Investigación parcialmente completa. Varios endpoints funcionando y claves extraidas con GHIDRA.

2025-12-04 22:44:08 +01:00
parent ec57ac366d
commit aa02d7c896
22 changed files with 5644 additions and 1 deletions
--- a/test_with_auth_headers.py
+++ b/test_with_auth_headers.py
@@ -0,0 +1,147 @@
+#!/usr/bin/env python3
+"""
+Prueba con headers X-CanalMovil-* adicionales
+para ver si cambia el comportamiento del servidor.
+"""
+
+import requests
+import json
+import uuid
+from datetime import datetime
+
+# Headers básicos
+HEADERS_CIRCULATION = {
+    "Content-Type": "application/json;charset=utf-8",
+    "User-key": "f4ce9fbfa9d721e39b8984805901b5df",
+    # Headers adicionales X-CanalMovil-*
+    "X-CanalMovil-deviceID": str(uuid.uuid4()),
+    "X-CanalMovil-pushID": str(uuid.uuid4()),
+    "X-CanalMovil-Authentication": "test_token_" + str(uuid.uuid4())[:16]
+}
+
+HEADERS_STATIONS = {
+    "Content-Type": "application/json;charset=utf-8",
+    "User-key": "0d021447a2fd2ac64553674d5a0c1a6f",
+    # Headers adicionales X-CanalMovil-*
+    "X-CanalMovil-deviceID": str(uuid.uuid4()),
+    "X-CanalMovil-pushID": str(uuid.uuid4()),
+    "X-CanalMovil-Authentication": "test_token_" + str(uuid.uuid4())[:16]
+}
+
+BASE_CIRCULATION = "https://circulacion.api.adif.es"
+BASE_STATIONS = "https://estaciones.api.adif.es"
+
+
+def test_with_headers(name, url, headers, data):
+    """Probar endpoint con headers adicionales"""
+    print(f"\n{'='*70}")
+    print(f"TEST: {name}")
+    print(f"{'='*70}")
+
+    print(f"\n📤 Request Headers:")
+    for key, value in headers.items():
+        print(f"   {key}: {value}")
+
+    print(f"\n📤 Request Body:")
+    print(json.dumps(data, indent=2))
+
+    try:
+        response = requests.post(url, headers=headers, json=data, timeout=10)
+
+        print(f"\n📊 Status Code: {response.status_code}")
+        print(f"📦 Content-Length: {len(response.content)} bytes")
+
+        print(f"\n📥 Response Headers:")
+        for key, value in response.headers.items():
+            if key.lower().startswith('x-') or key.lower() in ['server', 'content-type']:
+                print(f"   {key}: {value}")
+
+        if response.status_code == 200:
+            print("\n✅ SUCCESS!")
+            print(response.json())
+            return True
+        else:
+            print(f"\n❌ ERROR {response.status_code}")
+            print(f"Response: {response.text[:500]}")
+            return False
+
+    except Exception as e:
+        print(f"\n💥 Exception: {e}")
+        return False
+
+
+def main():
+    print("="*70)
+    print("PRUEBA CON HEADERS X-CANALMOVIL-* ADICIONALES")
+    print("="*70)
+
+    results = {}
+
+    # Test 1: Salidas con headers adicionales
+    print("\n\n### TEST 1: Departures con headers X-CanalMovil-* ###")
+    results['departures'] = test_with_headers(
+        "Departures con auth headers",
+        f"{BASE_CIRCULATION}/portroyalmanager/secure/circulationpaths/departures/traffictype/",
+        HEADERS_CIRCULATION,
+        {
+            "commercialService": "BOTH",
+            "commercialStopType": "BOTH",
+            "page": {"pageNumber": 0},
+            "stationCode": "10200",
+            "trafficType": "ALL"
+        }
+    )
+
+    # Test 2: Observations con headers adicionales
+    print("\n\n### TEST 2: Station Observations con auth headers ###")
+    results['observations'] = test_with_headers(
+        "Observations con auth headers",
+        f"{BASE_STATIONS}/portroyalmanager/secure/stationsobservations/",
+        HEADERS_STATIONS,
+        {
+            "stationCodes": ["10200"]
+        }
+    )
+
+    # Test 3: Arrivals
+    print("\n\n### TEST 3: Arrivals con auth headers ###")
+    results['arrivals'] = test_with_headers(
+        "Arrivals con auth headers",
+        f"{BASE_CIRCULATION}/portroyalmanager/secure/circulationpaths/arrivals/traffictype/",
+        HEADERS_CIRCULATION,
+        {
+            "commercialService": "BOTH",
+            "commercialStopType": "BOTH",
+            "page": {"pageNumber": 0},
+            "stationCode": "10200",
+            "trafficType": "CERCANIAS"
+        }
+    )
+
+    # Resumen
+    print("\n\n" + "="*70)
+    print("RESUMEN")
+    print("="*70)
+
+    passed = sum(1 for v in results.values() if v)
+    total = len(results)
+
+    for test, result in results.items():
+        status = "✅" if result else "❌"
+        print(f"{status} {test}")
+
+    print(f"\nTotal: {passed}/{total}")
+
+    if passed == 0:
+        print("\n⚠️  Todas las pruebas fallaron.")
+        print("Los headers X-CanalMovil-* deben generarse con un algoritmo específico.")
+        print("Ver AuthHeaderInterceptor.java y ElcanoClientAuth en el código decompilado.")
+    elif passed > 0:
+        print(f"\n✅ {passed} prueba(s) funcionaron!")
+        print("Analizar qué headers funcionaron.")
+
+    print("="*70)
+
+
+if __name__ == "__main__":
+    main()