我想学习如何使用一个名为quickblox为我的iPhone应用程序的后端服务。 我已验证我的应用程式和quickblox业务连接时虽然遇到了问题。 为了授权的连接，我需要通过发送POST请求，其中包含我的应用程序ID，AUTH_KEY，时间戳，随机数和签名摆脱quickblox令牌。 然而，当我帖子发送请求时，服务器来回复状态代码是422，我的签名是无效的。 签名是通过利用应用程序ID，身份验证密钥，时间戳和随机数并生成HMAC-SHA1哈希用它制成的。 我已经验证了我的HMAC-SHA1发电机工作正常，所以我不知道如果我的职位代码是错误的，或者是否是别的东西，因为它总是与签名错误回来。 这是我的应用程序代理：

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    int nonce = arc4random() % (999999999 - 100000) + 100000;
    int timestamp = [[NSDate date] timeIntervalSince1970];

    NSString *prehash = [NSString stringWithFormat:@"application_id=999&auth_key=999999999999999&timestamp=%i&nonce=%i", timestamp, nonce];


    HashSHA256 * hashSHA256 = [[HashSHA256 alloc] init];
    NSString * hash = [hashSHA256 hashedValue:prehash];

    NSLog(@"%@", hash);


    [application setIdleTimerDisabled:YES];

    //
    // Set QuickBlox credentials. Register at admin.quickblox.com, create a new app
    // and copy credentials here to have your own backend instance enabled.
    [QBSettings setApplicationID:9999];
    [QBSettings setAuthorizationKey:@"999999999999999"];
    [QBSettings setAuthorizationSecret:@"111111111111111"];

    NSString *urlString = [NSString stringWithFormat:@"http://api.quickblox.com/session.xml"];
    NSMutableURLRequest *request = [[[NSMutableURLRequest alloc] init] autorelease];
    [request setURL:[NSURL URLWithString:urlString]];
    [request setHTTPMethod:@"POST"]; 


    //set headers
    NSString *contentType = [NSString stringWithFormat:@"0.1.0"];
    [request addValue:contentType forHTTPHeaderField: @"QuickBlox-REST-API-Version:"];

    //create the body
    NSMutableData *postBody = [NSMutableData data];
    [postBody appendData:[[NSString stringWithFormat:@"application_id=9999&auth_key=999999999999999&timestamp=%i&nonce=%i&signature=%@", timestamp, nonce, hash] dataUsingEncoding:NSUTF8StringEncoding]];

    //post request
    [request setHTTPBody:postBody];

    NSString *a = [[NSString alloc] initWithData:postBody encoding:NSUTF8StringEncoding];
    NSLog(@"%@", a);

    //get response
    NSHTTPURLResponse* urlResponse = nil;
    NSError *error = [[NSError alloc] init];
    NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&urlResponse error:&error];
    NSString *result = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding];
    NSLog(@"Response Code: %d", [urlResponse statusCode]);
    if ([urlResponse statusCode] >= 200 && [urlResponse statusCode] < 500) {
        NSLog(@"Response: %@", result);

        //here you get the response

    }


    self.window = [[[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]] autorelease];
    self.window.backgroundColor = [UIColor whiteColor];

    // Show Splash screen
    //
    SplashViewController *splashViewController = [[SplashViewController alloc] init];
    [self.window setRootViewController:splashViewController];
    [splashViewController release];

    [self.window makeKeyAndVisible];

    return YES;
}

该文件说，该请求应该这样被格式化。 有谁看到一个问题，POST请求，我不能正确格式化？ 文档说应该是这样的格式：

curl -X POST \
-H "QuickBlox-REST-API-Version: 0.1.0" \
-d "application_id=140&auth_key=7quWEh-k6TqghXe&timestamp=1326964049&nonce=414546828&signature=e6e603c251a569e70a2f27a8c71b5017e81e05d5" \
https://api.quickblox.com/session.xml //sent to this address

提前致谢。

看起来你错过auth_secret。 它应该在生成签名中使用。 下面是Python的例子，它可以对你有用。

import time, random, hmac, urllib, httplib
from hashlib import sha1

nonce = str(random.randint(1, 10000))
timestamp = str(int(time.time()))

signature_raw_body = ("application_id=" + application_id + "&auth_key=" + auth_key + 
            "&nonce=" + nonce + "&timestamp=" + timestamp)

signature = hmac.new(auth_secret, signature_raw_body, sha1).hexdigest()

params = urllib.urlencode({'application_id': application_id, 
                           'auth_key': auth_key, 
                           'timestamp': timestamp, 'nonce' : nonce,
                           'signature' : signature})

conn = httplib.HTTPSConnection("api.quickblox.com")
conn.request("POST", "/session", params, {})
response = conn.getresponse()

你也可以使用生成的签名这种方法：

+ (NSString *)signData:(NSData *)data withSecret:(NSString *)secret{
NSData *secretData = [secret dataUsingEncoding:NSUTF8StringEncoding];
NSData *clearTextData = data;
uint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};
CCHmacContext hmacContext;
CCHmacInit(&hmacContext, kCCHmacAlgSHA1, secretData.bytes, secretData.length);
CCHmacUpdate(&hmacContext, clearTextData.bytes, clearTextData.length);
CCHmacFinal(&hmacContext, digest);
NSData *result = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
NSString *hash = [result description];
hash = [hash stringByReplacingOccurrencesOfString:@" " withString:@""];
hash = [hash stringByReplacingOccurrencesOfString:@"<" withString:@""];
hash = [hash stringByReplacingOccurrencesOfString:@">" withString:@""];

return hash;
}

哪里：

#define CC_SHA1_DIGEST_LENGTH 20

NSData的*数据是使用NSUTF8StringEncoding原始体数据。