Merge pull request #40 from jonatack/fix-http-post-data-params

HTTP, CRYPTOGRAPHY: fix POST data params, update tests

src/cryptography.lisp

@@ -13,28 +13,31 @@
   (:import-from #:cl-base64
                 #:base64-string-to-usb8-array
                 #:usb8-array-to-base64-string)
+  (:import-from #:quri
+                #:url-encode-params)
   (:export #:signature))
 (in-package #:cl-kraken/src/cryptography)
 
-(defun signature (path nonce secret)
-  "Signature generated from the HMAC SHA512 of a message and the SECRET key:
-    message = (PATH + SHA256(NONCE + POST data)) in octets
-    key     = base64-decoded API secret key in octets
+(defun signature (path nonce data secret)
+  "Signature generated from the HMAC SHA512 of a message and key:
+    message = (PATH + SHA256(NONCE + POST DATA)) in octets
+    key     = base64-decoded SECRET in octets
   Before returning, the signature is converted from octets to a base64 string."
   (check-type path   (and simple-string (not null)))
   (check-type nonce  (and simple-string (not null)))
+  (check-type data   (cons))
   (check-type secret (and simple-string (not null)))
-  (let ((message (message path nonce))
+  (let ((message (message path nonce data))
         (key     (base64-string-to-usb8-array secret)))
     (usb8-array-to-base64-string (hmac-sha512 message key))))
 
-(defun message (path nonce)
-  "Message composed of (PATH + SHA256(NONCE + POST data)) in octets."
-  (let ((post-params-data (concatenate 'string nonce "nonce=" nonce)))
-    (concatenate '(simple-array (unsigned-byte 8) (*))
-                 (map '(simple-array (unsigned-byte 8) (*)) 'char-code path)
-                 (hash-sha256 (map '(simple-array (unsigned-byte 8) (*))
-                                   'char-code post-params-data)))))
+(defun message (path nonce data)
+  "(PATH + SHA256(NONCE + POST DATA)) in octets."
+  (concatenate '(simple-array (unsigned-byte 8) (*))
+               (map '(simple-array (unsigned-byte 8) (*)) 'char-code path)
+               (hash-sha256
+                (map '(simple-array (unsigned-byte 8) (*)) 'char-code
+                     (concatenate 'string nonce (url-encode-params data))))))
 
 (defun hmac-sha512 (message secret)
   "Evaluates to an HMAC SHA512 signature. Inputs and output in octets."

src/http.lisp

@@ -54,14 +54,15 @@
   (check-type key    (and string (not null)))
   (check-type secret (and string (not null)))
   (let* ((path    (concatenate 'string +api-private-path+ method))
-         (uri     (make-uri :scheme scheme :host host :path path :query params))
+         (uri     (make-uri :scheme scheme :host host :path path))
          (nonce   (generate-kraken-nonce))
-         (headers (post-http-headers path nonce key secret))
-         (data    `(("nonce" . ,nonce))))
+         (data    (append params `(("nonce" . ,nonce))))
+         (headers (post-http-headers path nonce data key secret)))
     (post uri :headers headers :content data :verbose verbose)))
 
-(defun post-http-headers (path nonce key secret)
+(defun post-http-headers (path nonce data key secret)
   "Kraken POST HTTP headers must contain the API key and signature."
-  (check-type path   (and string (not null)))
-  (check-type nonce  (and string (not null)))
-  `(("api-key" . ,key) ("api-sign" . ,(signature path nonce secret))))
+  (check-type path  (and string (not null)))
+  (check-type nonce (and string (not null)))
+  (check-type data  (cons))
+  `(("api-key" . ,key) ("api-sign" . ,(signature path nonce data secret))))

tests/cryptography.lisp

@@ -5,24 +5,26 @@
 (in-package #:cl-kraken/tests/cryptography)
 
 (deftest signature
-  (let ((path     "/0/private/Balance")
-        (nonce    "1234567890123456789")
-        (secret   "The quick brown fox jumped over the lazy dog")
-        (expected (concatenate 'string
-                               "U1lRLKnFgIuip1SHiSgzh119yegH9JnTm71PFtXgEuagpZ"
-                               "OEzR7haeO+6xy5LhpSK0qs4a5fqHmGAflT8NMjxA==")))
+  (let* ((path     "/0/private/Balance")
+         (nonce    "1234567890123456789")
+         (data     `(("pair" . "xbteur, xbtusd") ("nonce" . ,nonce)))
+         (secret   "The quick brown fox jumped over the lazy dog")
+         (expected (concatenate 'string
+                                "Nkov7OdxRPxqRW9YiyTScW3LnKNNJJWO5JIzUY9/NHKjgu"
+                                "P+hj5vGqkGtqvpL7Cg5dOv5jwBkpZUvTqni+uGBA==")))
     (testing "evaluates to the correct API signature as a base64 string"
-      (ok (string= (cl-kraken/src/cryptography:signature path nonce secret)
+      (ok (string= (cl-kraken/src/cryptography:signature path nonce data secret)
                    expected)))))
 
 (deftest message
-  (let ((path  "/0/private/Balance")
-        (nonce "1234567890123456789"))
+  (let* ((path  "/0/private/Balance")
+         (nonce "1234567890123456789")
+         (data  `(("pair" . "xbteur, xbtusd") ("nonce" . ,nonce))))
     (testing "evaluates to the expected message in octets"
-      (ok (equalp (cl-kraken/src/cryptography::message path nonce)
+      (ok (equalp (cl-kraken/src/cryptography::message path nonce data)
                   #(47 48 47 112 114 105 118 97 116 101 47 66 97 108 97 110 99
-                    101 66 143 61 96 125 36 69 187 141 17 102 177 167 25 10 98
-                    196 18 219 25 152 119 57 29 5 47 70 193 186 75 164 177))))))
+                    101 25 252 14 179 229 144 89 79 212 89 215 2 55 106 12 69
+                    231 154 3 178 94 77 47 47 98 142 188 157 153 152 209 40))))))
 
 (deftest hmac-sha512
   (let ((key (crypto:ascii-string-to-byte-array "abc"))

tests/http.lisp

@@ -54,15 +54,27 @@
       (ok (string= query *expected-query*)))))
 
 (deftest post-http-headers
-  (let ((path     "/0/private/Balance")
-        (nonce    "1234567890123456789")
-        (key      "01dB/y38ooyXBUWpS7XUNguXCk1trgN/LEj7FF8LgHmk3fcvX4dNQIFD")
-        (secret   (concatenate 'string
-                               "YS/EXE3mfINjlKeegUVPT0uDUYkUX2Ed0OZp9dzCe1LOs+d"
-                               "9vZErAQKMY9o7WVQlTpvDodSlOONkZK7rngdJNw=="))
-        (api-sign (concatenate 'string
-                               "kc0yOGvxuk+LzgTXuvPp3Cs6BvkVhGaGZUNkatqtX2iCb30"
-                               "znwbuVX8JJYdwCisyG/7mScSYl7nZ7ihzvMXrXA==")))
-    (testing "evaluates to the correct POST HTTP headers as an alist"
-      (ok (equalp (cl-kraken/src/http::post-http-headers path nonce key secret)
-                  `(("api-key" . ,key) ("api-sign" . ,api-sign)))))))
+  (let* ((path   "/0/private/Balance")
+         (nonce  "1234567890123456789")
+         (key    "01dB/y38ooyXBUWpS7XUNguXCk1trgN/LEj7FF8LgHmk3fcvX4dNQIFD")
+         (secret (concatenate 'string
+                              "YS/EXE3mfINjlKeegUVPT0uDUYkUX2Ed0OZp9dzCe1LOs+d"
+                              "9vZErAQKMY9o7WVQlTpvDodSlOONkZK7rngdJNw==")))
+    (testing "with nonce data, evaluates to the correct headers alist"
+      (let ((data     `(("nonce" . ,nonce)))
+            (api-sign (concatenate
+                       'string
+                       "kc0yOGvxuk+LzgTXuvPp3Cs6BvkVhGaGZUNkatqtX2iCb30"
+                       "znwbuVX8JJYdwCisyG/7mScSYl7nZ7ihzvMXrXA==")))
+        (ok (equalp
+             (cl-kraken/src/http::post-http-headers path nonce data key secret)
+             `(("api-key" . ,key) ("api-sign" . ,api-sign))))))
+    (testing "with nonce + params data, evaluates to the correct headers alist"
+      (let ((data     `(("pair" . "xbteur, xbtusd") ("nonce" . ,nonce)))
+            (api-sign (concatenate
+                       'string
+                       "lQjzgTnvmjJ9HMiucF+M3T7cI/VTYjZFptWDbf0uFG6RXLH"
+                       "sedsZaJ8n+HPn8G5exNwkzQC3phqXRqUi7g96Gw==")))
+        (ok (equalp
+             (cl-kraken/src/http::post-http-headers path nonce data key secret)
+             `(("api-key" . ,key) ("api-sign" . ,api-sign))))))))