本文介绍使用Curl 请求 TOS 私有对象的过程。
在本教程中,您将学习如何使用 Curl 命令 通过添加认证 Header 的方式请求 TOS 中的私有对象。
预计部署时间:20分钟
级别:初级
相关产品:ECS TOS
受众: 通用
具体安装部署参考官网文档
import sys, os, base64, datetime, hashlib, hmac import requests # pip install requests import json # ************* REQUEST VALUES ************* method = 'GET' host = 'lxb-bucket.tos-cn-beijing.volces.com' region = 'cn-beijing' endpoint = 'https://lxb-bucket.tos-cn-beijing.volces.com/sizetest' def sign(key, msg): return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest() def getSignatureKey(key, dateStamp, regionName, serviceName): kDate = sign(key.encode('utf-8'), dateStamp) kRegion = sign(kDate, regionName) kService = sign(kRegion, serviceName) kSigning = sign(kService, 'request') return kSigning def sigv4(access_key, secret_key, service, request_parameters): if access_key is None or secret_key is None: print('No access key is available.') sys.exit() t = datetime.datetime.utcnow() current_date = t.strftime('%Y%m%dT%H%M%SZ') datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope canonical_uri = '/sizetest' canonical_querystring = request_parameters signed_headers = 'host;range;x-tos-content-sha256;x-tos-date' payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest() content_type = 'bytes=0-10' # 注意:将需要参与签名的header的key全部转成小写, 然后以ASCII排序后以key-value的方式组合后换行构建。 canonical_headers = 'host:' + host + '\n' + 'range:' + content_type + '\n' + 'x-tos-content-sha256:' + payload_hash + '\n' + 'x-tos-date:' + current_date + '\n' canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash print("1.创建规范请求示例" + '\n', canonical_request) algorithm = 'TOS4-HMAC-SHA256' credential_scope = datestamp + '/' + region + '/' + service + '/' + 'request' string_to_sign = algorithm + '\n' + current_date + '\n' + credential_scope + '\n' + hashlib.sha256( canonical_request.encode('utf-8')).hexdigest() print("2.创建待签字符串示例" + '\n', string_to_sign) signing_key = getSignatureKey(secret_key, datestamp, region, service) signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest() print("3.Signature示例" + '\n', signature) authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature print("4.Authorization示例" + '\n', authorization_header) headers = {'x-tos-date': current_date, 'Authorization': authorization_header, 'x-tos-Content-sha256': payload_hash, 'range': content_type, } # ************* SEND THE REQUEST ************* request_url = endpoint print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++') print('Request URL = ' + request_url) r = requests.get(request_url, headers=headers) print('\nRESPONSE++++++++++++++++++++++++++++++++++++') print('Response code: %d\n' % r.status_code) print(r.text) if __name__ == "__main__": access_key = '$AK' secret_key = '$SK' service = 'tos' formatted_parameters = '' sigv4(access_key, secret_key, service, formatted_parameters)
注意
1.用于标记签名的版本及算法,当前只支持 TOS4-HMAC-SHA256
2.canonical_headers 中的 Header 信息需要再 curl 请求的时候全部带上
host:lxb-bucket.tos-cn-beijing.volces.com range:bytes=0-10 x-tos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-tos-date:20230816T062337Z TOS4-HMAC-SHA256 Credential=AKLTMzUyYTBlNGM2N2ExNGU2Yjk5NWRhYTYxMGVmN2I3ZTQ/20230816/cn-beijing/tos/request, SignedHeaders=host;range;x-tos-content-sha256;x-tos-date, Signature=b1e7257ddb562df824d3ace2e3dad08e86f939b7583d9c9d5e81355d86b1dceb
[root@lxb-jms ~]# curl -X GET -H 'x-tos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' -H 'x-tos-date:20230816T062337Z' -H 'range:bytes=0-10' -H 'Authorization:TOS4-HMAC-SHA256 Credential=AKLTMzUyYTBlNGM2N2ExNGU2Yjk5NWRhYTYxMGVmN2I3ZTQ/20230816/cn-beijing/tos/request, SignedHeaders=host;range;x-tos-content-sha256;x-tos-date, Signature=c7dfbafbad1ee4763a5fbd5fea80a4f4f416ba345f46572e3600862b4f85264c' https://lxb-bucket.tos-cn-beijing.volces.com/sizetest dfafafadfad