All Products
Search

This Product

    Edge Security Acceleration:URL signing examples

    Document Center

    Edge Security Acceleration:URL signing examples

    Last Updated:Feb 08, 2024

    This topic uses Python demos to demonstrate how to implement three URL signing types.

    Python demos

    For more information about the URL signing types, see the following topics:

    The following code blocks show the demos.

    Note

    • Python has two major versions, Python 2 and Python 3. Python 3 is not backward compatible with Python 2. Therefore, sample code for Python 2 and Python 3 is provided.

    • If a URL contains Chinese characters, encode the URL by using the UrlEncode() function before you run the code for URL signing.

    • Python 2 uses ASCII encoding, and Python 3 uses UTF-8 encoding. You need to use UTF-8 encoding for passing the hash. Therefore, UTF-8 encoding is added to the hashlib.md5() function in the sample code for Python 3.

    Python3

    import re
import time
import hashlib
import datetime
def md5sum(src):
    m = hashlib.md5()
    m.update(src.encode(encoding='utf-8'))                                    # Add the UTF-8 encoding operation.
    return m.hexdigest()
    # Signing type A
def a_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    rand = "0"      # "0" by default, other value is ok
    uid = "0"       # "0" by default, other value is ok
    sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
    hashvalue = md5sum(sstring)
    auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
    if args:
        return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
    else:
        return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
    # Signing type B
def b_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    # convert unix timestamp to "YYmmDDHHMM" format
    nexp = datetime.datetime.fromtimestamp(exp).strftime('%Y%m%d%H%M')
    sstring = key + nexp + path
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, nexp, hashvalue, path, args)
    # Signing type C
def c_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    hexexp = "%x" %exp
    sstring = key + path + hexexp
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, hashvalue, hexexp, path, args)
    # The following section shows the values of the uri, key, and exp parameters.
def main():
    uri = "http://example.aliyundoc.com/ping?foo=bar"            # original uri
    key = "<input private key>"                         # private key of authorization
    exp = int(time.time()) + 1 * 3600                   # expiration time: 1 hour after current itme
    # "1 * 3600" specifies the time-to-live (TTL) value that the signing server assigns to signed URLs. You can customize the value as required. Unit: seconds. The TTL value that is assigned by the signing server is irrelevant to the TTL value that is assigned by DCDN. 
    # Validity period of a signed URL = UNIX timestamp that is generated on the signing server + TTL that is assigned by the signing server + TTL that is assigned by DCDN.
    # For signing type A, if the UNIX timestamp that is generated on the signing server is 1444435200, the TTL value that is assigned by the signing server is 3600, and the TTL value that is assigned by DCDN is 1800, then the validity period of the URL is 1444440600 (1444435200 + 3600 + 1800).
    # The following section shows how to implement signing type A:
    authuri = a_auth(uri, key, exp)                     # auth type: a_auth / b_auth / c_auth
    print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
    main()

    Python2

    import re
import time
import hashlib
import datetime
def md5sum(src):
    m = hashlib.md5()
    m.update(src)
    return m.hexdigest()
    # Signing type A
def a_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    rand = "0"      # "0" by default, other value is ok
    uid = "0"       # "0" by default, other value is ok
    sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
    hashvalue = md5sum(sstring)
    auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
    if args:
        return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
    else:
        return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
    # Signing type B
def b_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    # convert unix timestamp to "YYmmDDHHMM" format
    nexp = datetime.datetime.fromtimestamp(exp).strftime('%Y%m%d%H%M')
    sstring = key + nexp + path
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, nexp, hashvalue, path, args)
    # Signing type C
def c_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    hexexp = "%x" %exp
    sstring = key + path + hexexp
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, hashvalue, hexexp, path, args)
    # The following section shows the values of the uri, key, and exp parameters.
def main():
    uri = "http://example.aliyundoc.com/ping?foo=bar"            # original uri
    key = "<input private key>"                         # private key of authorization
    exp = int(time.time()) + 1 * 3600                   # expiration time: 1 hour after current itme
    # "1 * 3600" specifies the time-to-live (TTL) value that the signing server assigns to signed URLs. You can customize the value as required. Unit: seconds. The TTL value that is assigned by the signing server is irrelevant to the TTL value that is assigned by DCDN. 
    # Validity period of a signed URL = UNIX timestamp that is generated on the signing server + TTL that is assigned by the signing server + TTL that is assigned by DCDN.
    # For signing type A, if the UNIX timestamp that is generated on the signing server is 1444435200, the TTL value that is assigned by the signing server is 3600, and the TTL value that is assigned by DCDN is 1800, then the validity period of the URL is 1444440600 (1444435200 + 3600 + 1800).
    # The following section shows how to implement signing type A:
    authuri = a_auth(uri, key, exp)                     # auth type: a_auth / b_auth / c_auth
    print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
    main()