认证

介绍获取认证信息的步骤。

天空卫士™REST API使用基于密钥HMAC (Hash Message Authentication Code) 的自定义 HTTP 方案进行身份验证。
  1. 用户需登录统一内容安全管理平台UCSS,并参照以下页面获取AccessKey和SecretKey值:
  2. 每一次接口的调用,需要在请求Header中,加入Authorization和x-skg-timestamp两个值,其中
    • Authorization的值是由多个值拼接而成,具体的拼接规则如下:
      首先对secret_key+secret_key+timestamp做HMAC加密,得到一个字符串。 将得到的字符串再拼接access_key,即
      Authorization = access_key + HMAC-SHA256(access_key+secret_key+timestamp)
    • x-skg-timestamp的值是发送时的系统timestamp
      注: 若请求中携带的x-skg-timestamp统一内容安全审查平台UCWI系统timestamp相差超过5分钟则返回类型为401的错误信息。

使用Secretkey和Accesskey认证(Python) 

import time
import hmac
import hashlib
from ucwi_config import UCWIConfig

def get_auth(access_key, secret_key, timestamp):
    token_source = secret_key + timestamp
    token = hmac.new(
        secret_key.encode('utf-8'),
        token_source.encode('utf-8'),
        hashlib.sha256).hexdigest()
    return "SKG {0}:{1}".format(access_key, token)

def get_headers():
    timestamp = "{0:.0f}".format(time.time())
    auth = get_auth(
        UCWIConfig.access_key,
        UCWIConfig.secret_key,
        timestamp)

    headers = {
        "x-skg-timestamp": timestamp,
        "Authorization": auth,
    }

    return headers

请求示例(Java)

import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.nio.charset.Charset;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
 
import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
 
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
 
public class TestGet {
 
    static String url = "<API_URL>";
    static String accessKey = "<AK>";
    static String secretKey = "<SK>";
 
    public static String getTimeStamp() {
        Date date = new Date();
        return String.valueOf(date.getTime()/1000);
    }  
 
    public static String encryptHmacSHA256(byte[] data, byte[] key) {
        return encryptHmac(data, key, "HmacSHA256");
    }
 
    public static String encryptHmac(byte[] data, byte[] key, String type) {
        try {
            SecretKey secretKey = new SecretKeySpec(key, type);
            Mac mac = Mac.getInstance(type);
            mac.init(secretKey);
            byte[] bytes = mac.doFinal(data);
            String rs = encodeHex(bytes);
            return rs;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
 
    // 数据转16进制编码
    public static String encodeHex(final byte[] data) {
        return encodeHex(data, true);
    }
 
    public static String encodeHex(final byte[] data, final boolean toLowerCase) {
        final char[] DIGITS_LOWER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
        final char[] DIGITS_UPPER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
        final char[] toDigits = toLowerCase ? DIGITS_LOWER : DIGITS_UPPER;
        final int l = data.length;
        final char[] out = new char[l << 1];
        // two characters form the hex value.
        for (int i = 0, j = 0; i < l; i++) {
            out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
            out[j++] = toDigits[0x0F & data[i]];
        }
        return new String(out);
    }
 
    public static String getAuth(String accessKey, String secretKey, String timestamp) {
        String tokenSource = secretKey + timestamp;
        byte[] data = tokenSource.getBytes(Charset.forName("UTF-8"));
        byte[] key = secretKey.getBytes(Charset.forName("UTF-8"));
        String tokenResult = encryptHmacSHA256(data, key);
        String auth = String.format("SKG %s:%s", accessKey, tokenResult);
        return auth;
    }
 
    public static HashMap<String, String> getHeaders() {
        String timestamp = getTimeStamp();
        String auth = getAuth(accessKey, secretKey, timestamp);
        HashMap<String, String> headers = new HashMap<>();
        headers.put("x-skg-timestamp", timestamp);
        headers.put("Authorization", auth);
        return headers;
    }
 
    public static String doGet() {
        //URL
        HashMap<String, String> headers = getHeaders();
        HttpGet get = new HttpGet(url);
         
        Iterator<String> iterator = headers.keySet().iterator();
        while (iterator.hasNext()) {
            String key = iterator.next();
            get.addHeader(key, headers.get(key));
        }  
        CloseableHttpClient client = HttpClients.createDefault();
        try {
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
                public boolean isTrusted(X509Certificate[] chain, String authType) {
                    return true;
                }  
            }).build();
            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
            client = HttpClients.custom().setSSLSocketFactory(sslsf).build();
        }  
        catch (Exception e){
            e.printStackTrace();
        }  
         
        String result = "";
        try {
            CloseableHttpResponse resp = client.execute(get);
            HttpEntity entity = resp.getEntity();
            result = EntityUtils.toString(entity, "UTF-8");
        }  
        catch (Exception e){
            e.printStackTrace();
        }  
        return result;
    }  
 
    public static void main(String []args) {
        String result = doGet();
        System.out.println(result);
    }
}