com.qcloud.cos.auth.COSSigner Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of cos_api Show documentation
Show all versions of cos_api Show documentation
qcloud cos sdk for inner tencentyun
The newest version!
package com.qcloud.cos.auth;
import static com.qcloud.cos.auth.COSSignerConstants.LINE_SEPARATOR;
import static com.qcloud.cos.auth.COSSignerConstants.Q_AK;
import static com.qcloud.cos.auth.COSSignerConstants.Q_HEADER_LIST;
import static com.qcloud.cos.auth.COSSignerConstants.Q_KEY_TIME;
import static com.qcloud.cos.auth.COSSignerConstants.Q_SIGNATURE;
import static com.qcloud.cos.auth.COSSignerConstants.Q_SIGN_ALGORITHM_KEY;
import static com.qcloud.cos.auth.COSSignerConstants.Q_SIGN_ALGORITHM_VALUE;
import static com.qcloud.cos.auth.COSSignerConstants.Q_SIGN_TIME;
import static com.qcloud.cos.auth.COSSignerConstants.Q_URL_PARAM_LIST;
import static com.qcloud.cos.auth.COSSignerConstants.SIGN_EXPIRED_TIME;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.HmacUtils;
import com.qcloud.cos.Headers;
import com.qcloud.cos.http.CosHttpRequest;
import com.qcloud.cos.http.HttpMethodName;
import com.qcloud.cos.internal.CosServiceRequest;
import com.qcloud.cos.utils.UrlEncoderUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class COSSigner {
private static final Logger logger = LoggerFactory.getLogger(COSSigner.class);
private long signExpiredTime = SIGN_EXPIRED_TIME;
// 获取签名有效期
public long getSignExpiredTime() {
return signExpiredTime;
}
// 设置签名有效期,单位为秒, 默认3600秒
public void setSignExpiredTime(long signExpiredTime) {
this.signExpiredTime = signExpiredTime;
}
private boolean isAnonymous(COSCredentials cred) {
return cred instanceof AnonymousCOSCredentials;
}
public void sign(CosHttpRequest request, COSCredentials cred) {
if (isAnonymous(cred)) {
return;
}
String authoriationStr = buildAuthorizationStr(request.getHttpMethod(),
request.getResourcePath(), request.getHeaders(), request.getParameters(), cred);
request.addHeader(Headers.COS_AUTHORIZATION, authoriationStr);
if (cred instanceof COSSessionCredentials) {
request.addHeader(Headers.SECURITY_TOKEN, ((COSSessionCredentials) cred).getSessionToken());
}
}
public String buildAuthorizationStr(HttpMethodName methodName, String resouce_path,
COSCredentials cred) {
return buildAuthorizationStr(methodName, resouce_path, new HashMap(),
new HashMap(), cred);
}
public String buildAuthorizationStr(HttpMethodName methodName, String resouce_path,
Map headerMap, Map paramMap, COSCredentials cred) {
Map signHeaders = buildSignHeaders(headerMap);
// 签名中的参数和http 头部 都要进行字符串排序
TreeMap sortedSignHeaders = new TreeMap<>();
TreeMap sortedParams = new TreeMap<>();
sortedSignHeaders.putAll(signHeaders);
sortedParams.putAll(paramMap);
String qHeaderListStr = buildSignMemberStr(sortedSignHeaders);
String qUrlParamListStr = buildSignMemberStr(sortedParams);
String qKeyTimeStr, qSignTimeStr;
qKeyTimeStr = qSignTimeStr = buildTimeStr();
String signKey = HmacUtils.hmacSha1Hex(cred.getCOSSecretKey(), qKeyTimeStr);
String formatMethod = methodName.toString().toLowerCase();
String formatUri = resouce_path;
String formatParameters = formatMapToStr(sortedParams);
String formatHeaders = formatMapToStr(sortedSignHeaders);
String formatStr = new StringBuilder().append(formatMethod).append(LINE_SEPARATOR)
.append(formatUri).append(LINE_SEPARATOR).append(formatParameters)
.append(LINE_SEPARATOR).append(formatHeaders).append(LINE_SEPARATOR).toString();
logger.debug("formatStr = \n{}", formatStr);
String hashFormatStr = DigestUtils.sha1Hex(formatStr);
String stringToSign = new StringBuilder().append(Q_SIGN_ALGORITHM_VALUE)
.append(LINE_SEPARATOR).append(qSignTimeStr).append(LINE_SEPARATOR)
.append(hashFormatStr).append(LINE_SEPARATOR).toString();
logger.debug("stringToSign = \n{}", stringToSign);
String signature = HmacUtils.hmacSha1Hex(signKey, stringToSign);
String authoriationStr = new StringBuilder().append(Q_SIGN_ALGORITHM_KEY).append("=")
.append(Q_SIGN_ALGORITHM_VALUE).append("&").append(Q_AK).append("=")
.append(cred.getCOSAccessKeyId()).append("&").append(Q_SIGN_TIME).append("=")
.append(qSignTimeStr).append("&").append(Q_KEY_TIME).append("=").append(qKeyTimeStr)
.append("&").append(Q_HEADER_LIST).append("=").append(qHeaderListStr).append("&")
.append(Q_URL_PARAM_LIST).append("=").append(qUrlParamListStr).append("&")
.append(Q_SIGNATURE).append("=").append(signature).toString();
logger.debug("authoriationStr = \n{}", authoriationStr);
return authoriationStr;
}
private Map buildSignHeaders(Map originHeaders) {
Map signHeaders = new HashMap<>();
for (String key : originHeaders.keySet()) {
if (key.equalsIgnoreCase("host") || key.equalsIgnoreCase("content-type")
|| key.startsWith("x") || key.startsWith("X")) {
String lowerKey = key.toLowerCase();
String value = originHeaders.get(key);
signHeaders.put(lowerKey, value);
}
}
return signHeaders;
}
private String buildSignMemberStr(Map signHeaders) {
StringBuilder strBuilder = new StringBuilder();
boolean seenOne = false;
for (String key : signHeaders.keySet()) {
if (!seenOne) {
seenOne = true;
} else {
strBuilder.append(";");
}
strBuilder.append(key.toLowerCase());
}
return strBuilder.toString();
}
private String formatMapToStr(Map kVMap) {
StringBuilder strBuilder = new StringBuilder();
boolean seeOne = false;
for (String key : kVMap.keySet()) {
String lowerKey = key.toLowerCase();
String encodeKey = UrlEncoderUtils.encode(lowerKey);
String encodedValue = "";
if (kVMap.get(key) != null) {
encodedValue = UrlEncoderUtils.encode(kVMap.get(key));
}
if (!seeOne) {
seeOne = true;
} else {
strBuilder.append("&");
}
strBuilder.append(encodeKey).append("=").append(encodedValue);
}
return strBuilder.toString();
}
private String buildTimeStr() {
StringBuilder strBuilder = new StringBuilder();
long startTime = System.currentTimeMillis() / 1000;
long endTime = startTime + this.signExpiredTime;
strBuilder.append(startTime).append(";").append(endTime);
return strBuilder.toString();
}
}