如何翻译AWS任务1:为签名版本4

时间:2016-04-30 02:57:41

标签: amazon-web-services coldfusion coldfusion-11

免责声明:这是一个“操作方法”,因为我在实施AWS签名版本4时无法找到任何CF示例

如何在CF中实施Task 1: Create a Canonical Request for Signature Version 4

要点:

  1. 从HTTP请求方法(GET,PUT,POST等)开始,然后是换行符。
  2. 添加规范URI参数,后跟换行符。
  3. 添加规范查询字符串,后跟换行符
  4. 添加规范标题,然后添加换行符。
  5. 添加已签名的标头,后跟换行符。
  6. 使用SHA256之类的散列(摘要)函数从请求正文中的有效负载创建散列值
  7. 通过将每个步骤中的组件组合为单个字符串来构造完成的规范请求。
  8. 使用用于散列有效负载的相同算法创建规范请求的摘要(哈希)。

1 个答案:

答案 0 :(得分:5)

以下是Task 1: Create a Canonical Request for Signature Version 4

的cfscript实现

<强>结果: 

f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

<强>代码:

  1. 从HTTP请求方法开始(GET,PUT,POST等)

    requestMethod = "GET";
writeOutput("<br>requestMethod: <code>"& requestMethod &"</code>");

  2. 添加(编码的)规范URI参数,后跟换行符。 

    originalURI = "";
// If the absolute path is empty, use a forward slash (/)
originalURI  = len(trim(originalURI)) ? originalURI : "/"& originalURI;
// Encode URI and preserve forward slashes 
canonicalURI = replace( encodeRFC3986( originalURI ), "%2F", "/", "all");
writeOutput("<br>canonicalURI: <code>"& canonicalURI &"</code>");

  3. 添加规范查询字符串,后跟换行符字符

    queryParams = { "Action"="ListUsers", "Version"="2010-05-08" };

// a) Encode parameter names and values 
encodedParams = {};
structEach( queryParams, function(key, value) {
    encodedParams[ encodeRFC3986(arguments.key) ] = encodeRFC3986( arguments.value);
});

// b) Sort the encoded parameter in ascending order (ASCII order)
encodedKeyNames = structKeyArray( encodedParams );
arraySort( encodedKeyNames, "text" );

// c) Build the canonical query string. Starting with first parameter, append encoded 
// parameter name, followed by character '=' (ASCII code 61), followed by the encoded value
encodedPairs  = [];
for (key in encodedKeyNames) {
    arrayAppend( encodedPairs, key &"="& encodedParams[ key ] ); 
}
// d) Append the character '&' (ASCII code 38) after each parameter value, except for the last value in the list. 
canonicalQueryString = arrayToList( encodedPairs, "&");
writeOutput("<br>canonicalQueryString: <code>"& canonicalQueryString &"</code>");

  4. 添加规范标题,后跟换行符。 

    requestHeaders = { "Content-type"= "application/x-www-form-urlencoded; charset=utf-8"
                    , "Host" = "iam.amazonaws.com"
                    , "X-Amz-Date" = "20150830T123600Z"
                };

// a) Convert all header names to lowercase and remove leading spaces and trailing spaces. 
// Convert sequential spaces in the header value to a single space.         
cleanedHeaders = {};
structEach( requestHeaders, function(key, value) {
    headerName = reReplace( trim(arguments.key), "\s+", " ", "all");
    headerValue = reReplace( trim(arguments.value), "\s+", " ", "all");
    cleanedHeaders[ lcase(headerName) ] = headerValue;
});

// b) [sort] the (lowercase) headers by character code
sortedHeaderNames = structKeyArray( cleanedHeaders );
arraySort( sortedHeaderNames, "text" );

// c) Append the lowercase header name followed by a colon.
// Do not sort the values in headers that have multiple values.
cleanedPairs  = [];
for (key in sortedHeaderNames) {
    arrayAppend( cleanedPairs, key &":"& cleanedHeaders[ key ] ); 
}

// d) Append new line after each header pair. Should END WITH a new line
canonicalHeaderString = arrayToList( cleanedPairs, chr(10) ) & chr(10) ;
writeOutput("<br> canonicalHeaderString: <code>"& canonicalHeaderString &"</code>");

  5. 添加已签名的标题,后跟换行符<

    // To create the signed headers list, convert all header names to lowercase, 
// sort them by character code, and use a semicolon to separate the header names. 
// Note, we already have the sorted names from the canonical header logic (step 4)
signedHeaderString = arrayToList( sortedHeaderNames, ";" );
writeOutput("<br>signedHeaderString: <code>"& signedHeaderString &"</code>");

  6. 在http / https请求的正文中创建有效负载的散列

    requestPayload = "";
payloadChecksum = lcase( hash( requestPayload , "SHA256" ) );
writeOutput("<br>payloadChecksum: <code>"& payloadChecksum &"</code>");

  7. 通过将每个步骤中的组件组合为单个字符串来构造规范请求

    canonicalRequest = requestMethod & chr(10)
                    & canonicalURI & chr(10)
                    & canonicalQueryString & chr(10)
                    & canonicalHeaderString & chr(10)
                    & signedHeaderString & chr(10)
                    & payloadChecksum ;

writeOutput("<br>canonicalRequest: <pre>"& canonicalRequest &"</pre>");

  8. 使用用于散列有效负载的相同算法创建规范请求的摘要(哈希)

    requestDigest = lcase( hash( canonicalRequest , "SHA256" ) );
writeOutput("<br>requestDigest: <code>"& requestDigest &"</code>");

    9. UDF encodeRFC3986: 

        /**
    * URI encoding per RFC 3986:
    *  <ul>
    *     <li>Unreserved characters that should not be escaped: ALPHA / DIGIT / "-" / "." / "_" / "~" </li>
    *     <li>Spaces should be encoded as %20 instead of +</li>
    *     <li>Reserved characters that should be escaped include:   ? ## [ ] @ ! $ & ' ( ) * + , ; =</li>
    *  </ul>
    *  
    * @text String to encode
    * @returns URI encoded text
    */
    public function encodeRFC3986(required string text) {
        // Requires CF10+
        Local.encoded = encodeForURL(arguments.text);

        // Undo encoding of tilde "~"
        Local.encoded = replace( Local.encoded, "%7E", "~", "all" );
        // Change space encoding from "+" to "%20"
        Local.encoded = replace( Local.encoded, "+", "%20", "all" );
        // URL encode asterisk "*" 
        Local.encoded = replace( Local.encoded, "*", "%2A", "all" );

        return Local.encoded;
    }
相关问题
最新问题