用户签名验证_对象存储服务 OBS_API参考_如何调用API_认证鉴权

签名计算

1. 构造HTTP消息

PUT /object HTTP/1.1

Host: bucket.obs.cn-north-4.myhuaweicloud.com

Date: Tue, 04 Jun 2019 06:54:59 GMT

Content-Type: text/plain

Content-Length: 5913

2. 按照签名规则计算StringToSign

StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedHeaders + CanonicalizedResource

3. 准备AK和SK

AK: ******

SK: ******

4. 计算签名Signature

Signature = Base64( HMAC-SHA1( SecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) )

5. 添加签名头域发送到OBS服务

PUT /object HTTP/1.1

Host: bucket.obs.cn-north-4.myhuaweicloud.com

Date: Tue, 04 Jun 2019 06:54:59 GMT

Content-Type: text/plain

Content-Length: 5913

Authorization: OBS AccessKeyID:Signature

签名验证

6. 接收HTTP消息

PUT /object HTTP/1.1

Host: bucket.obs.cn-north-4.myhuaweicloud.com

Date: Tue, 04 Jun 2019 06:54:59 GMT

Content-Type: text/plain

Content-Length: 5913

Authorization: OBS AccessKeyID:Signature

7. 根据请求中的AK获取SK

从头域Authorization中取出AK，去IAM取回用户的SK

8. 按照签名规则计算StringToSign

StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedHeaders + CanonicalizedResource

9. 计算签名Signature

Signature = Base64( HMAC-SHA1( SecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) )

10. 验证签名

验证头域Authorization中的Signature与服务端计算的Signature是否相等

相等：签名验证通过

不相等：签名验证失败