淘宝/淘宝直播x-sign分析

GET https://acs.m.taobao.com/gw/mtop.mediaplatform.lightlive.videolist/1.0/?data=%7B%22channelId%22%3A%220%22%2C%22versionDate%22%3A%2220191201%22%2C%22n%22%3A%2220%22%2C%22s%22%3A%220%22%2C%22moduleIndex%22%3A%220%22%2C%22PARCELABLE_WRITE_RETURN_VALUE%22%3A%221%22%2C%22CREATOR%22%3A%22%7B%7D%22%2C%22CONTENTS_FILE_DESCRIPTOR%22%3A%221%22%7D HTTP/1.1
x-region-channel: CN
x-appkey: 25443018
x-mini-wua: HHnB_tUnVJBVvoVFGcyHLOygOrsz0QrvTQ1%2BLlxMF2WZ1qWf8w6IzKgFhkn%2BVOuNJkkx41M5chp6YY6ulsbfCvpI%2B8BcrkjkcMsGCovX62x8FGJMHHGQSewKE%2FiARug1IcHEJ
x-c-traceid: XWi8k%2BondBsDABR0sTlpyr0%2F15806436553340010110892
x-m-biz-live-bizcode: TAOBAO
x-app-conf-v: 0
content-type: application/x-www-form-urlencoded;charset=UTF-8
x-features: 27
x-pv: 6.2
x-t: 1580643655
f-refer: mtop
user-agent: MTOPSDK%2F3.1.1.7+%28Android%3B5.1.1%3BXiaomi%3B2014813%29
x-ttid: 10005533%40taobaolive_android_1.5.3
cache-control: no-cache
a-orange-q: appKey=25443018&appVersion=1.5.3&clientAppIndexVersion=1120200128150250377&clientVersionIndexVersion=0
x-utdid: XWi8k%2BondBsDABR0sTlpyr0%2F
x-umt: QO1LRrdLOm%2FaPjVwBZRzlIDEs6shmjtB
x-devid: Asnm-8t56t0xmXzy7j23HpLVneMfsz5ScVgZtz6JssKb
x-sign: ab29200090017a47227840af86f1a47eed202b2f30eb661dc7
Host: acs.m.taobao.com
Accept-Encoding: gzip
Connection: Keep-Alive

淘宝/淘宝直播通过header中的x-sign来校验请求的是否有效，主要是在mtopsdk中实现，url和header中的部分字段参与了x-sign的计算，主要有x-appkey, x-devid, x-utdid, x-umt, x-pv, x-features, x-ttid, x-t；

把appkey, data等字段放入map，然后调用getSecurityFactors()，最终的实现是在native代码中，x-sign的计算流程就这些，对细节感兴趣的朋友可以联系。