aliyun Rest ful api V3版本身份验证构造

aliyun Rest ful api V3版本身份验证构造

参考官网https://help.aliyun.com/zh/sdk/product-overview/v3-request-structure-and-signature?spm=a2c4g.11186623.0.0.787951e7lHcjZb
构造代码 :使用GET请求进行构造,算法使用sha256 使用postman进行验证

代码如下,linux环境运行,先安装openssl库:

cpp 复制代码
#include <iostream>
#include <sstream>
#include <iomanip>
#include <cstring>
#include <random>
#include <chrono>
#include <cctype>
#include <iomanip>
#include <openssl/hmac.h>
#include <openssl/sha.h>
// HMAC-SHA256 calculation using OpenSSL library
//build,在Linux下编译 :  g++ -o a.out awsSignature.cpp -std=c++11 -lssl -lcrypto
std::string HMAC_SHA256(const std::string& key, const std::string& data) {
    unsigned char result[EVP_MAX_MD_SIZE];
    unsigned int result_len;

    HMAC(EVP_sha256(), key.c_str(), key.length(),
         reinterpret_cast<const unsigned char*>(data.c_str()), data.length(),
         result, &result_len);

    std::stringstream ss;
    for (unsigned int i = 0; i < result_len; i++) {
        ss << std::hex << std::setw(2) << std::setfill('0') << static_cast<int>(result[i]);
    }

    return ss.str();
}
// AWS Signature Version 4 calculation
std::string CalculateAWSV4Signature(const std::string& secretAccessKey, const std::string& region,
                                    const std::string& service, const std::string& timestamp,
                                    const std::string& payloadHash, const std::string& canonicalRequest) {
    // Step 1: Derive signing key
    std::string kDate = HMAC_SHA256("AWS4" + secretAccessKey, timestamp.substr(0, 8));
    std::string kRegion = HMAC_SHA256(kDate, region);
    std::string kService = HMAC_SHA256(kRegion, service);
    std::string kSigning = HMAC_SHA256(kService, "aws4_request");

    // Step 2: Calculate signature
    std::string stringToSign = "AWS4-HMAC-SHA256\n" + timestamp + "\n" + timestamp.substr(0, 8) +
                               "/" + region + "/" + service + "/aws4_request\n" + HMAC_SHA256(kSigning, canonicalRequest + "\n" + payloadHash);
    std::string signature = HMAC_SHA256(kSigning, stringToSign);

    return signature;
}

std::string calculateHash(const std::string& data) {
    unsigned char hash[SHA256_DIGEST_LENGTH];

    SHA256_CTX sha256;
    SHA256_Init(&sha256);
    SHA256_Update(&sha256, data.c_str(), data.length());
    SHA256_Final(hash, &sha256);

    std::stringstream ss;
    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
        ss << std::hex << std::setw(2) << std::setfill('0') << static_cast<int>(hash[i]);
    }
    return ss.str();
}
std::string CanonicalizeRequest(const std::string& HTTPMethod, const std::string& CanonicalUri, const std::string& CanonicalQueryString, const std::string& CanonicalHeaders, const std::string& SignedHeaders, const std::string& payload)
{
		std::string canonicalize_string= HTTPMethod + "\n" +
		"/"+CanonicalUri + "\n" +
		CanonicalQueryString + "\n" +
		CanonicalHeaders + "\n" +
		SignedHeaders + "\n" +
		payload;
		return canonicalize_string;
}
std::string generateSignatureNonce() {
    // 使用 std::random_device 获取真正的随机数种子
    std::random_device rd;

    // 使用 std::mt19937 作为伪随机数生成器引擎
    std::mt19937 gen(rd());

    // 使用 std::uniform_int_distribution 来生成范围内的随机数
    std::uniform_int_distribution<> dis(0, 999999);

    // 生成随机数
    int nonceValue = dis(gen);

    // 将随机数转换为字符串
    std::ostringstream oss;
    oss << nonceValue;

    return oss.str();
}
std::string GetDate(int t){
	std::chrono::system_clock::time_point now_time = std::chrono::system_clock::now();
	std::time_t now_t = std::chrono::system_clock::to_time_t(now_time);
    std::tm gm_time = *std::gmtime(&now_t);
    char buf[128];
	if(t==1)
		std::strftime(buf, sizeof(buf), "%a, %d %b %Y %H:%M:%S GMT", &gm_time);
	else
	{
		std::strftime(buf, sizeof(buf), "%FT%TZ", &gm_time);
	}
		
	std::string time(buf);
	return time;
}

std::string UrlEncode(std::string& url){
	std::ostringstream encoded;
    encoded << std::hex << std::uppercase << std::setfill('0');

    for (char ch : url) {
        if (std::isalnum(ch) || ch == '-' || ch == '_' || ch == '.' || ch == '~') {
            // 字母数字字符和"- _ ."波浪符号保持不变
            encoded << ch;
        } else {
            // 其他字符进行百分号编码
            encoded << '%' << std::setw(2) << static_cast<int>(static_cast<unsigned char>(ch));
        }
    }

    return encoded.str();
}
int main() {
    // AWS credentials and request details
    std::string accessKeyId = "你们密钥id";
    std::string secretAccessKey = "你的密钥";
    std::string region = "cn-shanghai";
    std::string param = "RegionId";
	std::string version="2014-05-26";
    std::string timestamp =GetDate(2);
	std::cout<<"timestamp: "<<timestamp<<std::endl;
    std::string canonicalRequest = "";
	std::string GMTime=GetDate(1);//GMT=1
	std::cout<<"GMTime"<<GMTime<<std::endl;
	//规范化请求构建参数
	std::string signature_nonce=generateSignatureNonce();
	std::cout<<signature_nonce<<std::endl;
	std::string HTTPRequestMethod="GET";
	std::string CanonicalURI ="";
	std::string CanonicalQueryString=UrlEncode(param)+"="+UrlEncode(region);//升序 url编码
	std::string CanonicalHeaders="host:ecs.cn-shanghai.aliyuncs.com\nx-acs-action:DescribeInstances\nx-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-acs-date:"+timestamp+"\nx-acs-signature-nonce:"+signature_nonce+"\nx-acs-version:"+version+"\n";
	std::string SignedHeaders="host;x-acs-action;x-acs-content-sha256;x-acs-date;x-acs-signature-nonce;x-acs-version";
	std::string HashedRequestPayload="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
	//获取规范化请求值
	std::string CanonicalRequestString=CanonicalizeRequest(HTTPRequestMethod,CanonicalURI,CanonicalQueryString,CanonicalHeaders,SignedHeaders,HashedRequestPayload);
	std::cout<<CanonicalRequestString<<std::endl;
	//计算规范化请求的hash值
	std::string hashCanonicalRequest=calculateHash(CanonicalRequestString);
	std::string StringToSign="ACS3-HMAC-SHA256\n"+hashCanonicalRequest;

	//. 计算signature
	std::string signature = HMAC_SHA256(secretAccessKey,StringToSign);
    std::cout << "signature: " << signature << std::endl;
    return 0;
}

然后打开postman:

将算出来的信息在这里赋值,包含唯一随机数、时间、还有signature

然后 over

相关推荐
学Linux的语莫35 分钟前
linux中,redis分布式集群搭建
linux·redis·分布式·mysql
ppo_wu1 小时前
Ubuntu 24.04.1 LTS 配置静态固定IP地址
linux·tcp/ip·ubuntu·运维开发
真想骂*1 小时前
如何在Linux上配置SSH密钥以实现免密登录
linux·运维·ssh
心灵彼岸-诗和远方2 小时前
DevOps工程技术价值流:Ansible自动化与Semaphore集成
linux·运维·网络·软件工程·devops
m0_748251522 小时前
Linux(CentOS)安装 MySQL
linux·mysql·centos
爱写代码的小白.2 小时前
RustDesk内置ID服务器,Key教程
linux·运维·服务器
朝九晚五ฺ3 小时前
【Linux探索学习】第二十四弹——软硬链接:Linux 中的软链接与硬链接详解
linux·运维·chrome·学习
HaoHao_0103 小时前
云原生大数据计算服务 MaxCompute
阿里云·云计算·云服务器
Hacker_Nightrain4 小时前
linux 网络安全不完全笔记
linux·笔记·web安全
一入程序无退路4 小时前
c语言传参数路径太长,导致无法获取参数
linux·c语言·数据库