Authentication
Introduces the steps to obtain authentication information.
SkyGuard™ REST API uses a custom HTTP scheme based on HMAC (Hash Message Authentication Code) for authentication.
- Users need to log in to Unified Content Secure Server
(UCSS), and obtain the AccessKey and SecretKey values according to the following pages:
- Obtaining Authentication Information Based on the Device
- Obtaining Authentication Information Based on WebService Application (only for system versions 3.10 and later)
- For each interface call, the Authorization and x-skg-timestamp values need to be added to the request Header, where
- The value of Authorization is composed of multiple values, with the specific composition rules as follows: First, perform HMAC encryption on secret_key + secret_key + timestamp to obtain a string. Then concatenate the obtained string with access_key, i.e.,
Authorization = access_key + HMAC-SHA256(access_key+secret_key+timestamp) - The value of x-skg-timestamp is the system timestamp at the time of sendingNote: If the x-skg-timestamp carried in the request differs from the Unified Content Web-Service Inspector (UCWI) system timestamp by more than 5 minutes, an error message of type 401 will be returned.
- The value of Authorization is composed of multiple values, with the specific composition rules as follows:
Using Curl to Obtain Secretkey and Accesskey and Other Authentication Information
In addition to the method described above for obtaining secrectkey and accesskey through the UCSS interface, TS and technical personnel can also use cURL to obtain the key information required for authentication as shown in the following example.
Note: Using the Curl command is a non-normal method of obtaining information, please use it with caution.
curl -k https://<host_IP>:5443/skg/v1/ws_token
Using Secretkey and Accesskey for Authentication (Python)
import time
import hmac
import hashlib
from ucwi_config import UCWIConfig
def get_auth(access_key, secret_key, timestamp):
token_source = secret_key + timestamp
token = hmac.new(
secret_key.encode('utf-8'),
token_source.encode('utf-8'),
hashlib.sha256).hexdigest()
return "SKG {0}:{1}".format(access_key, token)
def get_headers():
timestamp = "{0:.0f}".format(time.time())
auth = get_auth(
UCWIConfig.access_key,
UCWIConfig.secret_key,
timestamp)
headers = {
"x-skg-timestamp": timestamp,
"Authorization": auth,
}
return headers
Request Example (Java)
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.nio.charset.Charset;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class TestGet {
static String url = "<API_URL>";
static String accessKey = "<AK>";
static String secretKey = "<SK>";
public static String getTimeStamp() {
Date date = new Date();
return String.valueOf(date.getTime()/1000);
}
public static String encryptHmacSHA256(byte[] data, byte[] key) {
return encryptHmac(data, key, "HmacSHA256");
}
public static String encryptHmac(byte[] data, byte[] key, String type) {
try {
SecretKey secretKey = new SecretKeySpec(key, type);
Mac mac = Mac.getInstance(type);
mac.init(secretKey);
byte[] bytes = mac.doFinal(data);
String rs = encodeHex(bytes);
return rs;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
// Data to hexadecimal encoding
public static String encodeHex(final byte[] data) {
return encodeHex(data, true);
}
public static String encodeHex(final byte[] data, final boolean toLowerCase) {
final char[] DIGITS_LOWER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
final char[] DIGITS_UPPER = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
final char[] toDigits = toLowerCase ? DIGITS_LOWER : DIGITS_UPPER;
final int l = data.length;
final char[] out = new char[l << 1];
// Two characters form the hex value.
for (int i = 0, j = 0; i < l; i++) {
out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
out[j++] = toDigits[0x0F & data[i]];
}
return new String(out);
}
public static String getAuth(String accessKey, String secretKey, String timestamp) {
String tokenSource = secretKey + timestamp;
byte[] data = tokenSource.getBytes(Charset.forName("UTF-8"));
byte[] key = secretKey.getBytes(Charset.forName("UTF-8"));
String tokenResult = encryptHmacSHA256(data, key);
String auth = String.format("SKG %s:%s", accessKey, tokenResult);
return auth;
}
public static HashMap<String, String> getHeaders() {
String timestamp = getTimeStamp();
String auth = getAuth(accessKey, secretKey, timestamp);
HashMap<String, String> headers = new HashMap<>();
headers.put("x-skg-timestamp", timestamp);
headers.put("Authorization", auth);
return headers;
}
public static String doGet() {
// URL
HashMap<String, String> headers = getHeaders();
HttpGet get = new HttpGet(url);
Iterator<String> iterator = headers.keySet().iterator();
while (iterator.hasNext()) {
String key = iterator.next();
get.addHeader(key, headers.get(key));
}
CloseableHttpClient client = HttpClients.createDefault();
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
client = HttpClients.custom().setSSLSocketFactory(sslsf).build();
}
catch (Exception e){
e.printStackTrace();
}
String result = "";
try {
CloseableHttpResponse resp = client.execute(get);
HttpEntity entity = resp.getEntity();
result = EntityUtils.toString(entity, "UTF-8");
}
catch (Exception e){
e.printStackTrace();
}
return result;
}
public static void main(String []args) {
String result = doGet();
System.out.println(result);
}
}