Obtaining Information
Log in to the eSurfing Cloud network portal, go to Console > Personal Center > Security Settings, and obtain ak and sk.
Basic Signing Process
1. Construct a canonicalized request. Assemble the request content to be sent according to the rules agreed with EOP, so as to ensure that the request content used in client signature and EOP authentication is consistent.
2. Create a string to be signed using the canonicalized request and other information.
3. Use HEADER, ctyun-eop-sk and ctyun-eop-ak to create the key of the Hmac algorithm.
4. Use the key created in Step 3 and the string to be signed to calculate the signature through hmacsha256.
5. Add the created signature information to the HTTP request as a request header.
Creating a String to be Signed
The construction rules of the string to be signed are as follows:
String to be signed = combined list of ranked Headers that need to be signed (key and value) + "\n" + "ranked query" + "\n" + toHex(sha256 (original body)).
1. The headers that you need are concatenated one by one by \n in the format of header_name:header_value. EOP requires the eop-date header to be part of the header, and must be one of the headers to be signed. First, the headers that need to be signed are extracted, their header_name are ranked in the order of 26 English letters, and the ranked list is traversed and assembled into the headers to be signed. Assuming that you need to sign eop-date and host, then the header to be signed is constructed as follows: eop-date:20210531T100101Z\nhost:1.1.1.1:9080\n; The order of the eop-date and host is applied, if you add a ccad header; at the same time, this header also needs to be signed, then the header combination to be signed is as follows: ccda:123\n eop-date:20210531T100101Z\nhost:1.1.1.1:9080\n.
2. Queries are the same as a headers and use the same ranking rules. Queries are concatenated by "&" instead of "\n", and keys and values are concatenated using"=" instead of":". All query parameters need to be signed.
3. The specified body parameter is sha256 digested, and the digested result is converted to hexadecimal.
4. The sorted header, sorted query, and the original body are obtained through the above steps and are concatenated with \n to produce the string to be signed.
Constructing a Dynamic Key
When initiating a request, you need to construct an eop-date time. The format of this time is yyyymmddTHHMMSSZ. To be more concise, it is year, month, day, T hour, minute, and second Z.
1. First, use the ctyun-eop-sk you applied for as the key and eop-date as the data to calculate the ktime. Ktime = hmacSha256(sk, eop-date).
2. Use the ktime as the key and the ctyun-eop-ak data you applied for to calculate the kAk. kAk = hmacsha256(ktime,ctyun-eop-ak).
3. Use the kAk as the key and the year, month and day for the eop-date as the data to calculate the kdate.
Use of Signature
The strings string_sigture and kdate are to be signed; and then based on the result obtained on hmacsha256 (kdate, string_sigture), the result is base64 encoded to obtain the Sigture;
and then the data is integrated into HEADER and placed in http_client, and then you can issue them.
HEADER name is Eop-Authorization. The ctyun-eop-ak Header=The header ranking when you construct the string to be signed. Signature= Calculated Sigture value.
Example: The header sequence of the string you want to sign is eop-date and host; then the value you add to the header is Eop-Authorization: {ctyun-eop-ak} Header=eop-date;host Signature=xad01/ada.