vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/api-ref/obs_04_0009.html
zhangyue 7d2a7ec198 OBS API DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-11-05 16:37:11 +00:00

98 lines
8.9 KiB
HTML
Raw Blame History

<a name="obs_04_0009"></a><a name="obs_04_0009"></a>
<h1 class="topictitle1">User Signature Authentication</h1>
<div id="body33357028"><p id="obs_04_0009__p29043216362">OBS signs a request using AK/SK. When a client is sending a request to OBS, the message header must contain the SK, request time, request type, and other information of the signature.</p>
<ul id="obs_04_0009__ul354274103710"><li id="obs_04_0009__li1254374203710">AK: access key ID, which is a unique identifier associated with a secret access key (SK). The AK and SK are used together to obtain an encrypted signature for a request. </li><li id="obs_04_0009__li1854312443719">SK: secret access key, which is used together with the AK to sign requests, identify a request sender, and prevent the request from being modified. </li></ul>
<p class="msonormal" id="obs_04_0009__p17204813423">A user can obtain the AK and SK from IAM. For details, see <a href="obs_04_0116.html">Obtaining Access Keys (AK/SK)</a>.</p>
<p class="msonormal" id="obs_04_0009__p22691253">OBS provides three signature calculation methods based on application scenarios: <a href="obs_04_0010.html">Authentication of Signature in a Header</a>, <a href="obs_04_0011.html">Authentication of Signature in a URL</a>, and <a href="obs_04_0012.html">Authentication of Signature Carried in the Table Uploaded Through a Browser</a>.</p>
<p id="obs_04_0009__p0668336193112">The SDK provided by OBS integrates signature calculation. It is recommended that you use the SDK for development.</p>
<p class="msonormal" id="obs_04_0009__p2894687"><a href="#obs_04_0009__table1151632183812">Table 1</a> shows the user signature verification process in which a signature is carried in a header. For details about the parameters and code examples of authentication of signature in a header, see <a href="obs_04_0010.html">Authentication of Signature in a Header</a>.</p>
<div class="tablenoborder"><a name="obs_04_0009__table1151632183812"></a><a name="table1151632183812"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0009__table1151632183812" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Signature calculation and verification procedure</caption><thead align="left"><tr id="obs_04_0009__row515218324385"><th align="left" class="cellrowborder" colspan="2" valign="top" id="mcps1.3.7.2.4.1.1"><p id="obs_04_0009__p3152193211383">Procedure</p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.7.2.4.1.2"><p id="obs_04_0009__p81521032133820">Example</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0009__row6152133216385"><td class="cellrowborder" rowspan="5" valign="top" width="8.61086108610861%" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p5152163218386">Signature calculation</p>
</td>
<td class="cellrowborder" valign="top" width="30.733073307330734%" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p632064774014">1. Construct an HTTP message.</p>
</td>
<td class="cellrowborder" valign="top" width="60.65606560656066%" headers="mcps1.3.7.2.4.1.2 "><p id="obs_04_0009__p14357122794415">PUT /object HTTP/1.1</p>
<p id="obs_04_0009__p16356162764414">Host: bucket.obs.region.example.com</p>
<p id="obs_04_0009__p1835632744418">Date: Tue, 04 Jun 2019 06:54:59 GMT</p>
<p id="obs_04_0009__p13356122734416">Content-Type: text/plain</p>
<p id="obs_04_0009__p4356152744418">Content-Length: 5913</p>
</td>
</tr>
<tr id="obs_04_0009__row1915220322385"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p12829251114013">2. Calculate <strong id="obs_04_0009__b12910173913143">StringToSign</strong> based on the signature rule.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p155065339446">StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedHeaders + CanonicalizedResource</p>
</td>
</tr>
<tr id="obs_04_0009__row215363216385"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p3893242398">3. Prepare the AK and SK.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p1057319401446">AK: ******</p>
<p id="obs_04_0009__p13573124015441">SK: ******</p>
</td>
</tr>
<tr id="obs_04_0009__row18153732123817"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p1089024123912">4. Calculate <strong id="obs_04_0009__b5305134913151">Signature</strong>.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p37515457444">Signature = Base64( HMAC-SHA1( <strong id="obs_04_0009__b8751453442">SecretAccessKeyID</strong>, UTF-8-Encoding-Of( <strong id="obs_04_0009__b1943716215219">StringToSign</strong> ) ) )</p>
</td>
</tr>
<tr id="obs_04_0009__row1715383203813"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p389724133911">5. Add a signature header and send the request to OBS.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p1189124113914">PUT /object HTTP/1.1</p>
<p id="obs_04_0009__p1489172413915">Host: bucket.obs.region.example.com</p>
<p id="obs_04_0009__p389162414392">Date: Tue, 04 Jun 2019 06:54:59 GMT</p>
<p id="obs_04_0009__p98922403920">Content-Type: text/plain</p>
<p id="obs_04_0009__p17891524153918">Content-Length: 5913</p>
<p id="obs_04_0009__p108992415391">Authorization: OBS <strong id="obs_04_0009__b68942493914">AccessKeyID</strong>:<strong id="obs_04_0009__b78952443920">Signature</strong></p>
</td>
</tr>
<tr id="obs_04_0009__row111532032133817"><td class="cellrowborder" rowspan="5" valign="top" width="8.61086108610861%" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p9153932153815">Signature authentication</p>
</td>
<td class="cellrowborder" valign="top" width="30.733073307330734%" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p226116397399">6. Receive the HTTP message.</p>
</td>
<td class="cellrowborder" valign="top" width="60.65606560656066%" headers="mcps1.3.7.2.4.1.2 "><p id="obs_04_0009__p9261193953912">PUT /object HTTP/1.1</p>
<p id="obs_04_0009__p112611639103912">Host: bucket.obs.region.example.com</p>
<p id="obs_04_0009__p72611339133917">Date: Tue, 04 Jun 2019 06:54:59 GMT</p>
<p id="obs_04_0009__p1261123923915">Content-Type: text/plain</p>
<p id="obs_04_0009__p6261153983915">Content-Length: 5913</p>
<p id="obs_04_0009__p122618399391">Authorization: OBS <strong id="obs_04_0009__b681011913265">AccessKeyID</strong>:<strong id="obs_04_0009__b20810191916269">Signature</strong></p>
</td>
</tr>
<tr id="obs_04_0009__row3153133243810"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p72629399395">7. Obtain the SK based on the AK in the request.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p182621639143916">Obtain the AK from the <strong id="obs_04_0009__b06681715184111">Authorization</strong> header and obtain the SK from IAM.</p>
</td>
</tr>
<tr id="obs_04_0009__row31531632163818"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p1726212397394">8. Calculate <strong id="obs_04_0009__b36658016285">StringToSign</strong> based on the signature rule.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p82628392394">StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedHeaders + CanonicalizedResource</p>
</td>
</tr>
<tr id="obs_04_0009__row015318327382"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p16262143983915">9. Calculate <strong id="obs_04_0009__b072528192816">Signature</strong>.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p1926273913398">Signature = Base64( HMAC-SHA1( <strong id="obs_04_0009__b72620397396">SecretAccessKeyID</strong>, UTF-8-Encoding-Of( <strong id="obs_04_0009__b865475915228">StringToSign</strong> ) ) )</p>
</td>
</tr>
<tr id="obs_04_0009__row1915323273819"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p926213915391">10. Authenticate the signature.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.7.2.4.1.1 "><p id="obs_04_0009__p226213398393">Check whether the value of <strong id="obs_04_0009__b76321945102817">Signature</strong> in the <strong id="obs_04_0009__b164511115149">Authorization</strong> header is the same as the value of <strong id="obs_04_0009__b042683122913">Signature</strong> calculated by the server.</p>
<p id="obs_04_0009__p026213943919">If the two values are the same, the signature verification is successful.</p>
<p id="obs_04_0009__p0262103915396">If the two values are different, the signature verification fails.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0008.html">Authentication</a></div>
</div>
</div>
View Git Blame Copy Permalink