在 aws 中为 elasticsearch 签名 4
Signature4 signing for elastic search in aws
我正在使用 aws 托管的弹性搜索/我正在使用高级 java 客户端进行弹性搜索。有没有办法对高级客户端发出的请求使用 aws signature4 签名?
您只需执行签名计算并将适当的 headers 添加到您的请求即可。有关 Java 和 C# 示例,请参阅 Examples: Signature Calculations in AWS Signature Version 4 。我拿走了这段代码并将我自己的界面放在上面:
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerBase;
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerForAuthorizationHeader;
import net.craigcaulfield.awsutils.signing.util.BinaryUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
/**
* A utility for calculating an AWS Signature Version 4 signature headers for requests. See
* http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html for the full description.
*
* @author Craig Caulfield
*/
public class SigningUtility {
/**
* Build the authorization headers to be added to the service request.
*
* @param regionName AWS region
* @param url service URL
* @param awsAccessKey AWS access key
* @param awsSecretKey AWS secret key
* @param messageBody the message body for POSTs
* @param httpMethod the HTTP verb used for this message (GET, POST, etc)
* @param serviceName the AWS service (s3, execite-api, ...)
* @return authorisation headers to add to the request.
*/
public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey,
String messageBody, String httpMethod, String serviceName) {
URL endpointUrl;
try {
endpointUrl = new URL(url);
} catch (MalformedURLException e) {
throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
}
String contentHashString;
Map<String, String> headers = new HashMap<>();
if ("POST".equals(httpMethod)) {
// precompute hash of the body content
byte[] contentHash = AWS4SignerBase.hash(messageBody);
contentHashString = BinaryUtils.toHex(contentHash);
headers.put("x-amz-content-sha256", contentHashString);
headers.put("content-length", "" + messageBody.length());
} else if ("GET".equals(httpMethod)) {
contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;
// for a simple GET, we have no body so supply the precomputed 'empty' hash
headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);
} else {
throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");
}
AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(
endpointUrl, httpMethod, serviceName, regionName);
String authorisation = signer.computeSignature(headers,
null, // assume no query parameters
contentHashString,
awsAccessKey,
awsSecretKey);
headers.put("Authorization", authorisation);
return headers;
}
}
AWS4SignerBase、AWS4SignerForAuthorizationHeader、BinaryUtils 类直接来自AWS示例。唯一困难的是为您的特定服务找到 serviceName,对于 Elastic Search 可能是 es。
作为替代方案,如果您可以使用(并负担得起 soapUI Pro),它有 built-in features to do all this 适合您。
我正在使用 aws 托管的弹性搜索/我正在使用高级 java 客户端进行弹性搜索。有没有办法对高级客户端发出的请求使用 aws signature4 签名?
您只需执行签名计算并将适当的 headers 添加到您的请求即可。有关 Java 和 C# 示例,请参阅 Examples: Signature Calculations in AWS Signature Version 4 。我拿走了这段代码并将我自己的界面放在上面:
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerBase;
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerForAuthorizationHeader;
import net.craigcaulfield.awsutils.signing.util.BinaryUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
/**
* A utility for calculating an AWS Signature Version 4 signature headers for requests. See
* http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html for the full description.
*
* @author Craig Caulfield
*/
public class SigningUtility {
/**
* Build the authorization headers to be added to the service request.
*
* @param regionName AWS region
* @param url service URL
* @param awsAccessKey AWS access key
* @param awsSecretKey AWS secret key
* @param messageBody the message body for POSTs
* @param httpMethod the HTTP verb used for this message (GET, POST, etc)
* @param serviceName the AWS service (s3, execite-api, ...)
* @return authorisation headers to add to the request.
*/
public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey,
String messageBody, String httpMethod, String serviceName) {
URL endpointUrl;
try {
endpointUrl = new URL(url);
} catch (MalformedURLException e) {
throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
}
String contentHashString;
Map<String, String> headers = new HashMap<>();
if ("POST".equals(httpMethod)) {
// precompute hash of the body content
byte[] contentHash = AWS4SignerBase.hash(messageBody);
contentHashString = BinaryUtils.toHex(contentHash);
headers.put("x-amz-content-sha256", contentHashString);
headers.put("content-length", "" + messageBody.length());
} else if ("GET".equals(httpMethod)) {
contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;
// for a simple GET, we have no body so supply the precomputed 'empty' hash
headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);
} else {
throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");
}
AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(
endpointUrl, httpMethod, serviceName, regionName);
String authorisation = signer.computeSignature(headers,
null, // assume no query parameters
contentHashString,
awsAccessKey,
awsSecretKey);
headers.put("Authorization", authorisation);
return headers;
}
}
AWS4SignerBase、AWS4SignerForAuthorizationHeader、BinaryUtils 类直接来自AWS示例。唯一困难的是为您的特定服务找到 serviceName,对于 Elastic Search 可能是 es。
作为替代方案,如果您可以使用(并负担得起 soapUI Pro),它有 built-in features to do all this 适合您。