Verifying the Token Signature on the Sharing Page
The token parameter signature verification function can be used to authenticate the signature of the URL transferred during large-screen interaction. This ensures that the URL access link of the large screen is not tampered with, improving the security of large-screen data and user information.
Prerequisites
Before using the token signature verification function, ensure that the following conditions are met:
- A large screen page is released in token verification mode.
- On the large screen page, parameters are passed via URL in GET mode, and the URL must include the _dmax_signature and _dmax_time parameters.
- The large screen page URL is not tampered with.
Context
If the token signature verification function is enabled, the system returns the token used to generate a signature, for example, token=j5TZLK1DQ*****Ntquo/ErqonR0=. The token used to generate a signature cannot be disclosed.
Assume that a user system is embedded with the large screen page. The token is used to calculate the signature. The final sharing page link is as follows (if the sharing link is tampered with, the page cannot be accessed):
https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe?_dmax_time=1669621495545&name=cloud&age=36&dept=cloud&_dmax_signature=DVX7Qy******o5rs%3D
Where,
- _dmax_time=1669621495545: timestamp generated for the user sharing link on the large screen page. If the validity period setting is enabled, the value of _dmax_time must be smaller than the validity period value. The unit is millisecond timestamp.
- _dmax_signature=DVX7Qy******o5rs%3D: signature calculated by the token based on the URL, which is used for identity authentication.
- name=cloud&age=36&dept=cloud: user-defined extended parameter.
Sharing URL Signature Description
Token signature verification is a signature calculated based on the entire URL. In the preceding information, _dmax_time indicates the timestamp when the signature is generated. (The parameter value can be customized. The default value is the time when the signature is calculated.) _dmax_signature is the signature calculated based on the URL.
During signature calculation, parameters are sorted by key in ascending order, and multiple parameter values with the same key are combined.
For example, the URL used to calculate the signature is entered as follows:
https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe?_dmax_time=1669621495545&name=cloud&age=35&dept=cloud&age=36
After parameters are sorted and the same parameters (for example, age) are combined, the obtained URL for calculation is as follows:
https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe?_dmax_time=1669621495545&age=35,36&dept=cloud&name=cloud
Example Code for URL Signature Calculation
The following uses Java code as an example to describe how to calculate the URL signature:
private String getSignature(String uri, TreeMap<String, String[]> parameterMap, String token) {
List<String> parameterList = parameterMap.entrySet()
.stream()
.map(entry -> entry.getKey() + "=" + String.join(",", entry.getValue()))
.collect(Collectors.toList()); // Sort the parameters.
String sortParams = String.join("&", parameterList); // Re-combine the parameters.
String usedSigUrl = String.join("?", new String[] {uri, sortParams});
String signature = Objects.requireNonNull(
HMACSHA256(usedSigUrl.getBytes(StandardCharsets.UTF_8), token.getBytes(StandardCharsets.UTF_8)));
return signature;
}
private String HMACSHA256(byte[] data, byte[] key) {
try {
SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA256");
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(signingKey);
return URLEncoder.encode(byte2Base64(mac.doFinal(data)), StandardCharsets.UTF_8.name());
} catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException e) {
e.printStackTrace();
}
return "";
}
private String byte2Base64(byte[] bytes) {
return Base64.encodeBase64String(bytes);
}
public void getSignatureUrl() {
String cusUrl = "https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe?name=cloud&age=36&dept=cloud"; // URL signature to be calculated
String uri = "https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe"; // uri
String token = "xxxx"; // Page sharing authentication token
String timestamp = String.valueOf(new Date().getTime()); // Timestamp
TreeMap<String, String[]> parameterMap = new TreeMap<>(); // Parameter set
parameterMap.put("name", new String[] {"cloud"});
parameterMap.put("age", new String[] {"36"});
parameterMap.put("dept", new String[] {"cloud"});
parameterMap.put("_dmax_time", new String[] {timestamp});
String signature = getSignature(uri, parameterMap, token);
String inputUrl = cusUrl + "&" + "_dmax_time=" + timestamp; // Add the timestamp parameter to the sharing link URL.
System.out.println(String.join("&", inputUrl, "_dmax_signature=" + signature)); // Print the output.
}
Based on the preceding code example, the shared link of the accessible signature is as follows:
https://7a307******22a2a.canvas.cn-north-4.hwastro.cn/magno/render/share/1948907d2cb-******-3d2bcf7478fe?name=cloud&age=36&dept=cloud&_dmax_time=1669639799495&_dmax_signature=2Lbxef1HvbIx4kd9pBjmHswAa******xlBu3o9M%3D
Within the validity period of the URL, if the URL is tampered with, the link cannot be accessed.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
