新浪统一认证分析
var makeRequest = function(username, password, savestate) {var request = {"entry": me.getEntry(),"gateway": 1,"from": me.from,"savestate": savestate,"useticket": me.useTicket?1:0};if (me.failRedirect) {me.loginExtraQuery.frd = 1;}request = objMerge(request, me.loginExtraFlag);request = objMerge(request, me.loginExtraQuery);request["su"] = sinaSSOEncoder.base64.encode(urlencode(username)); // su是username的别名if (me.service) request["service"] = me.service;if((me.loginType & rsa) && me.servertime && sinaSSOEncoder && sinaSSOEncoder.RSAKey){request["servertime"] = me.servertime;request["nonce"] = me.nonce;request["pwencode"] = "rsa2";request["rsakv"] = me.rsakv;var RSAKey = new sinaSSOEncoder.RSAKey();RSAKey.setPublic(me.rsaPubkey, '10001');password = RSAKey.encrypt([me.servertime, me.nonce].join("\t") + "\n" + password);}else if ((me.loginType & wsse) && me.servertime && sinaSSOEncoder && sinaSSOEncoder.hex_sha1) {request["servertime"] = me.servertime;request["nonce"] = me.nonce;request["pwencode"] = "wsse";password = sinaSSOEncoder.hex_sha1("" + sinaSSOEncoder.hex_sha1(sinaSSOEncoder.hex_sha1(password)) + me.servertime + me.nonce); // 空字符串为了避免各项全部是数字时造成数字相加而不是字符串链接的情况}request["sp"] = password; // sp是password的别名return request;};