Maison > Article > base de données > amazon s3 的用户验证 access
amazon s3的用户验证方式是一种对称加密方式,下面介绍此加密方式。 请求的构造 请求元素: AWS Access Key Id:其实就是常见的用户名,用来区分用户的。 Signature:签名,使用私钥计算后得出。 Timestamp:时间戳 Date:时间,为每一个请求设置一个过期时间
amazon s3的用户验证方式是一种对称加密方式,下面介绍此加密方式。
1 构建http请求。
2 使用请求内容(request_str) 和 secret-key计算签名(signature)。
3 发送请求到aws服务器。
4 Amazon S3 根据发送的access-key得到对应的secret-key。
5 Amazon S3 使用同样的算法将请求内容(request_str) 和 secret-key一起计算签名(signature)!和步骤2一样。
6 对比用户发送的签名和Amazon S3计算的签名,判断是否合法。
Authorization = <span>"</span><span>AWS</span><span>"</span> + <span>"</span> <span>"</span> + AWSAccessKeyId + <span>"</span><span>:</span><span>"</span> +<span> Signature; Signature </span>= Base64( HMAC-SHA1( UTF-8-Encoding-<span>Of( YourSecretAccessKeyID, StringToSign ) ) ); StringToSign </span>= HTTP-Verb + <span>"</span><span>\n</span><span>"</span> +<span> Content</span>-MD5 + <span>"</span><span>\n</span><span>"</span> +<span> Content</span>-Type + <span>"</span><span>\n</span><span>"</span> +<span> Date </span>+ <span>"</span><span>\n</span><span>"</span> +<span> CanonicalizedAmzHeaders </span>+<span> CanonicalizedResource; CanonicalizedResource </span>= [ <span>"</span><span>/</span><span>"</span> + Bucket ] + <http-request-uri>from the protocol name up to the query string> +<span> [ sub</span>-resource, <span>if</span> present. For example <span>"</span><span>?acl</span><span>"</span>, <span>"</span><span>?location</span><span>"</span>, <span>"</span><span>?logging</span><span>"</span>, <span>or</span> <span>"</span><span>?torrent</span><span>"</span><span>]; CanonicalizedAmzHeaders </span>= <described below></described></http-request-uri>
假设:
AWSAccessKeyId: AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
假设我们需要发送下面这样的请求:
DELETE /puppy.jpg HTTP/1.1<span> User-Agent: dotnet Host: mybucket</span>.s3.amazonaws.<span>com </span><span>Date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span> x-amz-</span><span>date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span> Authorization: AWS AKIAIOSFODNN7EXAMPLE</span><span>:k3nL7gH3</span>+PadhTEVn5EXAMPLE
1. 构建除Authorization之外的其他字段。
DELETE /puppy.jpg HTTP/1.1<span> User-Agent: dotnet Host: mybucket</span>.s3.amazonaws.<span>com </span><span>Date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span> x-amz-</span><span>date</span>: Tue, 15 Jan 2008 21:20:27 +0000
2. 提取request_str: