什么是函数计算签名认证
对于每一个请求,函数计算服务会根据请求头部的Authorization字段来校验是否合法。客户端须使用与函数计算服务端一致的签名算法才能通过验证,对于未包含签名字段或者签名错误的请求,函数计算服务将会返回HTTP 403错误。
签名算法
- [backcolor=transparent]signature [backcolor=transparent]=[backcolor=transparent] base64[backcolor=transparent]([backcolor=transparent]hmac[backcolor=transparent]-[backcolor=transparent]sha256[backcolor=transparent]([backcolor=transparent]HTTP_METHOD [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]"\n"[backcolor=transparent]
- [backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] CONTENT[backcolor=transparent]-[backcolor=transparent]MD5 [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]"\n"[backcolor=transparent]
- [backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] CONTENT[backcolor=transparent]-[backcolor=transparent]TYPE [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]"\n"[backcolor=transparent]
- [backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] DATE [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]"\n"[backcolor=transparent]
- [backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]CanonicalizedFCHeaders
- [backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]CanonicalizedResource[backcolor=transparent]))
- [backcolor=transparent]Authorization[backcolor=transparent] [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]"FC "[backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] accessKeyID [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]":"[backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] signature
- HTTP_METHOD 表示大写的HTTP Method(如:PUT, GET, POST, DELETE)
- CONTENT-MD5 表示请求内容数据的MD5值。如果请求的Header中没有传Content-MD5,则此处填入空串
- CONTENT-TYPE 表示请求内容的类型
- DATE 表示此次操作的时间,不能为空,目前只支持GMT格式注意:客户端需要保证生成的时间与函数计算服务端的时间相差不超过15分钟,否则函数服务将拒绝此请求
CanonicalizedFCHeaders
生成步骤如下:
- 找出请求头中所有以x-fc-开头的字段(不区分大小写)
- 对于符合前缀的字段,先将字段名转换成小写,然后将这些字段按字段名从小到大排序
- ${key}是HTTP头的名称(转换成小写)
- ${value}是HTTP头的值
- 例如:X-Fc-Invocation-Type: Sync变成x-fc-invocation-type:Sync\n
伪代码如下:
- [backcolor=transparent]// javascript
- [backcolor=transparent]// prefix = 'x-fc-'
- [backcolor=transparent]function[backcolor=transparent] buildCanonicalHeaders[backcolor=transparent]([backcolor=transparent]headers[backcolor=transparent],[backcolor=transparent] prefix[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]{
- [backcolor=transparent] [backcolor=transparent]var[backcolor=transparent] list [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent][];
- [backcolor=transparent] [backcolor=transparent]var[backcolor=transparent] keys [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]Object[backcolor=transparent].[backcolor=transparent]keys[backcolor=transparent]([backcolor=transparent]headers[backcolor=transparent]);
- [backcolor=transparent] [backcolor=transparent]for[backcolor=transparent] [backcolor=transparent]([backcolor=transparent]let i [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]0[backcolor=transparent];[backcolor=transparent] i [backcolor=transparent]<[backcolor=transparent] keys[backcolor=transparent].[backcolor=transparent]length[backcolor=transparent];[backcolor=transparent] i[backcolor=transparent]++)[backcolor=transparent] [backcolor=transparent]{
- [backcolor=transparent] [backcolor=transparent]var[backcolor=transparent] key [backcolor=transparent]=[backcolor=transparent] keys[backcolor=transparent][[backcolor=transparent]i[backcolor=transparent]];
- [backcolor=transparent] [backcolor=transparent]if[backcolor=transparent] [backcolor=transparent]([backcolor=transparent]key[backcolor=transparent].[backcolor=transparent]startsWith[backcolor=transparent]([backcolor=transparent]prefix[backcolor=transparent]))[backcolor=transparent] [backcolor=transparent]{
- [backcolor=transparent] list[backcolor=transparent].[backcolor=transparent]push[backcolor=transparent]([backcolor=transparent]key[backcolor=transparent]);
- [backcolor=transparent] [backcolor=transparent]}
- [backcolor=transparent] [backcolor=transparent]}
- [backcolor=transparent] list[backcolor=transparent].[backcolor=transparent]sort[backcolor=transparent]();
- [backcolor=transparent] [backcolor=transparent]var[backcolor=transparent] canonical [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]''[backcolor=transparent];
- [backcolor=transparent] [backcolor=transparent]for[backcolor=transparent] [backcolor=transparent]([backcolor=transparent]let i [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]0[backcolor=transparent];[backcolor=transparent] i [backcolor=transparent]<[backcolor=transparent] list[backcolor=transparent].[backcolor=transparent]length[backcolor=transparent];[backcolor=transparent] i[backcolor=transparent]++)[backcolor=transparent] [backcolor=transparent]{
- [backcolor=transparent] [backcolor=transparent]const[backcolor=transparent] key [backcolor=transparent]=[backcolor=transparent] list[backcolor=transparent][[backcolor=transparent]i[backcolor=transparent]];
- [backcolor=transparent] canonical [backcolor=transparent]+=[backcolor=transparent] [backcolor=transparent]`[backcolor=transparent]$[backcolor=transparent]{[backcolor=transparent]key[backcolor=transparent]}:[backcolor=transparent]$[backcolor=transparent]{[backcolor=transparent]headers[backcolor=transparent][[backcolor=transparent]key[backcolor=transparent]]}[backcolor=transparent]\n[backcolor=transparent]`;
- [backcolor=transparent] [backcolor=transparent]}
- [backcolor=transparent] [backcolor=transparent]return[backcolor=transparent] canonical[backcolor=transparent];
- [backcolor=transparent]}
请求示例
请求:
- [backcolor=transparent]GET [backcolor=transparent]/[backcolor=transparent]2016[backcolor=transparent]-[backcolor=transparent]08[backcolor=transparent]-[backcolor=transparent]15[backcolor=transparent]/[backcolor=transparent]services[backcolor=transparent]?[backcolor=transparent]limit[backcolor=transparent]=[backcolor=transparent]100[backcolor=transparent]&[backcolor=transparent]nextToken[backcolor=transparent]=&[backcolor=transparent]prefix[backcolor=transparent]=&[backcolor=transparent]startKey[backcolor=transparent]=[backcolor=transparent] HTTP[backcolor=transparent]/[backcolor=transparent]1.1
- [backcolor=transparent]Host[backcolor=transparent]:[backcolor=transparent] [backcolor=transparent]1237050315505682.fc[backcolor=transparent].[backcolor=transparent]cn[backcolor=transparent]-[backcolor=transparent]shanghai[backcolor=transparent].[backcolor=transparent]aliyuncs[backcolor=transparent].[backcolor=transparent]com
- [backcolor=transparent]User[backcolor=transparent]-[backcolor=transparent]Agent[backcolor=transparent]:[backcolor=transparent] go[backcolor=transparent]-[backcolor=transparent]sdk[backcolor=transparent]-[backcolor=transparent]0.1
- [backcolor=transparent]Accept[backcolor=transparent]:[backcolor=transparent] application[backcolor=transparent]/[backcolor=transparent]json
- [backcolor=transparent]Authorization[backcolor=transparent]:[backcolor=transparent] FC [backcolor=transparent]LTAIUyt0Yeq1rgqo[backcolor=transparent]:[backcolor=transparent]GBmoz6OwC7bobTlD1j boBZ9PkaZ1e4cKsQ[backcolor=transparent]+[backcolor=transparent]5[backcolor=transparent]/[backcolor=transparent]dlLTns[backcolor=transparent]=
- [backcolor=transparent]Date[backcolor=transparent]:[backcolor=transparent] [backcolor=transparent]Mon[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]08[backcolor=transparent] [backcolor=transparent]May[backcolor=transparent] [backcolor=transparent]2017[backcolor=transparent] [backcolor=transparent]03[backcolor=transparent]:[backcolor=transparent]08[backcolor=transparent]:[backcolor=transparent]31[backcolor=transparent] GMT
- [backcolor=transparent]X[backcolor=transparent]-[backcolor=transparent]User[backcolor=transparent]-[backcolor=transparent]Agent[backcolor=transparent]:[backcolor=transparent] go[backcolor=transparent]-[backcolor=transparent]resty v0[backcolor=transparent].[backcolor=transparent]11[backcolor=transparent] [backcolor=transparent]-[backcolor=transparent] https[backcolor=transparent]:[backcolor=transparent]//github.com/go-resty/resty
- [backcolor=transparent]Accept[backcolor=transparent]-[backcolor=transparent]Encoding[backcolor=transparent]:[backcolor=transparent] gzip
响应:
- [backcolor=transparent]HTTP[backcolor=transparent]/[backcolor=transparent]1.1[backcolor=transparent] [backcolor=transparent]200[backcolor=transparent] OK
- [backcolor=transparent]Content[backcolor=transparent]-[backcolor=transparent]Type[backcolor=transparent]:[backcolor=transparent] application[backcolor=transparent]/[backcolor=transparent]json[backcolor=transparent];[backcolor=transparent] charset[backcolor=transparent]=[backcolor=transparent]utf[backcolor=transparent]-[backcolor=transparent]8
- [backcolor=transparent]X[backcolor=transparent]-[backcolor=transparent]Fc[backcolor=transparent]-[backcolor=transparent]Request[backcolor=transparent]-[backcolor=transparent]Id[backcolor=transparent]:[backcolor=transparent] ab7c7602[backcolor=transparent]-[backcolor=transparent]0922[backcolor=transparent]-[backcolor=transparent]f04f[backcolor=transparent]-[backcolor=transparent]b4ee[backcolor=transparent]-[backcolor=transparent]923cd7df7fb0
- [backcolor=transparent]Date[backcolor=transparent]:[backcolor=transparent] [backcolor=transparent]Mon[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]08[backcolor=transparent] [backcolor=transparent]May[backcolor=transparent] [backcolor=transparent]2017[backcolor=transparent] [backcolor=transparent]03[backcolor=transparent]:[backcolor=transparent]08[backcolor=transparent]:[backcolor=transparent]31[backcolor=transparent] GMT
- [backcolor=transparent]Transfer[backcolor=transparent]-[backcolor=transparent]Encoding[backcolor=transparent]:[backcolor=transparent] chunked
代码示例
可以参考我们已经发布的SDK中签名部分的代码:
展开
收起
问答分类:
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
相关问答
