Signature4签名以在AWS中进行弹性搜索 [英] Signature4 signing for elastic search in aws
问题描述
我正在使用AWS管理的Elasticsearch/我正在使用高级Java客户端进行弹性搜索.有没有一种方法可以对高级客户端发出的请求使用aws signature4签名?
I'm using the aws managed elasticsearch/ I'm using the high-level java client for elastic search. Is there a way to use aws signature4 signing for the requests made with the high level client?
推荐答案
所有您需要执行的签名计算并将适当的标头添加到您的请求中.请参阅示例:AWS签名中的签名计算适用于Java和C#示例的版本4 .我接受了这段代码并将自己的界面放在顶部:
All you need to do perform the signing calculations and add the appropriate headers to your request. See Examples: Signature Calculations in AWS Signature Version 4 for Java and C# examples. I took took this code and put my own interface on top:
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerBase;
import net.craigcaulfield.awsutils.signing.auth.AWS4SignerForAuthorizationHeader;
import net.craigcaulfield.awsutils.signing.util.BinaryUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
/**
* A utility for calculating an AWS Signature Version 4 signature headers for requests. See
* http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-examples-using-sdks.html for the full description.
*
* @author Craig Caulfield
*/
public class SigningUtility {
/**
* Build the authorization headers to be added to the service request.
*
* @param regionName AWS region
* @param url service URL
* @param awsAccessKey AWS access key
* @param awsSecretKey AWS secret key
* @param messageBody the message body for POSTs
* @param httpMethod the HTTP verb used for this message (GET, POST, etc)
* @param serviceName the AWS service (s3, execite-api, ...)
* @return authorisation headers to add to the request.
*/
public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey,
String messageBody, String httpMethod, String serviceName) {
URL endpointUrl;
try {
endpointUrl = new URL(url);
} catch (MalformedURLException e) {
throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
}
String contentHashString;
Map<String, String> headers = new HashMap<>();
if ("POST".equals(httpMethod)) {
// precompute hash of the body content
byte[] contentHash = AWS4SignerBase.hash(messageBody);
contentHashString = BinaryUtils.toHex(contentHash);
headers.put("x-amz-content-sha256", contentHashString);
headers.put("content-length", "" + messageBody.length());
} else if ("GET".equals(httpMethod)) {
contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;
// for a simple GET, we have no body so supply the precomputed 'empty' hash
headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);
} else {
throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");
}
AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(
endpointUrl, httpMethod, serviceName, regionName);
String authorisation = signer.computeSignature(headers,
null, // assume no query parameters
contentHashString,
awsAccessKey,
awsSecretKey);
headers.put("Authorization", authorisation);
return headers;
}
}
AWS4SignerBase,AWS4SignerForAuthorizationHeader,BinaryUtils类直接来自AWS示例.唯一困难的是为您的特定服务找到serviceName,对于Elastic Search来说可能是es.
The AWS4SignerBase, AWS4SignerForAuthorizationHeader, BinaryUtils classes come directly from the AWS example. The only hard bit is finding the serviceName for your particular service, which for Elastic Search is probably es.
作为替代方案,如果可以使用(并提供soapUI Pro),它具有
As an alternative, if you can make use of (and afford soapUI Pro), it has built-in features to do all this for you.
这篇关于Signature4签名以在AWS中进行弹性搜索的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
