161 lines
4.6 KiB
Go
161 lines
4.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/requests"
|
|
"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/utils"
|
|
"net/http"
|
|
"net/url"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func signRaliRequest(request requests.AcsRequest, signer Signer) (err error) {
|
|
err = completeRaliSignParams(request, signer)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
stringToSign := buildRaliStringToSign(request)
|
|
request.SetStringToSign(stringToSign)
|
|
signature := signer.Sign(stringToSign, "")
|
|
request.GetHeaders()["X-Ca-Signature"] = signature
|
|
|
|
debug("GrSdk sign: %s", signature)
|
|
debug("GrSdk sign string: %s", strings.ReplaceAll(stringToSign, "\n", "#"))
|
|
debug("GrSdk sign: \r\n")
|
|
return
|
|
}
|
|
|
|
func completeRaliSignParams(request requests.AcsRequest, signer Signer) (err error) {
|
|
|
|
request.GetHeaders()["X-Ca-Timestamp"] = fmt.Sprintf("%d", time.Now().Unix()*1000)
|
|
request.GetHeaders()["X-Ca-Signature-Method"] = signer.GetName()
|
|
request.GetHeaders()["X-Ca-Nonce"] = utils.GetUUID()
|
|
request.GetHeaders()["X-Ca-Key"], err = signer.GetAccessKeyId()
|
|
|
|
if request.GetEnv() != "" {
|
|
request.GetHeaders()["X-Ca-Stage"] = request.GetEnv()
|
|
}
|
|
|
|
if request.GetMethod() == requests.POST {
|
|
request.GetHeaders()["Content-type"] = requests.Form
|
|
}
|
|
|
|
formString := utils.GetUrlFormedMap(request.GetFormParams())
|
|
request.SetContent(bytes.NewBufferString(formString).Bytes())
|
|
return
|
|
}
|
|
|
|
func buildRaliSignHeader(request requests.AcsRequest) (str1, str2 string) {
|
|
|
|
headParams := make(map[string]string)
|
|
signatureHeaders := make([]string, 0)
|
|
|
|
for key, val := range request.GetHeaders() {
|
|
headParams[key] = val
|
|
}
|
|
|
|
delete(headParams, "X-Ca-Signature")
|
|
delete(headParams, "X-Ca-Signature-Headers")
|
|
delete(headParams, "Accept")
|
|
delete(headParams, "Content-MD5")
|
|
delete(headParams, "Content-Type")
|
|
delete(headParams, "Date")
|
|
|
|
for key, _ := range headParams {
|
|
signatureHeaders = append(signatureHeaders, key)
|
|
}
|
|
|
|
sort.Strings(signatureHeaders)
|
|
|
|
for _, key := range signatureHeaders {
|
|
str1 += fmt.Sprintf("%s:%s\n", key, headParams[key])
|
|
}
|
|
|
|
return strings.TrimRight(str1, "\n"), strings.Join(signatureHeaders, ",")
|
|
}
|
|
|
|
func buildRaliStringToSign(request requests.AcsRequest) (stringToSign string) {
|
|
signParams := make(map[string]string)
|
|
for key, value := range request.GetQueryParams() {
|
|
signParams[key] = value
|
|
}
|
|
|
|
if strings.ToUpper(request.GetMethod()) == requests.POST {
|
|
for key, value := range request.GetFormParams() {
|
|
signParams[key] = value
|
|
}
|
|
}
|
|
|
|
str1, str2 := buildRaliSignHeader(request)
|
|
|
|
stringToSign = request.GetMethod() + "\n"
|
|
stringToSign += request.GetHeaders()["Accept"] + "\n\n"
|
|
stringToSign += request.GetHeaders()["Content-type"] + "\n\n"
|
|
stringToSign += str1 + "\n"
|
|
stringToSign += request.GetActionName() + "?" + utils.GetUrlByKeySort(signParams)
|
|
request.GetHeaders()["X-Ca-Signature-Headers"] = str2
|
|
|
|
//stringToSign = utils.GetUrlFormedMap(signParams)
|
|
//stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
|
|
//stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
|
|
//stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
|
|
//stringToSign = url.QueryEscape(stringToSign)
|
|
//stringToSign = request.GetMethod() + "&%2F&" + stringToSign
|
|
return
|
|
}
|
|
|
|
func unsignRaliRequest(request *http.Request, signer Signer) (err error) {
|
|
signParams := make(map[string]string)
|
|
for key, value := range request.URL.Query() {
|
|
signParams[key] = value[0]
|
|
}
|
|
|
|
if strings.ToUpper(request.Method) == requests.POST {
|
|
for key, value := range request.Form {
|
|
signParams[key] = value[0]
|
|
}
|
|
}
|
|
|
|
if accessKey, err := signer.GetAccessKeyId(); err != nil {
|
|
return err
|
|
} else if accessKey == "" {
|
|
return errors.New("access key is not allow empty")
|
|
} else if accessKey != signParams["access_key"] {
|
|
return errors.New("illegal access key")
|
|
}
|
|
|
|
signValue, ok := signParams["sign"]
|
|
if !ok {
|
|
return errors.New("sign value is not exists")
|
|
} else {
|
|
delete(signParams, "sign")
|
|
}
|
|
|
|
stringToSign := utils.GetUrlFormedMap(signParams)
|
|
stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
|
|
stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
|
|
stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
|
|
stringToSign = url.QueryEscape(stringToSign)
|
|
stringToSign = request.Method + "&%2F&" + stringToSign
|
|
debug("GrSdk sign: %s", stringToSign)
|
|
|
|
if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil {
|
|
return err
|
|
} else {
|
|
if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) {
|
|
err = errors.New("sign timeout 5 minute")
|
|
}
|
|
}
|
|
|
|
if signer.Sign(stringToSign, "&") != signValue {
|
|
return errors.New("sign string is not correct")
|
|
}
|
|
return
|
|
}
|