[bitmex] sign requests correctly

Author: ryanfox

xchange-bitmex/src/main/java/org/knowm/xchange/bitmex/Bitmex.java

@@ -30,35 +30,35 @@ public interface Bitmex {
 
   @GET
   @Path("user")
-  BitmexAccount getAccount(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce, @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest)
+  BitmexAccount getAccount(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce, @HeaderParam("api-signature") ParamsDigest paramsDigest)
       throws IOException;
 
   @GET
   @Path("user/wallet")
-  BitmexWallet getWallet(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce, @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest,
+  BitmexWallet getWallet(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce, @HeaderParam("api-signature") ParamsDigest paramsDigest,
       @Nullable @QueryParam("currency") String currency) throws IOException;
 
   // Get a history of all of your wallet transactions (deposits, withdrawals, PNL)
   @GET
   @Path("user/walletHistory")
-  List<BitmexWalletTransaction> getWalletHistory(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce,
-      @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
+  List<BitmexWalletTransaction> getWalletHistory(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce,
+      @HeaderParam("api-signature") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
 
   // Get a summary of all of your wallet transactions (deposits, withdrawals, PNL)
   @GET
   @Path("user/walletSummary")
-  List<BitmexWalletTransaction> getWalletSummary(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce,
-      @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
+  List<BitmexWalletTransaction> getWalletSummary(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce,
+      @HeaderParam("api-signature") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
 
   @GET
   @Path("user/margin")
-  BitmexMarginAccount getMarginAccountStatus(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce,
-      @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
+  BitmexMarginAccount getMarginAccountStatus(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce,
+      @HeaderParam("api-signature") ParamsDigest paramsDigest, @Nullable @QueryParam("currency") String currency) throws IOException;
 
   @GET
   @Path("user/margin?currency=all")
-  List<BitmexMarginAccount> getMarginAccountsStatus(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce,
-      @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest) throws IOException;
+  List<BitmexMarginAccount> getMarginAccountsStatus(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce,
+      @HeaderParam("api-signature") ParamsDigest paramsDigest) throws IOException;
 
   @GET
   @Path("trade")
@@ -70,12 +70,12 @@ List<BitmexMarginAccount> getMarginAccountsStatus(@HeaderParam("API-KEY") String
 
   @GET
   @Path("position")
-  List<BitmexPosition> getPositions(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce, @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest)
+  List<BitmexPosition> getPositions(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce, @HeaderParam("api-signature") ParamsDigest paramsDigest)
       throws IOException;
 
   @GET
   @Path("position")
-  List<BitmexPosition> getPositions(@HeaderParam("API-KEY") String apiKey, @HeaderParam("API-NONCE") SynchronizedValueFactory<Long> nonce, @HeaderParam("API-SIGNATURE") ParamsDigest paramsDigest,
+  List<BitmexPosition> getPositions(@HeaderParam("api-key") String apiKey, @HeaderParam("api-nonce") SynchronizedValueFactory<Long> nonce, @HeaderParam("api-signature") ParamsDigest paramsDigest,
       @Nullable @QueryParam("symbol") String symbol, @Nullable @QueryParam("filter") String filter) throws IOException;
 
   @GET

xchange-bitmex/src/main/java/org/knowm/xchange/bitmex/service/BitmexAccountService.java

@@ -5,6 +5,7 @@
 import java.util.List;
 
 import org.knowm.xchange.Exchange;
+import org.knowm.xchange.bitmex.dto.account.BitmexAccount;
 import org.knowm.xchange.currency.Currency;
 import org.knowm.xchange.dto.account.AccountInfo;
 import org.knowm.xchange.dto.account.FundingRecord;
@@ -26,9 +27,9 @@ public BitmexAccountService(Exchange exchange) {
   }
 
   @Override
-  public AccountInfo getAccountInfo() {
-    AccountInfo accountInfo = getAccountInfo();
-    return new AccountInfo(accountInfo.getUsername());
+  public AccountInfo getAccountInfo() throws IOException {
+    BitmexAccount account = super.getBitmexAccountInfo();
+    return new AccountInfo(account.getUsername());
   }
 
   @Override

xchange-bitmex/src/main/java/org/knowm/xchange/bitmex/service/BitmexAccountServiceRaw.java

@@ -13,7 +13,7 @@
 
 public class BitmexAccountServiceRaw extends BitmexBaseService {
 
-  String apiKey = null;
+  String apiKey = exchange.getExchangeSpecification().getApiKey();
 
   /**
    * Constructor

xchange-bitmex/src/main/java/org/knowm/xchange/bitmex/service/BitmexDigest.java

@@ -1,12 +1,10 @@
 package org.knowm.xchange.bitmex.service;
 
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
 
-import javax.crypto.Mac;
-import javax.ws.rs.FormParam;
+import javax.ws.rs.HeaderParam;
 
+import org.apache.commons.codec.binary.Hex;
 import org.knowm.xchange.service.BaseParamsDigest;
 
 import si.mazi.rescu.RestInvocation;
@@ -18,13 +16,12 @@ public class BitmexDigest extends BaseParamsDigest {
   /**
    * Constructor
    *
-   * @param secretKeyBase64
-   * @param apiKey @throws IllegalArgumentException if key is invalid (cannot be base-64-decoded or the decoded key is invalid).
+   * @param secretKeyBase64 the secret key to sign requests
    */
 
   private BitmexDigest(byte[] secretKeyBase64) {
 
-    super(secretKeyBase64, HMAC_SHA_512);
+    super(Base64.getUrlEncoder().withoutPadding().encodeToString(secretKeyBase64), HMAC_SHA_256);
   }
 
   public static BitmexDigest createInstance(String secretKeyBase64) {
@@ -38,21 +35,10 @@ public static BitmexDigest createInstance(String secretKeyBase64) {
   @Override
   public String digestParams(RestInvocation restInvocation) {
 
-    MessageDigest sha256;
-    try {
-      sha256 = MessageDigest.getInstance("SHA-256");
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException("Illegal algorithm for post body digest. Check the implementation.");
-    }
-    sha256.update(restInvocation.getParamValue(FormParam.class, "nonce").toString().getBytes());
-    sha256.update(restInvocation.getRequestBody().getBytes());
-
-    Mac mac512 = getMac();
-    mac512.update(("/" + restInvocation.getPath()).getBytes());
-    mac512.update(sha256.digest());
-
-    return Base64.getUrlEncoder().encodeToString(mac512.doFinal()).trim();
+      String nonce = restInvocation.getParamValue(HeaderParam.class, "api-nonce").toString();
+      String payload = restInvocation.getHttpMethod() + "/" + restInvocation.getPath() + nonce + restInvocation.getRequestBody();
 
+      return new String(Hex.encodeHex(getMac().doFinal(payload.getBytes())));
   }
 
   private BitmexDigest(String secretKeyBase64, String apiKey) {