Signature4签名以在AWS中进行弹性搜索

时间:2018-07-26 18:00:31

标签: amazon-web-services aws-sdk aws-iam aws-elasticsearch

我正在使用AWS管理的Elasticsearch /我正在使用高级Java客户端进行弹性搜索。有没有一种方法可以对高级客户端发出的请求使用aws signature4签名?

1 个答案:

答案 0 :(得分:0)

您需要执行签名计算并将所有适当的标头添加到您的请求中。有关Java和C#示例,请参见Examples: Signature Calculations in AWS Signature Version 4 。我接受了这段代码并将自己的界面放在顶部:

import net.craigcaulfield.awsutils.signing.auth.AWS4SignerBase;
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerForAuthorizationHeader;
import net.craigcaulfield.awsutils.signing.util.BinaryUtils;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

/**
 * A utility for calculating an AWS Signature Version 4 signature headers for requests. See
 * http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html for the full description.
 *
 * @author Craig Caulfield
 */
public class SigningUtility {

    /**
     * Build the authorization headers to be added to the service request. 
     * 
     * @param regionName AWS region
     * @param url service URL
     * @param awsAccessKey AWS access key
     * @param awsSecretKey AWS secret key
     * @param messageBody the message body for POSTs
     * @param httpMethod the HTTP verb used for this message (GET, POST, etc)
     * @param serviceName the AWS service (s3, execite-api, ...)
     * @return authorisation headers to add to the request.
     */
    public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey, 
                                                      String messageBody, String httpMethod, String serviceName) {

        URL endpointUrl;
        try {
            endpointUrl = new URL(url);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
        }

        String contentHashString;
        Map<String, String> headers = new HashMap<>();
        if ("POST".equals(httpMethod)) {

            // precompute hash of the body content
            byte[] contentHash = AWS4SignerBase.hash(messageBody);
            contentHashString = BinaryUtils.toHex(contentHash);

            headers.put("x-amz-content-sha256", contentHashString);
            headers.put("content-length", "" + messageBody.length());

        } else if ("GET".equals(httpMethod)) {

            contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;
            // for a simple GET, we have no body so supply the precomputed 'empty' hash
            headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);

        } else {
            throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");
        }

        AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(
                endpointUrl, httpMethod, serviceName, regionName);

        String authorisation = signer.computeSignature(headers,
                null, // assume no query parameters
                contentHashString,
                awsAccessKey,
                awsSecretKey);

        headers.put("Authorization", authorisation);

        return headers;
    }
}

AWS4SignerBaseAWS4SignerForAuthorizationHeaderBinaryUtils类直接来自AWS示例。唯一困难的是为您的特定服务找到serviceName,对于Elastic Search来说可能是es

或者,如果您可以使用(并提供soapUI Pro),它会为您提供built-in features to do all this

相关问题
最新问题