美团外卖__skcy计算过程分析

美团外卖url验签相关的参数包括url中的__skck、__skts、__skua、__skno、__skcy和body中的waimai_sign，完整的请求参数如下：

POST http://wmapi.meituan.com/api/v7/poi/homepage?utm_medium=android&utm_content=868734023255131&utm_term=73002&utm_source=1013&ci=555&utm_campaign=AwaimaiBwaimai&uuid=000000000000094413080C76442248B4E7786753E2051A158853173887467218&__skck=8f5973b085446090f224af74e30e0181&__skts=1588499879&__skua=32bcf146c756ecefe7535b95816908e3&__skno=c8ba2253-b0e3-46c4-8d6c-4c1fbfa37cab&__skcy=43GR7hLm%2BJxqWc9eToihEWBSLP8%3D HTTP/1.1
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 1223
Host: wmapi.meituan.com
Connection: Keep-Alive
User-Agent: okhttp/2.7.6
siua: 2N7IXlpGLA5IAIVPVfZV0K4hIJRxFG0oWVqLAP4DkmJhulqEjuy3adW9Bkd/PHKtuDW4FyShqXzf4rUwct3VdocQSUrZoWY6C4Z4djNs5o4hT3rRCOOk/14VNmc7t5aatI18+DuhAoWcmWW175TgykZin4xxMRD19IxWUk9rx28ud6I2cBXAXVafwm9krCxk8Wlc46Db/ldq56Hr0ScYFHleHj44hYEHijFbeav/+1hKt0Z2c2evmFaKZvPR3l+JF1NzJfR7lKhgLzG2o3BGe9qTiNF7Yq9BpiEzbAo1VyGpsceyQaOh1i7itefOhX8wSh+pvZ67BVaVzubPNCmQi96thsDmHYk6OLOIu+PQVyJlFE9Z338DBJ0O08CBJGptdhdthqeoGpALCQA0/duwiGnGEZ0BBOxEDvoR9pT52th4yCT7D1tVavny7kzkAR6sbxZPHDugRI/a0vRgo8/BT3ApEL+hq4Lv+5KeyqYYHVuX19ENFB81L+8orkxmRMJxH/hk6oVwmeRB+tvmO113o+jPBKqkws7pEPaZZFiJI109oeX8AOntIj7dMfJ8Po28edgn2vyZmnjaRW7EBHqacCz5j8zXwmAZueSi+NvZp/H+1PLE1Z5exf0aOnq7r1b7Aim8MQMfJco/HOjWBOMz4BMz5Wm741ZY/g53IoNsAw0=

wm_latitude=34592825&wm_logintoken=&wm_mac=20%3A82%3Ac0%3Ac9%3A97%3A93&request_id=76C290AB-18D4-4A4F-BFA2-01582352E5A2&uuid=000000000000094413080C76442248B4E7786753E2051A158853173887467218&wm_actual_longitude=113712171&wm_actual_latitude=34592825&wm_ctype=android&app=4&wm_visitid=8708abf9-8e04-44de-b5fe-7810133698ba&wm_did=868734023255131&userid=0&platform=4&seq_id=8&wm_dversion=22_5.1.1&wm_longitude=113712171&oa_id=&wm_channel=1013&wm_uuid=000000000000094413080C76442248B4E7786753E2051A158853173887467218&wm_dtype=2014813&version=7.30.2&push_token=dpsh1d691a838651de64f66f1349465f61c3atpu&personalized=1&partner=4&wm_appversion=7.30.2&waimai_sign=mCGkvh8UeMIi3mD0t0LJ8AkpM2cX15S5z%2BV%2BOO81brWgNjr%2Bi%2FJqBd%2BSGUCym1pY0lwSHT%2Fh1ysivX3cY387kIcnVecupRU9GnZNeeHIDx2If%2BOVOMQ0nnzSdlaHD%2FzQ4qks33tZtAvN%2Bq9m9bkpjdmqsgFylfdXdvQ1DMLPaI8%3D&wm_seq=11&req_time=1588499878644&page_index=0&page_size=20&sort_type=0&activity_filter_codes=&slider_select_data=&load_type=1&rank_trace_id=&session_id=67ad616d-2425-45c5-b334-b52304cd70a41588499873383928&union_id=94413080c76442248b4e7786753e2051a158853173887467218&rank_list_id=0395c30544304ed2ba07c85c8af338eb&category_type=0&second_category_type=0&behavioral_characteristics=

其中__skck固定为8f5973b085446090f224af74e30e0181, __skts是当前的时间戳，__skua是header中User-Agent的MD5值，__skno每次请求都不一样，用于标识每一次请求，__skcy根据url和body中的参数计算，用于验签, __skcy的计算是在CandyPreprocessor.getParametersSignature方法中：

大概流程是对url和body中的字段进行排序和拼接，然后调用CandyJni.getCandyDataWithKeyForJava来计算签名，这部分实现是在native中，美团外卖的大概签名计算流程就这些，感兴趣的朋友可以联系