在Authorization头中包含签名​

签名说明

原始请求（无签名）
假设您希望从客户端向OS发送一个没有任何签名信息的HTTP请求，请求如下：

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

签名后请求
在完成签名步骤后，您可以通过添加Authorization头将认证信息加入请求，其中包含：

• 您用于签名的算法（WOS-HMAC-SHA256）
• 认证凭证范围（带有您的访问密钥ID）
• 已签名的请求头列表
• 计算得到的签名

请求如下所示：

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Authorization: WOS-HMAC-SHA256 Credential=2cd1baf7681435ce4a298e9df3eb36958e725394/20201103/cn-south-1/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

示例1 DELETE请求（DeleteObject）

本示例中使用的数据如下：

• AccessKeyId: 2cd1baf7681435ce4a298e9df3eb36958e725394
• SecretKey: 968d43bc594af8622923d0681ddc367b35a8b23b
• 请求时间戳: 20201103T104419Z
• 存储空间名称: wcstest-r9-private
• 存储区域: cn-south-1

假设将 wcstest-r9-private 桶中的 /mine-type.mp4 文件删除，请求如下：

DELETE /mine-type.mp4 HTTP/1.1
Host: wcstest-r9-private.s3-cn-south-1.wcsapi.com
Authorization: <Authorization>
Range:0-9
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

注：因为下载/删除请求无需提供body内容，所以x-wos-content-sha256值为空请求体的哈希值。

构造SigningKey和Authorization头部的计算步骤如下：

1. 创建规范化请求 (CanonicalRequest)

DELETE
/mine-type.mp4
 
host:wsmooc.avinfo.cloudv.haplat.net
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z
 
host;x-wos-content-sha256;x-wos-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

注：DeleteObject请求的CanonicalQueryString为空，因此第三行为空行。

2. 生成待签名字符串 (StringToSign)

WOS-HMAC-SHA256
20201103T104419Z
20201103/cn-south-1/wos/wos_request
55f35c488a08877ce1bec27b2d852b4d242a135df3e9bc3bd60be027df455216

3. 构造签名密钥 (SigningKey)

SigningKey = HMAC-SHA256(HMAC-SHA256(HMAC-SHA256(HMAC-SHA256("WOS" + "EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY","20201103"),"cn-south-1"),"wos"),"wos_request")

4. 获得签名 (Signature)

0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a

5. 构造Authorization头

WOS-HMAC-SHA256 Credential=2cd1baf7681435ce4a298e9df3eb36958e725394/20201103/cn-south-1/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=0243fe336dc075f95add64c5fe980ae6fd0446b243e0f301e4ad75d32d96dc6a

示例2 GET请求(GetAvinfo)

本示例中使用的数据如下：

• AccessKeyId: AKLTAIHGXsvVYxTEXAMPLE
• SecretKey: EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY
• 请求时间戳: 20201103T104419Z
• 空间名: wsmooc
• 存储区域: cn-east-2

假设从wsmooc空间获取 /video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4 的avinfo信息，请求如下：

GET /video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4?avinfo HTTP/1.1
Host: wsmooc.avinfo.cloudv.haplat.net
Authorization: <Authorization>
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z

注：因为下载请求无需提供body内容，所以x-wos-content-sha256值为空请求体的哈希值。

构造签名及Authorization头的步骤如下：

1. 创建规范化请求 (CanonicalRequest）

GET
/video/20201029/0f3de4278bd6438eb871a6daa43c6305/5555555582qq77n8555602653pp77282_b67923f7d7b2459091621637b1808ab3.mp4
avinfo=
host:wsmooc.avinfo.cloudv.haplat.net
x-wos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-wos-date:20201103T104419Z
 
host;x-wos-content-sha256;x-wos-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

2. 生成待签名字符串 (StringToSign)

WOS-HMAC-SHA256
20201103T104419Z
20201103/cn-east-2/wos/wos_request
0788dd8e9b3a088477031b2127ac05bfcf960229a636adb54cb387df1e1cb096

3. 构造签名密钥 (SigningKey)

SigningKey = HMAC-SHA256(HMAC-SHA256(HMAC-SHA256(HMAC-SHA256("WOS" + "EfxET06Dvb2cahG8OBtZH9WRqkB3EXAMPLEKEY","20201103"),"cn-east-2"),"wos"),"wos_request")

4. 获得签名 (Signature)

335265293972c56fa6e0c4453a86c7aa32610e6a6d6809dac4e9fb64700296ed

5. 构造Authorization头

WOS-HMAC-SHA256 Credential=AKLTAIHGXsvVYxTEXAMPLE/20201103/cn-east-2/wos/wos_request, SignedHeaders=host;x-wos-content-sha256;x-wos-date, Signature=335265293972c56fa6e0c4453a86c7aa32610e6a6d6809dac4e9fb64700296ed