awss3v4AuthorizationHeaderjava签名算法以及注意的地⽅
整个签名流程图
任务1 创建规范请求:
* 以下##:后⾯为注释内容
1.1 <HTTPMethod>\n ##:如:GET PUT DELETE
1.2 <CanonicalURI>\n ##:URI 如:/admin/ur
1.3 <CanonicalQueryString>\n ##:特别注意当查询参数为空的时候1.2与1.4之间必须留⼀空的⾏
1.4 <CanonicalHeaders>\n ##: 每个header都需要换⾏
容积效率1.5 <SignedHeaders>\n ##:将所有请求头中的参数排序并且Lowerca()后⽤;连接起来,如:host;x-amz-content-sha256;x-amz-date
1.6 <HashedPayload> ##:空字符计算之后的值:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
通过以上6步计算出 CanonicalRequest
任务2 创建要签名的字符串:
2.1: "AWS4-HMAC-SHA256" + "\n" + ##:固定的⼀⾏字符串
2.2: timeStampISO8601Format + "\n" + ##:格式:20190104T080059Z
2.3: <Scope> + "\n" + ##:格式:20190104/us-east-1/s3/aws4_request
2.4: Hex(SHA256Hash(<CanonicalRequest>)) ##:将任务1计算的值进⾏加密
通过以上4步计算出 stringToSign
任务3 ⽤cretAccessKey⽣成真正的签名密钥
3.1: DateKey = HMAC-SHA256("AWS4"+"<SecretAccessKey>", "<YYYYMMDD>")
3.2: DateRegionKey = HMAC-SHA256(<DateKey>, "<aws-region>")
3.3: DateRegionServiceKey = HMAC-SHA256(<DateRegionKey>, "<aws-rvice>")
3.4: SigningKey = HMAC-SHA256(<DateRegionServiceKey>, "aws4_request")
⽣成的Signingkey为签名的密钥
任务4 ⽣成最终的签名
注意点
1. UriEncode()⽅法必须⾃⼰实现,⽤其它⼯具的该⽅法可能不会对像*这样的字符编码
2. ⼀定要注意和官⽅⽂档的格式要完全⼀样山川萧条极边土
⼯具类代码
public class AWSV4Auth {
private AWSV4Auth() {}
public static class Builder {
private String accessKeyID;
private String cretAccessKey;
private String cretAccessKey;
private String regionName;
private String rviceName;
private String httpMethodName;
private String canonicalURI;
private TreeMap<String, String> queryParametes;
黄仁勋private TreeMap<String, String> awsHeaders;
private String payload;
public Builder(String accessKeyID, String cretAccessKey) {
this.accessKeyID = accessKeyID;
}
public Builder regionName(String regionName) {
return this;
}
public Builder rviceName(String rviceName) {
this.rviceName = rviceName;
return this;
}
public Builder httpMethodName(String httpMethodName) {
this.httpMethodName = httpMethodName;
return this;
}
public Builder canonicalURI(String canonicalURI) {
this.canonicalURI = canonicalURI;
return this;
}
public Builder queryParametes(TreeMap<String, String> queryParametes) { this.queryParametes = queryParametes;
return this;
}
public Builder awsHeaders(TreeMap<String, String> awsHeaders) {
this.awsHeaders = awsHeaders;
return this;
}
public Builder payload(String payload) {
this.payload = payload;
return this;
}
public AWSV4Auth build() {
return new AWSV4Auth(this);
}
}
private String accessKeyID;
private String cretAccessKey;
private String regionName;
private String rviceName;
德国球星
private String httpMethodName;
private String canonicalURI;
private TreeMap<String, String> queryParametes;
private TreeMap<String, String> awsHeaders;
流落风尘private String payload;
/* Other variables */
private final String HMACAlgorithm = "AWS4-HMAC-SHA256";
private final String HMACAlgorithm = "AWS4-HMAC-SHA256";
private final String aws4Request = "aws4_request";
private String strSignedHeader;
private String xAmzDate;
private String currentDate;
private AWSV4Auth(Builder builder) {
accessKeyID = builder.accessKeyID;
cretAccessKey = AccessKey;
regionName = ionName;
rviceName = builder.rviceName;
httpMethodName = builder.httpMethodName;
canonicalURI = builder.canonicalURI;
queryParametes = builder.queryParametes;
awsHeaders = builder.awsHeaders;
payload = builder.payload;
//Get current timestamp value.(UTC)
xAmzDate = getTimeStamp();
currentDate = getDate();
}
/**
* 任务 1:针对签名版本 4 创建规范请求
*
* @return
*/
private String prepareCanonicalRequest() {
StringBuilder canonicalURL = new StringBuilder("");
//Step 1.1 HTTP⽅法 GET, PUT, POST,DELETE
canonicalURL.append(httpMethodName).append("\n");
//Step 1.2 URI
canonicalURI = canonicalURI == null || im().isEmpty() ? "/" : canonicalURI; canonicalURL.append(uriEncode(canonicalURI, fal)).append("\n");
///* Step 1.3 添加查询参数
StringBuilder queryString = new StringBuilder("");
if (queryParametes != null && !queryParametes.isEmpty()) {
for (Map.Entry<String, String> entrySet : Set()) {
String key = Key();
珠宝销售工作总结
String value = Value();
queryString.append(key).append("=").append(uriEncode(value, fal)).append("&"); }
queryString.deleteCharAt(queryString.lastIndexOf("&"));
queryString.append("\n");
canonicalURL.append(queryString);
} el {
queryString.append("\n");
canonicalURL.append("\n");
}
/
/ Step 1.4 添加headers, 每个header都需要换⾏诗经共多少篇
StringBuilder signedHeaders = new StringBuilder("");
if (awsHeaders != null && !awsHeaders.isEmpty()) {
for (Map.Entry<String, String> entrySet : Set()) {
String key = Key();
String value = Value();
signedHeaders.append(key).append(";");
canonicalURL.append(key).append(":").im()).append("\n");
}
canonicalURL.append("\n");
} el {
canonicalURL.append("\n");
canonicalURL.append("\n");
}
//Step 1.5 添加签名的headers
strSignedHeader = signedHeaders.substring(0, signedHeaders.length() - 1); // 删掉最后的 ";"
canonicalURL.append(strSignedHeader).append("\n");
/* Step 1.6 对HTTP或HTTPS的body进⾏SHA256处理. */
payload = payload == null ? "" : payload;
canonicalURL.append(generateHex(payload));
System.out.println("##Canonical Request:\n" + String());
String();
}
/**
* 任务 2:创建签名版本 4 的待签字符串
* stringToSign
*
* @param canonicalURL
* @return
*/
private String prepareStringToSign(String canonicalURL) {
String stringToSign = "";
/* Step 2.1 以算法名称开头,并换⾏. */
stringToSign = HMACAlgorithm + "\n";
/* Step 2.2 添加⽇期,并换⾏. */
stringToSign += xAmzDate + "\n";
/* Step 2.3 添加认证范围,并换⾏. */
stringToSign += currentDate + "/" + regionName + "/" + rviceName + "/" + aws4Request + "\n";
/* Step 2.4 添加任务1返回的规范URL哈希处理结果,然后换⾏. */
stringToSign += generateHex(canonicalURL);
System.out.println("##String to sign:\n" + stringToSign);
return stringToSign;
}
/**
* 任务 3:为 AWS Signature 版本 4 计算签名
* Signatrue
*
传递正能量* @param stringToSign
* @return
*/
private String calculateSignature(String stringToSign) {
try {
/* Step 3.1 获取签名的key */
byte[] signatureKey = getSignatureKey(cretAccessKey, currentDate, regionName, rviceName);
/* Step 3.2 计算签名. */
byte[] signature = HmacSHA256(signatureKey, stringToSign);
/* Step 3.2.1 对签名编码处理 */
String strHexSignature = bytesToHex(signature);
return strHexSignature;
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
