Home > Database > Mysql Tutorial > amazon s3 的用户验证 access

amazon s3 的用户验证 access

WBOY
Release: 2016-06-07 15:38:47
Original
1330 people have browsed it

amazon s3的用户验证方式是一种对称加密方式,下面介绍此加密方式。 请求的构造 请求元素: AWS Access Key Id:其实就是常见的用户名,用来区分用户的。 Signature:签名,使用私钥计算后得出。 Timestamp:时间戳 Date:时间,为每一个请求设置一个过期时间

amazon  s3的用户验证方式是一种对称加密方式,下面介绍此加密方式。


 请求的构造

  请求元素:

  •   AWS Access Key Id:其实就是常见的用户名,用来区分用户的。
  •   Signature:签名,使用私钥计算后得出。
  •   Timestamp:时间戳
  •   Date:时间,为每一个请求设置一个过期时间。

验证过程

  客户端:经过下面3个步骤

amazon s3 的用户验证 access

1 构建http请求。
2 使用请求内容(request_str) 和 secret-key计算签名(signature)。
3 发送请求到aws服务器。

  aws服务器:经过下面三个步骤

amazon s3 的用户验证 access

4 Amazon S3 根据发送的access-key得到对应的secret-key。
5 Amazon S3 使用同样的算法将请求内容(request_str) 和 secret-key一起计算签名(signature)!和步骤2一样。
6 对比用户发送的签名和Amazon S3计算的签名,判断是否合法。


签名的构造过程

Authorization = <span>"</span><span>AWS</span><span>"</span> + <span>"</span> <span>"</span> + AWSAccessKeyId + <span>"</span><span>:</span><span>"</span> +<span> Signature;
Signature </span>= Base64( HMAC-SHA1( UTF-8-Encoding-<span>Of( YourSecretAccessKeyID,
StringToSign ) ) );
StringToSign </span>= HTTP-Verb + <span>"</span><span>\n</span><span>"</span> +<span>
 Content</span>-MD5 + <span>"</span><span>\n</span><span>"</span> +<span>
 Content</span>-Type + <span>"</span><span>\n</span><span>"</span> +<span>
 Date </span>+ <span>"</span><span>\n</span><span>"</span> +<span>
 CanonicalizedAmzHeaders </span>+<span>
 CanonicalizedResource;
CanonicalizedResource </span>= [ <span>"</span><span>/</span><span>"</span> + Bucket ] +
 <http-request-uri>from the protocol name up to the query string> +<span>
 [ sub</span>-resource, <span>if</span> present. For example <span>"</span><span>?acl</span><span>"</span>, <span>"</span><span>?location</span><span>"</span>, <span>"</span><span>?logging</span><span>"</span>, <span>or</span>
<span>"</span><span>?torrent</span><span>"</span><span>];
CanonicalizedAmzHeaders </span>= <described below></described></http-request-uri>
Copy after login

  

 

 

Example

客户端

假设:

AWSAccessKeyId: AKIAIOSFODNN7EXAMPLE
AWSSecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

假设我们需要发送下面这样的请求:

DELETE /puppy.jpg HTTP/1.1<span>
User-Agent: dotnet
Host: mybucket</span>.s3.amazonaws.<span>com
</span><span>Date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span>
x-amz-</span><span>date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span>
Authorization: AWS AKIAIOSFODNN7EXAMPLE</span><span>:k3nL7gH3</span>+PadhTEVn5EXAMPLE
Copy after login

1. 构建除Authorization之外的其他字段。

DELETE /puppy.jpg HTTP/1.1<span>
User-Agent: dotnet
Host: mybucket</span>.s3.amazonaws.<span>com
</span><span>Date</span>: Tue, 15 Jan 2008 21:20:27 +0000<span>
x-amz-</span><span>date</span>: Tue, 15 Jan 2008 21:20:27 +0000
Copy after login

2. 提取request_str:

 

 

服务端

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template