySpec(secret.getBytes(), "HmacSHA256"); + SecretKeySpec secretKeySpec = new SecretKeySpec(secret, "HmacSHA256"); sha256_HMAC.init(secretKeySpec); return new String(Hex.encodeHex(sha256_HMAC.doFinal(message.getBytes()))); } catch (Exception e) {