1

我正在使用 aws 管理的弹性搜索/我正在使用高级 Java 客户端进行弹性搜索。有没有办法对高级客户端发出的请求使用 aws signature4 签名?

4

1 回答 1

0

您只需执行签名计算并将适当的标头添加到您的请求中即可。请参阅示例: Java 和 C# 示例的 AWS 签名版本 4 中的签名计算。我拿了这段代码,把我自己的界面放在上面:

import net.craigcaulfield.awsutils.signing.auth.AWS4SignerBase;
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerForAuthorizationHeader;
import net.craigcaulfield.awsutils.signing.util.BinaryUtils;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

/**
 * A utility for calculating an AWS Signature Version 4 signature headers for requests. See
 * http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html for the full description.
 *
 * @author Craig Caulfield
 */
public class SigningUtility {

    /**
     * Build the authorization headers to be added to the service request. 
     * 
     * @param regionName AWS region
     * @param url service URL
     * @param awsAccessKey AWS access key
     * @param awsSecretKey AWS secret key
     * @param messageBody the message body for POSTs
     * @param httpMethod the HTTP verb used for this message (GET, POST, etc)
     * @param serviceName the AWS service (s3, execite-api, ...)
     * @return authorisation headers to add to the request.
     */
    public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey, 
                                                      String messageBody, String httpMethod, String serviceName) {

        URL endpointUrl;
        try {
            endpointUrl = new URL(url);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
        }

        String contentHashString;
        Map<String, String> headers = new HashMap<>();
        if ("POST".equals(httpMethod)) {

            // precompute hash of the body content
            byte[] contentHash = AWS4SignerBase.hash(messageBody);
            contentHashString = BinaryUtils.toHex(contentHash);

            headers.put("x-amz-content-sha256", contentHashString);
            headers.put("content-length", "" + messageBody.length());

        } else if ("GET".equals(httpMethod)) {

            contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;
            // for a simple GET, we have no body so supply the precomputed 'empty' hash
            headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);

        } else {
            throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");
        }

        AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(
                endpointUrl, httpMethod, serviceName, regionName);

        String authorisation = signer.computeSignature(headers,
                null, // assume no query parameters
                contentHashString,
                awsAccessKey,
                awsSecretKey);

        headers.put("Authorization", authorisation);

        return headers;
    }
}

, AWS4SignerBase,AWS4SignerForAuthorizationHeaderBinaryUtils直接来自 AWS 示例。唯一困难的是serviceName为您的特定服务找到 ,对于 Elastic Search 来说可能是es.

作为替代方案,如果您可以使用(并负担得起soapUI Pro),它具有内置功能可以为您完成所有这些工作。

于 2018-09-20T06:22:57.290 回答