签名校验生成过程
- 从请求鉴权头Authorization中依次解析出生成签名所需各基本元素信息:
accessKey
dateStamp
regionName
serviceName
SignedHeaders
Signature
- 根据SignedHeaders把参与签名的请求头headerName按自然序排列并转为小写后用;连接进行拼接得到canonicalizedHeaderNames。
canonicalizedHeaderNames=headerName1;headerName2;headerName3...
- 依据SignedHeaders中请求头名称从请求中取出对应请求头值,按字母自然序排列按如下规则生成canonicalizedHeaders。
headerName1:headerValue1+"\n"+headerName2:headerValue2...
- 将请求?后面的入参按自然序排列并按如下规则生成canonicalizedQueryParameters。
UriEncode(QueryParameter1)=UriEncode(value)&UriEncode(QueryParameter2)=UriEncode(value)...
- 按如下规则生成canonicalRequest。
httpMethod + "\n" + canonicalUri + "\n" + canonicalizedQueryParameters+ "\n" +canonicalizedHeaders+ "\n" + canonicalizedHeaderNames+ "\n" + bodyHash
其中bodyHash为HMAC-SHA256(""),即e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- 按如下规则生成stringToSign。
AWS4-HMAC-SHA256+"\n"+{x-amz-date}+"\n"+dateStamp + "/" + regionName + "/" + serviceName + "/" + aws4_request + "\n"+Hex(HMAC-SHA256(canonicalRequest))
- 最后按如下算法生成最终的signature。
DateKey=HMAC-SHA256("AWS4"+{SecrectKey}, dateStamp)
DateRegionKey=HMAC-SHA256(DateKey, regionName)
DateRegionServiceKey=HMAC-SHA256(DateRegionKey, serviceName)
SigningKey=HMAC-SHA256(DateRegionServiceKey, "aws4_request")
signature=Hex(HMAC-SHA256(SigningKey, stringToSign))
校验实例demo
基础信息
| 属性 | 取值 |
|---|---|
| accessKey | 35nwOnYWqcKvgCAX5MNi (测试验证使用) |
| secretKey | 2Bl4BDUK9kG74pUStxaTJXxYNk1HVUJkJR3TjAr3 (测试验证使用) |
| x-amz-date | 20210422T015559Z |
| regionName | cn-north-1 |
| serviceName | xs-transcode |
请求信息
- 接口完整地址:https://vod-api.xstore.ctyun.cn/xstore-transcode/task
- 接口参数:taskId=0003#45559c3d411843c79410f538a205df7d
- 请求body为空,hashBody:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xstore-transcode/task
host:vod-api.xstore.ctyun.cn
x-amz-date:20210422T015559Z
Authorization: SignatureToBeCalculated
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
生成签名各步结果
- CanonicalRequest
GET
/xstore-transcode/task
taskId=0003%2345559c3d411843c79410f538a205df7d
host:vod-api.xstore.ctyun.cn
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20210422T015559Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- StringToSign
AWS4-HMAC-SHA256
20210422T015559Z
20210422/cn-north-1/xs-transcode/aws4_request
002512aa3fd5e27993ff5492963f323ae7d651ce7c06c0991e29a95951d50991
- Signature
53e377e7e2dcc33286c939f7681534762d55dc05cd6a078304b10a7dae6dfca1
- Authorization
AWS4-HMAC-SHA256 Credential=35nwOnYWqcKvgCAX5MNi/20210422/cn-north-1/xs-transcode/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=53e377e7e2dcc33286c939f7681534762d55dc05cd6a078304b10a7dae6dfca1
