兼容签名认证
更新时间:2023-07-28
兼容最新的AWS Signature Version 4,签名方法见Authenticating Requests (AWS Signature Version 4)。
签名Header示例
以下是使用S3签名认证方法访问BOS的示例,使用Authorization请求Header提供身份验证信息,具体内容如下:
Authorization: AWS4-HMAC-SHA256
Credential=82fa964ae**********0dfeea44c0683/20230216/bj/s3/aws4_request,
SignedHeaders=host;x-amz-content-sha256;x-amz-date,
Signature=98afff082015a6490a50567b2fa9a0e64f0ae81105a3a62da86bc50806c293fb注意事项
- AWS4-HMAC-SHA256:用于计算签名的算法,该字符串指定AWS签名版本即AWS4和签名算法HMAC-SHA256。
Credential:包括用于计算签名的Access Key、日期、区域和服务,格式:
<access-key>/<date>/<bos-region>/s3/aws4_request, 其中<date>使用日期格式为YYYYMMDD,<bos-region>对应BOS区域如下:
区域 Region
|北京| bj|
|保定| bd|
|苏州| su|
|广州| gz|
|香港| hkg|
|金融云武汉专区| fwh|
|金融云上海专区| fsh|详细说明请参考sigv4-auth-using-authorization-header。
- 签名计算目前仅支持 Transfer Payload in a Single Chunk 和 Transfer Payload in Multiple Chunks 。
完整请求示例:
GET / HTTP/1.1
Host: s3.bj.bcebos.com
Accept-Encoding: identity
User-Agent: Boto3/1.26.72 Python/3.9.6 Darwin/22.1.0 Botocore/1.29.72 Resource
X-Amz-Date: 20230216T025415Z
X-Amz-Content-SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Authorization: AWS4-HMAC-SHA256 Credential=82fa964ae**********0dfeea44c0683/20230216/bj/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=98afff082015a6490a50567b2fa9a0e64f0ae81105a3a62da86bc50806c293fb
amz-sdk-invocation-id: d2f1690c-ea14-4298-8bf5-052f797d4b4d
amz-sdk-request: attempt=1
HTTP/1.1 200 OK
Date: Thu, 16 Feb 2023 02:54:16 GMT
Content-Type: application/xml
Content-Length: 9061
Connection: keep-alive
Server: BceBos
X-Amz-Id-2: vl7FafIEg8tsAO58XjrWu/PAaxp5HdsDsBHYVzKdQM/Dz0M6Xk1zqL5ckWgBdMcwhQC3fHuZqNA3S1FrzeM/PA==
X-Amz-Request-Id: 05fb9355-e743-4900-be4d-e1be627d1ce2