使用 sha256sum 作为数据完整性的校验, 并作为签名校验的参数

dfs-store/src/main/java/cn/reghao/dfs/store/controller/ObjectBasicController.java

@@ -57,10 +57,9 @@ public class ObjectBasicController {
         String date = servletRequest.getHeader("x-amz-date");
 
         FileInputStream fis = new FileInputStream(file);
-        byte[] md5 = DigestUtil.md5sum(fis.readAllBytes());
-        String md5Hex = ByteHex.bytes2Hex(md5);
-        String md5Base64 = Base64Util.encode(md5);
-        if (!contentMd5.equals(md5Base64)) {
+        String sha256sum1 = DigestUtil.sha256sum(fis);
+
+        if (!sha256sum.equals(sha256sum1)) {
             return ResponseEntity.status(500).body("md5 不匹配");
         }
 
@@ -73,53 +72,12 @@ public class ObjectBasicController {
                 return ResponseEntity.status(500).body("签名不正确2");
             }
 
-            boolean matched = OssUtil.matchSignature(secretKey, file);
+            boolean matched = OssUtil.matchSignature(secretKey, sha256sum1);
             if (!matched) {
                 return ResponseEntity.status(500).body("签名不正确3");
             }
         }
 
-        /*String authorization = servletRequest.getHeader("authorization");
-        String[] auths = authorization.split(",");
-        String credential = auths[0].replace("AWS4-HMAC-SHA256 ", "").split("=")[1];
-        String[] strs = credential.split("/");
-        String accessKey = strs[0];
-        String date1 = strs[1];
-        String region = strs[2];
-        String service = strs[3];
-        String version = strs[4];
-
-        String[] signedHeaders = auths[1].split("=")[1].split(";");
-        String signature = auths[2].split("=")[1];
-
-        String xAmzDate = servletRequest.getHeader("x-amz-date");
-        TreeMap<String, String> awsHeaders = new TreeMap<>();
-        for (String name : signedHeaders) {
-            servletRequest.getHeader(name);
-            awsHeaders.put(name, servletRequest.getHeader(name));
-        }
-
-        String method = servletRequest.getMethod();
-        String uri = servletRequest.getRequestURI();
-        //String accessKey = "accesskey123456";
-        String secretKey = "secretKey123456";
-        AWS4Signer aWSV4Signer = new AWS4Signer.Builder(accessKey, secretKey)
-                .regionName("cd")
-                .serviceName("s3")
-                .xAmzDate(xAmzDate)
-                .httpMethodName(method)
-                .canonicalURI(uri)
-                .queryParametes(null)
-                .awsHeaders(awsHeaders)
-                .payload(fis.readAllBytes())
-                .build();
-
-        String signature1 = aWSV4Signer.getSignature();
-        if (!signature.equals(signature1)) {
-            log.error("签名不正确");
-            return ResponseEntity.status(500).body("签名不正确");
-        }*/
-
         String objectName = OssUtil.getObjectName();
         objectBasicService.putObject(objectName, file, contentType, sha256sum);
 
@@ -132,7 +90,7 @@ public class ObjectBasicController {
                 .header("Content-Length", "1")
                 .header("Connection", "close")
                 .header("Server", "TNBCloudOSS")
-                .eTag(md5Hex)
+                .eTag(sha256sum1)
                 .build();
     }
 

dfs-store/src/main/java/cn/reghao/dfs/store/util/AWS4Signer.java

@@ -40,6 +40,7 @@ public class AWS4Signer {
         private TreeMap<String, String> queryParametes;
         private TreeMap<String, String> awsHeaders;
         private byte[] payload;
+        private String sha256sum;
 
         public Builder(String accessKeyID, String secretAccessKey) {
             this.accessKeyID = accessKeyID;
@@ -86,6 +87,11 @@ public class AWS4Signer {
             return this;
         }
 
+        public Builder sha256sum(String sha256sum) {
+            this.sha256sum = sha256sum;
+            return this;
+        }
+
         public AWS4Signer build() {
             return new AWS4Signer(this);
         }
@@ -100,6 +106,7 @@ public class AWS4Signer {
     private TreeMap<String, String> queryParametes;
     private TreeMap<String, String> awsHeaders;
     private byte[] payload;
+    private String sha256sum;
 
     /* Other variables */
     private final String HMACAlgorithm = "AWS4-HMAC-SHA256";
@@ -118,6 +125,7 @@ public class AWS4Signer {
         queryParametes = builder.queryParametes;
         awsHeaders = builder.awsHeaders;
         payload = builder.payload;
+        sha256sum = builder.sha256sum;
 
         /* Get current timestamp value.(UTC) */
         //xAmzDate = getTimeStamp();
@@ -179,13 +187,14 @@ public class AWS4Signer {
         canonicalURL.append(strSignedHeader).append("\n");
 
         /* Step 1.6 Use a hash (digest) function like SHA256 to create a hashed value from the payload in the body of the HTTP or HTTPS. */
-        payload = payload == null ? "UNSIGNED-PAYLOAD".getBytes(StandardCharsets.UTF_8) : payload;
+        canonicalURL.append(sha256sum);
+        /*payload = payload == null ? "UNSIGNED-PAYLOAD".getBytes(StandardCharsets.UTF_8) : payload;
         try {
             String sha256Hex = DigestUtil.sha256sum(payload);
             canonicalURL.append(sha256Hex);
         } catch (Exception e) {
             e.printStackTrace();
-        }
+        }*/
 
         return canonicalURL.toString();
     }

dfs-store/src/main/java/cn/reghao/dfs/store/util/OssUtil.java

@@ -76,4 +76,50 @@ public class OssUtil {
         String signature1 = aWSV4Signer.getSignature();
         return signature.equals(signature1);
     }
+
+    public static boolean matchSignature(String secretKey, String sha256sum) throws IOException {
+        HttpServletRequest servletRequest = ServletUtil.getRequest();
+        String host = servletRequest.getHeader("host");
+        String contentType = servletRequest.getHeader("content-type");
+        String contentMd5 = servletRequest.getHeader("content-md5");
+        String date = servletRequest.getHeader("x-amz-date");
+
+        String authorization = servletRequest.getHeader("authorization");
+        String[] auths = authorization.split(",");
+        String credential = auths[0].replace("AWS4-HMAC-SHA256 ", "").split("=")[1];
+        String[] strs = credential.split("/");
+        String accessKey = strs[0];
+        String date1 = strs[1];
+        String region = strs[2];
+        String service = strs[3];
+        String version = strs[4];
+
+        String[] signedHeaders = auths[1].split("=")[1].split(";");
+        String signature = auths[2].split("=")[1];
+
+        String xAmzDate = servletRequest.getHeader("x-amz-date");
+        TreeMap<String, String> awsHeaders = new TreeMap<>();
+        for (String name : signedHeaders) {
+            servletRequest.getHeader(name);
+            awsHeaders.put(name, servletRequest.getHeader(name));
+        }
+
+        //FileInputStream fis = new FileInputStream(file);
+        String method = servletRequest.getMethod();
+        String uri = servletRequest.getRequestURI();
+        AWS4Signer aWSV4Signer = new AWS4Signer.Builder(accessKey, secretKey)
+                .regionName(region)
+                .serviceName(service)
+                .xAmzDate(xAmzDate)
+                .httpMethodName(method)
+                .canonicalURI(uri)
+                .queryParametes(null)
+                .awsHeaders(awsHeaders)
+                //.payload(fis.readAllBytes())
+                .sha256sum(sha256sum)
+                .build();
+
+        String signature1 = aWSV4Signer.getSignature();
+        return signature.equals(signature1);
+    }
 }

dfs-store/src/main/resources/application.yml

@@ -9,7 +9,7 @@ dubbo:
 server:
   port: 8010
   tomcat:
-    basedir: /opt/tmp
+    basedir: /opt/tmp/tomcat
 spring:
   servlet:
     multipart: