package auth import ( "bytes" "errors" "fmt" "golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/requests" "golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/utils" "net/http" "net/url" "sort" "strconv" "strings" "time" ) func signRaliRequest(request requests.AcsRequest, signer Signer) (err error) { err = completeRaliSignParams(request, signer) if err != nil { return } stringToSign := buildRaliStringToSign(request) request.SetStringToSign(stringToSign) signature := signer.Sign(stringToSign, "") request.GetHeaders()["X-Ca-Signature"] = signature debug("GrSdk sign: %s", signature) debug("GrSdk sign string: %s", strings.ReplaceAll(stringToSign, "\n", "#")) debug("GrSdk sign: \r\n") return } func completeRaliSignParams(request requests.AcsRequest, signer Signer) (err error) { request.GetHeaders()["X-Ca-Timestamp"] = fmt.Sprintf("%d", time.Now().Unix()*1000) request.GetHeaders()["X-Ca-Signature-Method"] = signer.GetName() request.GetHeaders()["X-Ca-Nonce"] = utils.GetUUID() request.GetHeaders()["X-Ca-Key"], err = signer.GetAccessKeyId() if request.GetEnv() != "" { request.GetHeaders()["X-Ca-Stage"] = request.GetEnv() } if request.GetMethod() == requests.POST { request.GetHeaders()["Content-type"] = requests.Form } formString := utils.GetUrlFormedMap(request.GetFormParams()) request.SetContent(bytes.NewBufferString(formString).Bytes()) return } func buildRaliSignHeader(request requests.AcsRequest) (str1, str2 string) { headParams := make(map[string]string) signatureHeaders := make([]string, 0) for key, val := range request.GetHeaders() { headParams[key] = val } delete(headParams, "X-Ca-Signature") delete(headParams, "X-Ca-Signature-Headers") delete(headParams, "Accept") delete(headParams, "Content-MD5") delete(headParams, "Content-Type") delete(headParams, "Date") for key, _ := range headParams { signatureHeaders = append(signatureHeaders, key) } sort.Strings(signatureHeaders) for _, key := range signatureHeaders { str1 += fmt.Sprintf("%s:%s\n", key, headParams[key]) } return strings.TrimRight(str1, "\n"), strings.Join(signatureHeaders, ",") } func buildRaliStringToSign(request requests.AcsRequest) (stringToSign string) { signParams := make(map[string]string) for key, value := range request.GetQueryParams() { signParams[key] = value } if strings.ToUpper(request.GetMethod()) == requests.POST { for key, value := range request.GetFormParams() { signParams[key] = value } } str1, str2 := buildRaliSignHeader(request) stringToSign = request.GetMethod() + "\n" stringToSign += request.GetHeaders()["Accept"] + "\n\n" stringToSign += request.GetHeaders()["Content-type"] + "\n\n" stringToSign += str1 + "\n" stringToSign += request.GetActionName() + "?" + utils.GetUrlByKeySort(signParams) request.GetHeaders()["X-Ca-Signature-Headers"] = str2 //stringToSign = utils.GetUrlFormedMap(signParams) //stringToSign = strings.Replace(stringToSign, "+", "%20", -1) //stringToSign = strings.Replace(stringToSign, "*", "%2A", -1) //stringToSign = strings.Replace(stringToSign, "%7E", "~", -1) //stringToSign = url.QueryEscape(stringToSign) //stringToSign = request.GetMethod() + "&%2F&" + stringToSign return } func unsignRaliRequest(request *http.Request, signer Signer) (err error) { signParams := make(map[string]string) for key, value := range request.URL.Query() { signParams[key] = value[0] } if strings.ToUpper(request.Method) == requests.POST { for key, value := range request.Form { signParams[key] = value[0] } } if accessKey, err := signer.GetAccessKeyId(); err != nil { return err } else if accessKey == "" { return errors.New("access key is not allow empty") } else if accessKey != signParams["access_key"] { return errors.New("illegal access key") } signValue, ok := signParams["sign"] if !ok { return errors.New("sign value is not exists") } else { delete(signParams, "sign") } stringToSign := utils.GetUrlFormedMap(signParams) stringToSign = strings.Replace(stringToSign, "+", "%20", -1) stringToSign = strings.Replace(stringToSign, "*", "%2A", -1) stringToSign = strings.Replace(stringToSign, "%7E", "~", -1) stringToSign = url.QueryEscape(stringToSign) stringToSign = request.Method + "&%2F&" + stringToSign debug("GrSdk sign: %s", stringToSign) if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil { return err } else { if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) { err = errors.New("sign timeout 5 minute") } } if signer.Sign(stringToSign, "&") != signValue { return errors.New("sign string is not correct") } return }