PHP generates the request signature required by Tencent Cloud COS interface

This article mainly introduces the request signature required to create a COS interface using PHP. It is compared with the examples given in the official documents to verify the correctness of the algorithm. Friends in need can refer to it

What is COS and request signature

COS is the abbreviation and abbreviation of Tencent Cloud Object Storage. The request signature is created by a specific algorithm and needs to be provided by a third party on demand when calling COS related interfaces. A set of string information that will uniquely identify the current third-party identity and provide identification of both communicating parties. Only valid signed COS will provide services

Goal

Use PHP to create the request signature required for the COS interface, compare it with the example given in the official document, and verify the correctness of the algorithm

Understand the request signature

Come first Look at the request signature given in an official document

q-sign-algorithm=sha1&q-ak=[SecretID]&q-sign-time=[SignTime]&q-key-time=[KeyTime]&q-header-list=[SignedHeaderList]&q-url-param-list=[SignedParameterList]&q-signature=[Signature]

Summary of the characteristics of the request signature

• is a string of characters

• key=value key-value pair format, key is a fixed value

• There are 7 pairs of key=value

• sha1 is also a parameter, but As of the official release, only sha1 is supported, so you can directly assign values ​​

• SignedHeaderList, SignedParameterList, and Signature three values ​​need to be generated through algorithms

key values For a detailed description, see the official documentation.

Breakdown one by one

Requesting a signature requires a total of 7 values. Let’s explain one by one below and break each one

q-sign-algorithm

Signature algorithm, official Currently only sha1 is supported, so just give the value directly

q-ak

The account ID, which is the user's SecretId, can be obtained on the console Cloud API Key page

q-sign-time

The valid start and end time of the current signature, Unix timestamp format, English half-width semicolon; separated, format such as 1480932292;1481012298

q-key-time

Same as q-sign-time value

q-header-list

Personal understanding, it consists of HTTP request headers, take all or part of the request headers, and change the request in the form of key:value The key part of the item is taken out, converted to lower case, multiple keys are sorted according to the dictionary, and connected with the characters ; to finally form a string

For example, the original request header has two:

Host:bucket1-1254000000.cos.ap-beijing.myqcloud.com
Content-Type:image/jpeg

key is Host and Content-Type, output after calculation content-type;host

q-url-param-list

Personal understanding, it consists of HTTP request parameters, take all or part of the request parameters, and key The key part of the request parameter in the form of =value is taken out, converted to lowercase, multiple keys are sorted according to the dictionary, connected with the characters ;, and finally formed into a string

For example, the original HTTP request is:

GET /?prefix=abc&max-keys=20

key It is prefix and max-keys. After operation, max-keys; prefix is ​​output. If the request has no parameters such as put and post, it will be empty.

q-signature

Calculated based on HTTP content Signature, algorithm is provided by COS, just give the value as required

Official example and reference result

Before starting to write the logic, first take a look at the reference value given by the official example, and the calculated The final result can be compared with the logic developed by yourself

The original HTTP request can also be understood as the HTTP request before calculating the signature or when no signature is required:

PUT /testfile2 HTTP/1.1
Host: bucket1-1254000000.cos.ap-beijing.myqcloud.com
x-cos-content-sha1: 7b502c3a1f48c8609ae212cdfb639dee39673f5e
x-cos-storage-class: standard
Hello world

After calculating the signature The HTTP request that should be obtained:

PUT /testfile2 HTTP/1.1
Host: bucket1-1254000000.cos.ap-beijing.myqcloud.com
x-cos-content-sha1: 7b502c3a1f48c8609ae212cdfb639dee39673f5e
x-cos-storage-class: standard
Authorization: q-sign-algorithm=sha1&q-ak=AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q&> q-sign-time=1417773892;1417853898&q-key-time=1417773892;1417853898&q-header-list=host;x-cos-content-sha1;x-cos-storage-class&q-url-param-list=&q-signature=14e6ebd7955b0c6da532151bf97045e2c5a64e10
Hello world

Conclusion: The algorithm is correct if it can get the string after Authorization

Preparation work

Let’s take a look (officially provided ) user information and HTTP information:

• SecretId: AKIDQjz3ltompVjBni5LitkWHFlFpwkn9U5q

• SecretKey: BQYIM75p8x0iWVFSIgqEKwFprpRSVHlz

• Signature valid start time: 1417773892

• Signature valid stop time: 1417853898

• HTTP original request header: It is not difficult to obtain according to the example in the previous section The HTTP original request has three contents: Host, x-cos-content-sha1 and x-cos-storage-class

• HTTP request parameters: It is a PUT request, there is no ? parameter

Calculate signature

Put all the parameters in the preparation work into the request signature rules, and you can get the results easily, as shown in the following table:

但 q-signature 怎么来的？

刚才说到，q-signature 也需要特定算法计算得来，下面就说明如何计算

计算请求签名

先看代码：

/**
 * 计算签名
 * secretId、secretKey 为必需参数，qSignStart、qSignEnd为调试需要，测试通过后应取消，改为方法内自动创建
 */
function get_authorization( $secretId, $secretKey, $qSignStart, $qSignEnd, $fileUri, $headers ){
 /* 
 * 计算COS签名
 * 2018-05-17
 * author:cinlap <cash216@163>
 * ref:https://cloud.tencent.com/document/product/436/7778
 */

 $qSignTime = "$qSignStart;$qSignEnd"; //unix_timestamp;unix_timestamp
 $qKeyTime = $qSignTime;

 $header_list = get_q_header_list($headers);
 //如果 Uri 中带有 ?的请求参数，该处应为数组排序后的字符串组合
 $url_param_list = &#39;&#39;;

 //compute signature
 $httpMethod = &#39;put&#39;;
 $httpUri = $fileUri;

 //与 q-url-param-list 相同
 $httpParameters = $url_param_list;

 //将自定义请求头分解为 & 连接的字符串
 $headerString = get_http_header_string( $headers );

 // 计算签名中的 signature 部分
 $signTime = $qSignTime;
 $signKey = hash_hmac(&#39;sha1&#39;, $signTime, $secretKey);
 $httpString = "$httpMethod\n$httpUri\n$httpParameters\n$headerString\n";
 $sha1edHttpString = sha1($httpString);
 $stringToSign = "sha1\n$signTime\n$sha1edHttpString\n";
 $signature = hash_hmac(&#39;sha1&#39;, $stringToSign, $signKey);
 //组合结果
 $authorization = "q-sign-algorithm=sha1&q-ak=$secretId&q-sign-time=$qSignTime&q-key-time=$qKeyTime&q-header-list=$header_list&q-url-param-list=$url_param_list&q-signature=$signature";
 return $authorization;
}

为了测试，该方法参数应该是多过需要了，前六个参数是已经给出的，是来自用户的，因此直接赋值即可得到下边字符串：

$authorization = "q-sign-algorithm=sha1&q-ak=$secretId&q-sign-time=$qSignTime&q-key-time=$qKeyTime...

$header_list 这个值要符合 q-header-list 规则因此需要计算，逻辑是上文已经描述，是从既定的请求项中抽出 key 组成有序字符串，代码如下：

/**
 * 按COS要求对header_list内容进行转换
 * 提取所有key
 * 字典排序
 * key转换为小写
 * 多对key=value之间用连接符连接
 * 
 */
function get_q_header_list($headers){
 if(!is_array($headers)){
  return false;
 }

 try{
  $tmpArray = array();
  foreach( $headers as $key=>$value){
   array_push($tmpArray, strtolower($key));
  }
  sort($tmpArray);
  return implode(';', $tmpArray);
 }
 catch(Exception $error){
  return false;
 }
}

$url-param-list 上面讲过，这个值是HTTP请求参数，对于 PUT 方法没有 ? 参数，自然值为空，所以代码中“偷懒”直接给了空字符串。

Signature 的计算和需要小心的地方

官方已经给出了完整的算法，PHP 甚至还有写好的代码，应该是很幸福了（但！由于看官方文档看的头晕还是踩了坑，随后一起说明），先看一下 signature 的“格式”：

SignKey = HMAC-SHA1(SecretKey,"[q-key-time]")
HttpString = [HttpMethod]\n[HttpURI]\n[HttpParameters]\n[HttpHeaders]\n
StringToSign = [q-sign-algorithm]\n[q-sign-time]\nSHA1-HASH(HttpString)\n
Signature = HMAC-SHA1(SignKey,StringToSign)

再看一下 Signature 的完整算法：

$signTime = $qSignTime;
$signKey = hash_hmac('sha1', $signTime, $secretKey);
$httpString = "$httpMethod\n$httpUri\n$httpParameters\n$headerString\n";
$sha1edHttpString = sha1($httpString);
$stringToSign = "sha1\n$signTime\n$sha1edHttpString\n";
$signature = hash_hmac('sha1', $stringToSign, $signKey);

$signTime：很简单，起止时间组成的字符串，从上文拿来直接用
$signKey：HMAC-SHA1 算法直接计算即可
$httpString：四个部分组成需要分开说
1、$httpMethod：HTTP请求方法，小写，比如 put、get
2、$httpUri：HTTP请求的URI部分，从“/”虚拟根开始，如 /testfile 说明在存储桶根目录下创建一个叫 testfile 的文件，/image/face1.jpg 说明在根目录/image目录下建立一个叫 face1.jpg 的文件，至于是不是图片文件，不管
3、$httpParameters：这是第一个需要小心的地方。由HTTP原始请求参数组成，即请求 URI 中 ? 后面的部分，本例调用的是 PUT Object 接口，因此为空。如果不为空，需要把请求参数每一项的 key 和 value 均转换小写，多对 key=value 按字典排序并以 & 相连接
4、$headerString：这是第二个需要小心的地方，由 HTTP 原始请求头组成，根据请求头，选择全部或部分请求头，把每项的key都转换为小写，把value都进行URLEncode转换，每项格式都改为key=value，然后按照key进行字典排序，最后把它们用连接符 & 组成字符串。这是我整理的逻辑，代码如下：

/**
 * 按COS要求从数组中获取 Signature 中 [HttpString] 内容
 * 标准格式 key=value&key=value&... 
 * 数组元素按键字典排序 * 
 * key转换为小写
 * value进行UrlEncode转换
 * 转换为key=value格式
 * 多对key=value之间用连接符连接
 * 
 */
function get_http_header_string($headers){
 if(!is_array($headers)){
  return false;
 }

 try{
  $tmpArray = array();
  foreach($headers as $key => $value){
   $tmpKey = strtolower($key);
   $tmpArray[$tmpKey] = urlencode($value);
  }
  ksort($tmpArray);
  $headerArray = array();
  foreach( $tmpArray as $key => $value){
   array_push($headerArray, "$key=$value");
  }
  return implode('&', $headerArray);
 }
 catch(Exception $error){
  return false;
 }
}

为什么要小心？

HTTP原始请求头和请求参数用在了四个地方，分别是请求签名里的 q-header-list 和 Signature 里的 HttpHeaders——两者都用到了HTTP原始请求头；请求签名里的 q-url-param-list 和 Signature 里的 HttpParameters——两者都用到了HTTP请求参数。一定要保证HTTP请求头和请求参数所选用的数量和对象一致

• 相同：生成 q-header-list 的HTTP请求头数量和成员要和生成 HttpHeaders 的相同，生成 q-url-param-list 的HTTP请求参数数量和成员要和生成 HttpParameters 的相同

• 不同：q-header-list 和 q-url-param-list 只取 key 部分，HttpHeaders 和 HttpParameters 取 key 和 value 部分

输出结果和校验

至此，请求签名中7个值都有了，有的是来自用户信息，有的需要计算，需要计算的上面也给出了所有的计算方法和为什么如此计算的个人理解。最后只需要按照官方要求进行输出即可。看一下

The above is the detailed content of PHP generates the request signature required by Tencent Cloud COS interface. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

1 months ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

1 months ago By DDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks ago By DDD

InZoi: How To Apply To School And University

3 weeks ago By DDD

Show More

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?

7773

15

Java Tutorial

1644

14

CakePHP Tutorial

1399

52

Laravel Tutorial

1296

25

PHP Tutorial

1234

29

Show More

Related knowledge

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

7 PHP Functions I Regret I Didn't Know Before Nov 13, 2024 am 09:42 AM

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

PHP Program to Count Vowels in a String Feb 07, 2025 pm 12:12 PM

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

How do you parse and process HTML/XML in PHP? Feb 07, 2025 am 11:57 AM

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? Apr 03, 2025 am 12:03 AM

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

See all articles