开发者社区> 问答> 正文

智能视觉生产的请求签名有哪些?

智能视觉生产的请求签名有哪些?

展开
收起
保持可爱mmm 2020-03-27 01:01:44 618 0
1 条回答
写回答
取消 提交回答
  • 对于每一次HTTP或者HTTPS协议请求,我们会根据访问中的签名信息验证访问请求者身份。具体由使用AccessKeyID和AccessKeySecret对称加密验证实现。其中AccessKeyID是访问者身份,AccessKeySecret是加密签名字符串和服务器端验证签名字符串的密钥,必须严格保密谨防泄露。 1. 指定请求参数

    在代码中指定请求参数,参数中需要包含公共请求头和接口必备的参数信息。

    说明 请求参数中不允许出现以Signature为key的参数。 示例代码如下:

    String accessKeyId = "yourAccessId";
    String accessSecret = "yourAccessSecret";
    java.text.SimpleDateFormat df = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    df.setTimeZone(new java.util.SimpleTimeZone(0, "GMT"));// 这里一定要设置GMT时区
    java.util.Map<String, String> paras = new java.util.HashMap<String, String>();
    

    指定参数:

    paras.put("SignatureMethod", "HMAC-SHA1");
    paras.put("SignatureNonce", java.util.UUID.randomUUID().toString());
    paras.put("AccessKeyId", accessKeyId);
    paras.put("SignatureVersion", "1.0");
    paras.put("Timestamp", df.format(new java.util.Date()));
    paras.put("Format", "JSON");
    paras.put("RegionId", "cn-shanghai");
    # API 版本
    paras.put("Version", "2019-06-25");
    # API ACTION
    paras.put("Action", "SegmentImage");
    # 下面是业务参数
    paras.put("Url", "http://vigen-invi-cdn.alibaba.com/aliyun-doc/pop/images/segment-image-src.jpg");
    

    去除签名关键字Key:

    if (paras.containsKey("Signature")) {
      paras.remove("Signature");
    }
    
    1. 根据参数Key排序(顺序)

    参考代码如下:

    java.util.TreeMap<String, String> sortParas = new java.util.TreeMap<String, String>();
    .sortParas.putAll(paras);
    
    1. 构造待签名的请求串

    首先介绍下面会用到的特殊URL编码这个是POP特殊的一种规则,即在一般的URLEncode后再增加三种字符替换:加号 (+)替换成 %20、星号 (*)替换成 %2A、 %7E 替换回波浪号 (~)参考代码如下:

    public static String specialUrlEncode(String value) throws Exception {
        return java.net.URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
    }
    

    构造待签名的请求串: 把排序后的参数顺序拼接成如下格式:

    "&" + specialUrlEncode(参数Key) + "=" + specialUrlEncode(参数值)
    

    参考代码如下:

    java.util.Iterator<String> it = sortParas.keySet().iterator();
    StringBuilder sortQueryStringTmp = new StringBuilder();
    while (it.hasNext()) {
        String key = it.next();
        sortQueryStringTmp.append("&").append(specialUrlEncode(key)).append("=").append(specialUrlEncode(paras.get(key)));
    }
    String sortedQueryString = sortQueryStringTmp.substring(1);// 去除第一个多余的&符号
    

    打印上面的 sortQueryString。结果如下:

    AccessKeyId=yourAccessId&Action=SegmentImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=3ed0a494-421e-4979-ab1e-f0e28072795a&SignatureVersion=1.0&Timestamp=2019-10-13T01%3A28%3A40Z&Url=http%3A%2F%2Fvigen-invi-cdn.alibaba.com%2Faliyun-doc%2Fpop%2Fimages%2Fsegment-image-src.jpg&Version=2019-06-25
    

    对应的未URL编码的值(方便用户对比):

    AccessKeyId=yourAccessId&Action=SegmentImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=3ed0a494-421e-4979-ab1e-f0e28072795a&SignatureVersion=1.0&Timestamp=2019-10-13T01:28:40Z&Url=http://vigen-invi-cdn.alibaba.com/aliyun-doc/pop/images/segment-image-src.jpg&Version=2019-06-25
    

    按POP的签名规则拼接成最终的待签名串。规则如下:

    HTTPMethod + “&” + specialUrlEncode(“/”) + ”&” + specialUrlEncode(sortedQueryString)
    

    参考代码如下:

    StringBuilder stringToSign = new StringBuilder();
    stringToSign.append("GET").append("&");
    stringToSign.append(specialUrlEncode("/")).append("&");
    stringToSign.append(specialUrlEncode(sortedQueryString));
    

    这就完成了待签名的请求字符串。打印结果如下:

    POST&%2F&AccessKeyId%3DyourAccessId%26Action%3DSegmentImage%26Format%3DJSON%26RegionId%3Dcn-shanghai%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D39720f7f-373c-4b7c-9ec8-520fdc51741f%26SignatureVersion%3D1.0%26Timestamp%3D2019-10-13T02%253A15%253A41Z%26Url%3Dhttp%253A%252F%252Fvigen-invi-cdn.alibaba.com%252Faliyun-doc%252Fpop%252Fimages%252Fsegment-image-src.jpg%26Version%3D2019-06-25
    
    1. 签名

    签名采用HmacSHA1算法 + Base64,编码采用UTF-8。参考代码如下:

    String sign = sign(accessSecret + "&", stringToSign.toString());
    public static String sign(String accessSecret, String stringToSign) throws Exception {
        javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
        mac.init(new javax.crypto.spec.SecretKeySpec(accessSecret.getBytes("UTF-8"), "HmacSHA1"));
        byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
        return new sun.misc.BASE64Encoder().encode(signData);
    }
    

    参数说明:

    accessSecret:你的AccessKeyId对应的秘钥AccessSecret,特别说明:POP要求需要后面多加一个“&”字符,即accessSecret + “&”
    stringToSign:即第三步生成的待签名请求串
    

    签名后的结果打印如下:

    sEl89yBxH69oSz52bM0S7rLc0vM=
    
    1. 增加签名结果到请求参数中,发送请求

    说明 签名也要做特殊URL编码。

    String Signature = specialUrlEncode(sign);// sEl89yBxH69oSz52bM0S7rLc0vM%3D
    

    最终完整的POST请求HTTP为:

    http://ivpd.cn-shanghai.aliyuncs.com/?Signature=sEl89yBxH69oSz52bM0S7rLc0vM%3D&AccessKeyId=yourAccessId&Action=SegmentImage&Format=JSON&RegionId=cn-shanghai&SignatureMethod=HMAC-SHA1&SignatureNonce=39720f7f-373c-4b7c-9ec8-520fdc51741f&SignatureVersion=1.0&Timestamp=2019-10-13T02%3A15%3A41Z&Url=http%3A%2F%2Fvigen-invi-cdn.alibaba.com%2Faliyun-doc%2Fpop%2Fimages%2Fsegment-image-src.jpg&Version=2019-06-25
    

    最后发起请求示例:

    ](http://public-vigen-invi-zb.oss-cn-zhangjiakou.aliyuncs.com/aliyun-doc/pop/images/HTTP-REST-DOC.jpg

    JAVA示例

    完整的Java签名Demo代码:

    package com.aliyun.aic.demo;
    import java.util.HashMap;
    import java.util.Map;
    public class SignDemo {
        static final String API_HTTP_METHOD = "POST";
        static final String API_VERSION = "2019-06-25";
        static final java.text.SimpleDateFormat DF = new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        public static void main(String[] args) throws Exception {
            String accessKeyId = "yourAccessId";
            String accessSecret = "yourAccessSecret";
            DF.setTimeZone(new java.util.SimpleTimeZone(0, "GMT"));// 这里一定要设置GMT时区
            Map<String, String> params = new HashMap<>();//业务参数名字是大驼峰
            params.put("Url", "http://vigen-invi-cdn.alibaba.com/aliyun-doc/pop/images/segment-image-src.jpg");
            String action = "SegmentImage";
            execute(action, accessKeyId, accessSecret, params);
        }
        public static void execute(String action, String accessKeyId, String accessSecret, Map<String, String> bizParams) throws Exception {
            java.util.Map<String, String> paras = new java.util.HashMap<String, String>();
            // 1. 系统参数
            paras.put("SignatureMethod", "HMAC-SHA1");
            paras.put("SignatureNonce", java.util.UUID.randomUUID().toString());//防止重放攻击
            paras.put("AccessKeyId", accessKeyId);
            paras.put("SignatureVersion", "1.0");
            paras.put("Timestamp", DF.format(new java.util.Date()));
            paras.put("Format", "JSON");
            // 2. 业务API参数
            paras.put("RegionId", "cn-shanghai");
            paras.put("Version", API_VERSION);
            paras.put("Action", action);
            if (bizParams != null && !bizParams.isEmpty()) {
                paras.putAll(bizParams);
            }
            // 3. 去除签名关键字Key
            if (paras.containsKey("Signature")) {
                paras.remove("Signature");
            }
            // 4. 参数KEY排序
            java.util.TreeMap<String, String> sortParas = new java.util.TreeMap<String, String>();
            sortParas.putAll(paras);
            // 5. 构造待签名的字符串
            java.util.Iterator<String> it = sortParas.keySet().iterator();
            StringBuilder sortQueryStringTmp = new StringBuilder();
            while (it.hasNext()) {
                String key = it.next();
                sortQueryStringTmp.append("&").append(specialUrlEncode(key)).append("=").append(specialUrlEncode(paras.get(key)));
            }
            String sortedQueryString = sortQueryStringTmp.substring(1);// 去除第一个多余的&符号
            StringBuilder stringToSign = new StringBuilder();
            stringToSign.append(API_HTTP_METHOD).append("&");
            stringToSign.append(specialUrlEncode("/")).append("&");
            stringToSign.append(specialUrlEncode(sortedQueryString));
            String sign = sign(accessSecret + "&", stringToSign.toString());
            // 6. 签名最后也要做特殊URL编码
            String signature = specialUrlEncode(sign);
            System.out.println(paras.get("SignatureNonce"));
            System.out.println("\r\n=========\r\n");
            System.out.println(paras.get("Timestamp"));
            System.out.println("\r\n=========\r\n");
            System.out.println(sortedQueryString);
            System.out.println("\r\n=========\r\n");
            System.out.println(stringToSign.toString());
            System.out.println("\r\n=========\r\n");
            System.out.println(sign);
            System.out.println("\r\n=========\r\n");
            System.out.println(signature);
            System.out.println("\r\n=========\r\n");
            // 最终打印出合法请求的URL
            System.out.println("http://ivpd.cn-shanghai.aliyuncs.com/?Signature=" + signature + sortQueryStringTmp);
        }
        public static String specialUrlEncode(String value) throws Exception {
            return java.net.URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
        }
        public static String sign(String accessSecret, String stringToSign) throws Exception {
            javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
            mac.init(new javax.crypto.spec.SecretKeySpec(accessSecret.getBytes("UTF-8"), "HmacSHA1"));
            byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
            return new sun.misc.BASE64Encoder().encode(signData);
        }
    }
    
    2020-03-27 10:13:56
    赞同 展开评论 打赏
问答分类:
问答地址:
问答排行榜
最热
最新

相关电子书

更多
智能媒体生产,用技术释放数字传媒内容生产力 立即下载
数据智能时代,语音交互将是第一爆发领域 立即下载
你好,Pal——阿里智能全新语音交互解决方案 立即下载