金山云api签名(go语言)

Rainbowhhy · · 1486 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

1.前言

云计算是当下非常流行的技术,各互联网公司基本上都在使用着不同云厂商的资源。我们要查看或者操作购买的云计算资源,一般都通过控制台登录直接操作。但是如果我们要批量操作资源,或者是开发自己的平台调用资源,那么我们该怎么办呢?其实各云计算厂家都提供了资源操作的接口,api和sdk。其中,api接口需要我们自行实现接口的签名认证,再调用厂商的各种方法,然后二次开发;sdk是厂商已经封装好的操作接口,我们可以直接调用,再在此基础上做开发。

2.代码实现

本文主要用go语言实现了金山云的api签名,并使用生成的签名调用金山云提供的DescribeInstance查看云主机的详细信息。

package main

import (
    "bytes"
    "crypto/hmac"
    "crypto/sha256"
    "encoding/json"
    "fmt"
    "io/ioutil"
    "net/http"
    "net/url"
    "strings"
    "time"
)

func sign(key []byte, msg string) []byte {
    h := hmac.New(sha256.New, key)
    h.Write([]byte(msg))
    return h.Sum(nil)
}

func get_signature_key(key string, dateStamp string, regionName string, serviceName string) []byte {
    kDate := sign([]byte("AWS4"+key), dateStamp)
    kRegion := sign(kDate, regionName)
    kService := sign(kRegion, serviceName)
    kSigning := sign(kService, "aws4_request")
    return kSigning
}

func get_auth(access_key, secret_key, action, version, host, method, region, service string,
    req_params map[string]interface{}) (int, string, string) {
    var request_parameters string
    endpoint := "http://" + host
    params := url.Values{}
    params.Add("Action", action)
    params.Add("Version", version)
    if req_params != nil {
        for key := range req_params {
            v := fmt.Sprintf("%v", req_params[key])
            params.Add(key, v)
        }
    }
    request_parameters += params.Encode()
    if access_key == "" || secret_key == "" {
        fmt.Println("No access key is available.")
        return 400, "", ""
    }
    t := time.Now().UTC()
    amzdate := t.Format("20060102T150405Z")
    datestamp := t.Format("20060102")

    canonical_uri := "/"

    canonical_querystring := request_parameters

    canonical_headers := "content-type:application/json" + "\n" + "host:" + host + "\n" + "x-amz-date:" + amzdate + "\n"

    signed_headers := "content-type;host;x-amz-date"

    h := sha256.New()
    h.Write([]byte(""))
    payload_hash := fmt.Sprintf("%x", h.Sum(nil))

    canonical_request := method + "\n" + canonical_uri + "\n" + canonical_querystring + "\n" + canonical_headers + "\n" + signed_headers + "\n" + payload_hash

    algorithm := "AWS4-HMAC-SHA256"
    credential_scope := datestamp + "/" + region + "/" + service + "/" + "aws4_request"
    ha := sha256.New()

    ha.Write([]byte(canonical_request))
    hash := fmt.Sprintf("%x", ha.Sum(nil))
    string_to_sign := algorithm + "\n" + amzdate + "\n" + credential_scope + "\n" + hash

    signing_key := get_signature_key(secret_key, datestamp, region, service)

    s := hmac.New(sha256.New, signing_key)
    s.Write([]byte(string_to_sign))
    signature := fmt.Sprintf("%x", s.Sum(nil))

    authorization_header := algorithm + " " + "Credential=" + access_key + "/" + credential_scope + ", " + "SignedHeaders=" + signed_headers + ", " + "Signature=" + signature

    request_url := endpoint + "?" + canonical_querystring

    return 200, authorization_header, request_url
}

func Request(access_key, secret_key, action, version, host, method, region, service string,
    req_params map[string]interface{}) (int, string) {
    t := time.Now().UTC()
    amzdate := t.Format("20060102T150405Z")

    code, authorization_header, request_url := get_auth(access_key, secret_key, action, version, host, method, region, service,
        req_params)
    if code != 200 {
        fmt.Println("auth error!")
        return code, ""
    }
    client := &http.Client{}
    req, _ := http.NewRequest(method, request_url, strings.NewReader(""))
    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("X-Amz-Date", amzdate)
    req.Header.Set("Authorization", authorization_header)
    req.Header.Set("Accept", "application/json")
    resp, _ := client.Do(req)
    defer resp.Body.Close()
    body, _ := ioutil.ReadAll(resp.Body)
    code = resp.StatusCode

    return code, string(body)
}

func main() {
    ak := "your ak"
    sk := "your sk"
    region := "cn-beijing-6"
    action := "DescribeInstances"
    version := "2016-03-04"
    host := "kec.api.ksyun.com"
    methods := "GET"
    service := "kec"
    var req_params map[string]interface{}
    code, text := Request(ak, sk, action, version, host, methods, region, service, req_params)
    if code != 200 {
        fmt.Println("describe kec error!")

    }
    var str bytes.Buffer
    json.Indent(&str, []byte(text), "", " ")
    fmt.Println(str.String())
}

有疑问加站长微信联系(非本文作者)

本文来自:51CTO博客

感谢作者:Rainbowhhy

查看原文:金山云api签名(go语言)

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

1486 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传