help: add signature code examples (#34160)
This commit is contained in:
parent
f14115483d
commit
4d1e32130a
|
@ -94,4 +94,132 @@ intranet = 12345
|
|||
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Exemples de code de signature</title>
|
||||
|
||||
<p>
|
||||
Voici des exemples de code pour créer des URLs signées selon l'algorithme
|
||||
expliqué ci-dessus.
|
||||
</p>
|
||||
|
||||
<listing>
|
||||
<title>Python</title>
|
||||
<code mime="text/x-python">
|
||||
#!/usr/bin/env python2
|
||||
|
||||
import base64
|
||||
import hmac
|
||||
import hashlib
|
||||
import datetime
|
||||
import urllib
|
||||
import urlparse
|
||||
import random
|
||||
|
||||
def sign_url(url, key, algo='sha256', orig=None, timestamp=None, nonce=None):
|
||||
parsed = urlparse.urlparse(url)
|
||||
new_query = sign_query(parsed.query, key, algo, orig, timestamp, nonce)
|
||||
return urlparse.urlunparse(parsed[:4] + (new_query,) + parsed[5:])
|
||||
|
||||
def sign_query(query, key, algo='sha256', orig=None, timestamp=None, nonce=None):
|
||||
if timestamp is None:
|
||||
timestamp = datetime.datetime.utcnow()
|
||||
timestamp = timestamp.strftime('%Y-%m-%dT%H:%M:%SZ')
|
||||
if nonce is None:
|
||||
nonce = hex(random.getrandbits(128))[2:-1]
|
||||
new_query = query
|
||||
if new_query:
|
||||
new_query += '&'
|
||||
new_query += urllib.urlencode((
|
||||
('algo', algo),
|
||||
('timestamp', timestamp),
|
||||
('nonce', nonce)))
|
||||
if orig is not None:
|
||||
new_query += '&' + urllib.urlencode({'orig': orig})
|
||||
signature = base64.b64encode(sign_string(new_query, key, algo=algo))
|
||||
new_query += '&' + urllib.urlencode({'signature':signature})
|
||||
return new_query
|
||||
|
||||
def sign_string(s, key, algo='sha256', timedelta=30):
|
||||
digestmod = getattr(hashlib, algo)
|
||||
hash = hmac.HMAC(key, digestmod=digestmod, msg=s)
|
||||
return hash.digest()
|
||||
|
||||
# usage:
|
||||
url = sign_url('http://www.example.net/uri/?arg=val&arg2=val2', 'user-key', orig='user')
|
||||
</code>
|
||||
</listing>
|
||||
|
||||
<listing>
|
||||
<title>PHP</title>
|
||||
<code mime="application/x-php">
|
||||
<?php
|
||||
|
||||
function sign_url(string $url, string $orig, string $key) {
|
||||
$parsed_url = parse_url($url);
|
||||
$timestamp = gmstrftime("%Y-%m-%dT%H:%M:%SZ");
|
||||
$nonce = bin2hex(random_bytes(16));
|
||||
$new_query = '';
|
||||
if (isset($parsed_url['query'])) {
|
||||
$new_query .= $parsed_url['query'] . '&';
|
||||
}
|
||||
$new_query .= http_build_query(array(
|
||||
'algo' => 'sha256',
|
||||
'timestamp' => $timestamp,
|
||||
'nonce' => $nonce,
|
||||
'orig' => $orig));
|
||||
$signature = base64_encode(hash_hmac('sha256', $new_query, $key, $raw_output = true));
|
||||
$new_query .= '&' . http_build_query(array('signature' => $signature));
|
||||
$scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : '';
|
||||
$host = isset($parsed_url['host']) ? $parsed_url['host'] : '';
|
||||
$port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : '';
|
||||
$user = isset($parsed_url['user']) ? $parsed_url['user'] : '';
|
||||
$pass = isset($parsed_url['pass']) ? ':' . $parsed_url['pass'] : '';
|
||||
$pass = ($user || $pass) ? "$pass@" : '';
|
||||
$path = isset($parsed_url['path']) ? $parsed_url['path'] : '';
|
||||
$fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : '';
|
||||
return "$scheme$user$pass$host$port$path?$new_query$fragment";
|
||||
}
|
||||
|
||||
# usage:
|
||||
url = sign_url("http://www.example.net/uri/?arg=val&arg2=val2", "user", "user-key");
|
||||
|
||||
?>
|
||||
</code>
|
||||
</listing>
|
||||
|
||||
<listing>
|
||||
<title>Shell (bash)</title>
|
||||
<code mime="application/x-shellscript">
|
||||
#!/bin/bash
|
||||
|
||||
url="http://www.example.net/uri/?arg=val&arg2=val2"
|
||||
orig="user"
|
||||
key="user-key"
|
||||
|
||||
function rawurlencode() {
|
||||
local string="${1}"
|
||||
local strlen=${#string}
|
||||
local encoded=""
|
||||
local pos c o
|
||||
for ((pos=0; pos<strlen; pos++)); do
|
||||
c=${string:$pos:1}
|
||||
case "$c" in
|
||||
[-_.~a-zA-Z0-9] ) o="${c}" ;;
|
||||
* ) printf -v o '%%%02x' "'$c"
|
||||
esac
|
||||
encoded+="${o}"
|
||||
done
|
||||
echo "${encoded}"
|
||||
}
|
||||
|
||||
now=$(date -u +%FT%TZ);
|
||||
qs="algo=sha256&timestamp=$now&orig=$orig"
|
||||
sig=$(rawurlencode $(echo -n "$qs" | openssl dgst -binary -sha256 -hmac "$key" | base64))
|
||||
signed="${url}?$qs&signature=$sig"
|
||||
echo "$signed"
|
||||
</code>
|
||||
</listing>
|
||||
|
||||
</section>
|
||||
|
||||
</page>
|
||||
|
|
Loading…
Reference in New Issue