Compute checksum of the entire payload prior to transmissionWord文档格式.docx
- 文档编号:17842949
- 上传时间:2022-12-11
- 格式:DOCX
- 页数:12
- 大小:216.45KB
Compute checksum of the entire payload prior to transmissionWord文档格式.docx
《Compute checksum of the entire payload prior to transmissionWord文档格式.docx》由会员分享,可在线阅读,更多相关《Compute checksum of the entire payload prior to transmissionWord文档格式.docx(12页珍藏版)》请在冰豆网上搜索。
.'
_'
and'
~'
这些未保留字符除外
●空格符是保留字符,必须使用编码成”%20”(不能是”+”)
●Uri编码字节必须满足以下格式:
以”%”开头,2个16进制的字符。
●16进制的字符必须是大写形式,比如%1A”。
●编码所以正斜杠”/”,但对象名中的除外。
例如对象名是photos/Jan/sample.jpg,正斜杠不需要编码
注意:
一般的开发工具中提供的URI编码函数可能无效,因为实现不同且RFC的各种规定有冲突。
最好是自己编写URI编码函数。
下图是一个java版的uri编码函数
publicstaticStringuri-encode(CharSequenceinput,booleanencodeSlash){
StringBuilderresult=newStringBuilder();
for(inti=0;
i<
input.length();
i++){
charch=input.charAt(i);
if((ch>
='
&
&
ch<
)||(ch>
)||ch=='
||ch=='
){
result.append(ch);
}elseif(ch=='
/'
result.append(encodeSlash?
"
%2F"
:
ch);
}else{
result.append(toHexUTF8(ch));
}
returnresult.toString();
任务1:
CreateaCanonicalRequest
下图是amazons3用来计算签名的canonicalrequest格式。
为了签名匹配,必须构造一个满足以下格式的canonicalrequest。
<
HTTPMethod>
\n
CanonicalURI>
CanonicalQueryString>
CanonicalHeaders>
SignedHeaders>
HashedPayload>
∙HTTPMethod
isoneoftheHTTPmethods,forexampleGET,PUT,HEAD,andDELETE.
∙CanonicalURI
istheURI-encodedversionoftheabsolutepathcomponentoftheURI—everythingstartingwiththe"
/"
thatfollowsthedomainnameanduptotheendofthestringortothequestionmarkcharacter('
?
'
)ifyouhavequerystringparameters.Forexample,intheURI
/examplebucket/myphoto.jpg
istheabsolutepath.Intheabsolutepath,youdon'
tencodethe"
.
∙CanonicalQueryString
specifiestheURI-encodedquerystringparameters.YouURI-encodenameandvaluesindividually.Youmustalsosorttheparametersinthecanonicalquerystringalphabeticallybykeyname.Thesortingoccursafterencoding.Forexample,intheURI
thequerystringis
prefix=somePrefix&
marker=someMarker&
max-keys=20.Thecanonicalquerystringisasfollows.Linebreaksareaddedtothisexampleforreadability:
URI-encode("
marker"
)+"
="
+URI-encode("
someMarker"
"
+
max-keys"
20"
)+"
+
prefix"
somePrefix"
)
Whenarequesttargetsasubresource,thecorrespondingqueryparametervaluewillbeanemptystring("
).Forexample,thefollowingURIidentifiesthe
ACLsubresourceonthe
examplebucket
bucket.
TheCanonicalQueryStringinthiscaseis:
acl"
+"
IftheURIdoesnotincludea'
thereisnoquerystringintherequest,andyousetthecanonicalquerystringtoanemptystring("
).Youwillstillneedtoincludethe"
\n"
∙CanonicalHeaders
isalistofrequestheaderswiththeirvalues.Individualheadernameandvaluepairsareseparatedbythenewlinecharacter("
).Headernamesmustbeinlowercase.Youmustsorttheheadernamesalphabeticallytoconstructthestring,asshowninthefollowingexample:
∙Lowercase(<
HeaderName1>
:
+Trim(<
value>
HeaderName2>
∙...
Lowercase(<
HeaderNameN>
The
Lowercase()
and
Trim()
functionsusedinthisexamplearedescribedintheprecedingsection.
CanonicalHeaders
listmustincludethefollowing:
∙HTTP
host
header
∙Ifthe
Content-Type
headerispresentintherequest,itmustbeaddedtothe
list.
∙Any
x-amz-*
headersthatyouplantoincludeinyourrequestmustalsobeadded.Forexample,ifyouareusingtemporarysecuritycredentials,youwillinclude
x-amz-security-token
inyourrequest.Youmustaddthisheaderinthelistof
CanonicalHeaders.
Thefollowingisanexample
string.Theheadernamesareinlowercaseandsorted.
host:
x-amz-content-sha256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785
2b855
x-amz-date:
20130708T220855Z
Note
Forthepurposeofcalculatingasignature,onlythehostandany
headersarerequired;
however,inordertopreventdatatampering,youshouldconsiderincludingalltheheadersinthesignaturecalculation.The
x-amz-content-sha256
headerinthepreviousexampleprovidesahashoftherequestpayload.Ifthereisnopayload,youprovidethehashofanemptystring.
∙SignedHeaders
isanalphabeticallysorted,semicolon-separatedlistoflowercaserequestheadernames.Therequestheadersinthelistarethesameheadersthatyouincludedinthe
string.Forexample,forthepreviousexample,thevalueof
SignedHeaders
wouldbeasfollows:
host;
x-amz-content-sha256;
x-amz-date
∙HashedPayload
isthehexadecimalvalueoftheSHA256hashoftherequestpayload.
Hex(SHA256Hash(<
payload>
Ifthereisnopayloadintherequest,youcomputeahashoftheemptystringasfollows:
Hex(SHA256Hash("
))
Thehashreturnsthefollowingvalue:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Forexample,whenyouuploadanobjectbyusingaPUTrequest,youprovideobjectdatainthebody.WhenyouretrieveanobjectbyusingaGETrequest,youcomputetheemptystringhash.
任务2:
CreateaStringtoSign
StringtoSign有由以下格式的字符串构成
AWS4-HMAC-SHA256"
+\n"
timeStampISO8601Format+"
Scope>
CanonicalRequest>
Theconstantstring
AWS4-HMAC-SHA256
specifiesthehashalgorithmthatyouareusing,HMAC-SHA256.The
timeStamp
isthecurrentUTCtimeinISO8601format(forexample,
20130524T000000Z).
Scope
bindstheresultingsignaturetoaspecificdate,anAWSregion,andaservice.Thus,yourresultingsignaturewillworkonlyinthespecificregionandforaspecificservice.Thesignatureisvalidforsevendaysafterthespecifieddate.
date.Format(<
yyyyMMdd>
+<
region>
service>
/aws4_request"
ForAmazonS3,theservicestringis
s3.Foralistof
region
strings,goto
RegionsandEndpoints
inthe
AWSGeneralReference.TheRegioncolumninthistableprovidesthelistofvalidregionstrings.
Thefollowingscoperestrictstheresultingsignaturetothe
us-east-1
regionandAmazonS3.
20130606/us-east-1/s3/aws4_request
mustusethesamedatethatyouusetocomputethesigningkey,asdiscussedinthefollowingsection.
任务3:
CalculateSignature
AmazonV4版签名中,不再使用sk来计算签名,而是需要先计计算一个作用到特定域和服务的signingkey,
DateKey=HMAC-SHA256("
AWS4"
+"
SecretAccessKey>
"
yyyymmdd>
DateRegionKey=HMAC-SHA256(<
DateKey>
aws-region>
DateRegionServiceKey=HMAC-SHA256(<
DateRegionKey>
aws-service>
SigningKey=HMAC-SHA256(<
DateRegionServiceKey>
aws4_request"
Thissigningkeyisvalidforsevendaysfromthedatespecifiedinthe
DateKey
hash.
部署Uds后,<
取值列表
Signingkey的有效期是7天。
Examples:
SignatureCalculations
Youcanusetheexamplesinthissectionasareferencetochecksignaturecalculationsinyourcode.Foradditionalreferences,goto
SignatureVersion4TestSuite
ofthe
AWSGeneralReference.Thecalculationsshownintheexamplesusethefollowingdata:
∙Exampleaccesskeys.
Parameter
Value
AWSAccessKeyId
AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
∙Requesttimestampof20130524T000000Z(Fri,24May201300:
00:
00GMT).
∙Bucketname
examplebucket.
∙ThebucketisassumedtobeintheUSStandardregion.Thecredential
andthe
SigningKey
calculationsuse
astheregionspecifier.
Forinformationaboutotherregions,goto
AWSGeneralReference.
∙Youcanuseeitherpath-styleorvirtualhosted–stylerequests.Thefollowingexamplesshowhowtosignavirtualhosted–stylerequest,forexample:
Formoreinformation,goto
VirtualHostingofBuckets
AmazonSimpleStorageServiceDeveloperGuide.
Example:
GETObject
Thefollowingexamplegetsthefirst10bytesofanobject(test.txt)from
examplebucket.FormoreinformationabouttheAPIaction,see
GETObject.
GET/test.txtHTTP/1.1
Host:
Date:
Fri,24May201300:
00GMT
Authorization:
SignatureToBeCalculated
Range:
bytes=0-9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
20130524T000000Z
BecausethisGETrequestdoesnotprovideanybodycontent,the
valueisthehashoftheemptyrequestbody.ThefollowingstepsshowsignaturecalculationsandconstructionoftheAuthorizationheader.
1.StringToSign
a.CanonicalRequest
GET
/test.txt
range:
bytes=0-9
20130524T000000Z
range;
x-amz-datee3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Inthecanonicalrequeststring,thelastlineisthehashoftheemptyrequestbody.Thethirdlineisemptybecausetherearenoqueryparametersintherequest.
b.StringToSign
AWS4-HMAC-SHA256
20130524/us-east-1/s3/aws4_request7344ae5b7ee6c3e7e6b0fe0640412a37625d1fb
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Compute checksum of the entire payload prior to transmission
链接地址:https://www.bdocx.com/doc/17842949.html