更新时间:2023-12-21 GMT+08:00
分享

aksk鉴权

在请求接口时,通过accessKeyId和accessKeySecret对请求进行签名,实现对用户身份的验证。其中accessKeyId是访问密钥ID,accessKeySecret是密钥。使用accessKeyId和accessKeySecret进行签名,在请求时将签名信息添加到消息头,从而通过身份认证。

请求时header中会增加如下参数:

名称

样例

说明

Content-Type

application/json

方法

x-connector-signature-timestamp

1694145291981

时间戳

x-connector-signature

******

签名,由下列签名算法计算

x-connector-accesskeyid

******

ak

签名算法如下:

 /**
     * 获取aksk签名
      *
      * @param accessKeyId     ak
      * @param accessKeySecret sk
      * @param timestamp       时间戳
      * @param httpMethod      GET/POST
      * @param url             请求url,不带域名端口,不带参数,以/开头不以/结尾
      * @return 签名串
      */
     public static String signByAKSK(String accessKeyId, String accessKeySecret, long timestamp, String httpMethod, String url) {
         String sign = null;
         try {
             Charset charset = StandardCharsets.UTF_8;
             URI uri = new URI(url);
             String path = uri.getPath();
             if (StringUtils.endsWith(path, "/")) {
                 path = StringUtils.removeEnd(path, "/");
             }
             Mac mac = Mac.getInstance("HmacSHA256");
             SecretKeySpec key = new SecretKeySpec(accessKeySecret.getBytes(charset), "HmacSHA256");
             mac.init(key);
             String signStr = accessKeyId + timestamp + httpMethod.toUpperCase(Locale.ENGLISH) + path;
             sign = Base64.getEncoder().encodeToString(mac.doFinal(signStr.getBytes(charset)));
         } catch (Exception e) {
             log.error("signByAKSK fail.", e);
         }
         return sign;
     }

相关文档