LabVIEW网络服务安全2
在客户端应用程序中创建签名
对请求进行签名要求您具有能够从客户端的编程语言调用的MD5摘要算法以及SHA256加密摘要算法的实现。这两种算法通常都可用于大多数平台。还需要:
1. 要使用的HTTP方法的字符串(“GET”、“POST”、“PUT”、“DELETE”)
2. 目标IP地址(或DNS主机名)
3. 在该地址请求的网址
4. HTTP内容正文(可能出现在“PUT”或“POST”请求中)
5. 当前时((in UTCtime using format ‘YYYY-MM-DD HH:MM:SSZ’)
6. 安全密钥的两个元素(访问ID和密钥ID)
例如,给定以下HTTP请求:
Method = GET
Time = 2008-07-23 22:41:02Z
URL = /quotes/NATI
1. 客户端创建许多单独的字符串元素,这些元素将连接在一起。这些元素是:
要使用的HTTP方法的字符串(“GET”、“POST”、“PUT”、“DELETE”)
“GET”
2. URL请求
'/quotes/NATI'
3. 当前时间(以UTC时间使用格式“YYYY-MM-DDHH:MM:SSZ”)
'2008-07-2322:41:02Z'
4. The Access ID portion of the Security Key
1. 'PqVr/ifkAQh+lVrdPIykXlFvg12GhhQFR8H9cUhphgg=' the default Access ID的机密The clientcreates a number of individual string elements that will get concatenatedtogether. These elements are:
The string for the HTTP method to be used (‘GET’, ‘POST’, ‘PUT’, ‘DELETE’)
‘GET’
2. The URL requested
'/quotes/NATI'
3. The current time of day (in UTC time using format‘YYYY-MM-DD HH:MM:SSZ’)
‘2008-07-23 22:41:02Z’
4. The Access ID portion of the Security Key
'PqVr/ifkAQh+lVrdPIykXlFvg12GhhQFR8H9cUhphgg=' ß the defaultAccess ID
5. The hex-encoded MD5 digest of the Secret ID portion ofthe Security Key
Given: 'pTe9HRlQuMfJxAG6QCGq7UvoUpJzAzWGKy5SbZ+roSU=' ß the defaultSecret ID
‘4ce83e7d608f70375fd1cda0a6f3ae66’ ß the hex-encodedMD5 digest of the Secret ID string
6. The hex-encoded MD5 digest of the content-body if thereis a content-body for the request (Not applicable for this request becausethere is no content-body for a GET request).
Appendedtogether, these give us a string of:
‘GET/quotes/NATI2008-07-23
22:41:02ZPqVr/ifkAQh+lVrdPIykXlFvg12GhhQFR8H9cUhphgg=4ce83e7d608f70375fd1cda0a6f3ae66’
为了形成最终签名,我们一起附加:
1. ‘NIWS’ (for requests with no content-body, or forrequests in which we do not want to include the content-body as part of thesignature) or ‘NIWS2’ (for requests with a content body).
2. A blank space (0x20).
3. The Access ID
4. A colon (0x3a)
5. The Base64-encoded SHA256 digest, as calculated above.
Thisgives us the signature string:
‘PqVr/ifkAQh+lVrdPIykXlFvg12GhhQFR8H9cUhphgg=:xTDFuYyLJpwOLL2bKKlAco59W/0N53BnVwOGNZ0fX
l0=’
Thissignature string is added to the HTTP request as a header named:“x-ni-authentication”.
Thetimestamp string used to create this signature is also attached to thesignature as a header named “x-ni-date”.
So acomplete signed HTTP request (with ‘\n’ shown to represent the requiredcarriage returns) would look like:
GET/quotes/NATI HTTP/1.1 ‘\n’
x-ni-date:2008-07-23 22:41:02Z ‘\n’
x-ni-authentication:NIWSPqVr/ifkAQh+lVrdPIykXlFvg12GhhQFR8H9cUhphgg=:xTDFuYyLJpwOLL2bKKlAco59W/0N53BnVwOGNZ0fXl0=‘\n’
Thissignature, embedded as HTTP headers, is only for this request. It could onlyhave been
createdby someone who knew the algorithm and both parts of the Security Key. Plus, thesignature includes an encoded version of the timestamp, so the signature has abuilt-in expiration time, as configured on the LabVIEW target. Outside of thattime window, this signature is automatically invalid, preventing later replaysof the request.
Note thatthe timestamp calculations require that the clock be properly set on both theclient and the LabVIEW target. Because the timestamp string is written in UTCtime, the client and servers can each be in different time zones, as long astheir local clocks and time zones are correctly set.
需要说明的是,上述的例程和文档,都是可以下载的,双击即可打开,其中压缩文件是可以采用粘贴复制的方式,拷贝到硬盘上。这不是图片,各位小伙伴看到后尝试一下,这个问题就不用加微信咨询了。有关LabVIEW编程、LabVIEW开发等相关项目,可联系们。附件中的资料这里无法上传,可去公司网站搜索下载。