diff --git a/config.go b/config.go index c22b792d..cdd4f48c 100644 --- a/config.go +++ b/config.go @@ -1,8 +1,8 @@ package sls const ( - version = "0.6.0" // SDK version - signatureMethod = "hmac-sha1" // Signature method + version = "0.6.0" // SDK version + signatureMethod = "hmac-sha256" // Signature method // OffsetNewest stands for the log head offset, i.e. the offset that will be // assigned to the next message that will be produced to the shard. diff --git a/signature.go b/signature.go index 7e8d8aab..9adc2f79 100644 --- a/signature.go +++ b/signature.go @@ -3,7 +3,7 @@ package sls import ( "crypto/hmac" "crypto/md5" - "crypto/sha1" + "crypto/sha256" "encoding/base64" "fmt" "net/url" @@ -137,8 +137,8 @@ func (s *SignerV1) Sign(method, uri string, headers map[string]string, body []by canoHeaders + "\n" + canoResource - // Signature = base64(hmac-sha1(UTF8-Encoding-Of(SignString),AccessKeySecret)) - mac := hmac.New(sha1.New, []byte(s.accessKeySecret)) + // Signature = base64(hmac-sha256(UTF8-Encoding-Of(SignString),AccessKeySecret)) + mac := hmac.New(sha256.New, []byte(s.accessKeySecret)) _, err = mac.Write([]byte(signStr)) if err != nil { return err diff --git a/signature_test.go b/signature_test.go index a86f05ff..19d21199 100644 --- a/signature_test.go +++ b/signature_test.go @@ -3,10 +3,13 @@ package sls import ( "crypto/md5" "fmt" + "testing" + "time" + + "github.com/Netflix/go-env" "github.com/gogo/protobuf/proto" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" - "testing" ) type SignerV1Suite struct { @@ -14,8 +17,9 @@ type SignerV1Suite struct { AccessKeyID string AccessKeySecret string Endpoint string - - signer Signer + env TestEnvInfo + signer Signer + client ClientInterface } func (s *SignerV1Suite) SetupTest() { @@ -26,16 +30,21 @@ func (s *SignerV1Suite) SetupTest() { accessKeyID: s.AccessKeyID, accessKeySecret: s.AccessKeySecret, } + _, err := env.UnmarshalFromEnviron(&s.env) + s.Require().NoError(err) + s.client = CreateNormalInterface(s.env.Endpoint, + s.env.AccessKeyID, + s.env.AccessKeySecret, "") } func (s *SignerV1Suite) TestSignatureGet() { headers := map[string]string{ "x-log-apiversion": "0.6.0", - "x-log-signaturemethod": "hmac-sha1", + "x-log-signaturemethod": "hmac-sha256", "x-log-bodyrawsize": "0", "Date": "Mon, 3 Jan 2010 08:33:47 GMT", } - digest := "Rwm6cTKzoti4HWoe+GKcb6Kv07E=" + digest := "hNNf3Nv33R//Gxu++a0anEi7d5xbS5gapaPd/6eIxTk=" expectedAuthStr := fmt.Sprintf("SLS %v:%v", s.AccessKeyID, digest) err := s.signer.Sign("GET", "/logstores", headers, nil) @@ -87,7 +96,7 @@ func (s *SignerV1Suite) TestSignaturePost() { } h := map[string]string{ "x-log-apiversion": "0.6.0", - "x-log-signaturemethod": "hmac-sha1", + "x-log-signaturemethod": "hmac-sha256", "x-log-bodyrawsize": "50", "Content-MD5": md5Sum, "Content-Type": "application/x-protobuf", @@ -95,7 +104,7 @@ func (s *SignerV1Suite) TestSignaturePost() { "Date": "Mon, 3 Jan 2010 08:33:47 GMT", } - digest := "87xQWqFaOSewqRIma8kPjGYlXHc=" + digest := "GGHiEECbn3P3QaMh2fLMs94z95xDVeQmhULhe54o0S4=" err = s.signer.Sign("GET", "/logstores/app_log", h, body) if err != nil { assert.Fail(s.T(), err.Error()) @@ -105,6 +114,47 @@ func (s *SignerV1Suite) TestSignaturePost() { assert.Equal(s.T(), expectedAuthStr, auth) } +func (s *SignerV1Suite) TestSignV1Req() { + p := s.env.ProjectName + l := "test-signv1" + exists, err := s.client.CheckProjectExist(p) + s.Require().NoError(err) + if !exists { + _, err = s.client.CreateProject(p, "") + s.Require().NoError(err) + } + exists, err = s.client.CheckLogstoreExist(p, l) + s.Require().NoError(err) + if !exists { + err = s.client.CreateLogStore(p, l, 7, 1, false, 64) + s.Require().NoError(err) + } + _, err = s.client.GetLogStore(p, l) + s.Require().NoError(err) + time.Sleep(time.Second * 5) + t := uint32(time.Now().Unix()) + err = s.client.PutLogs(p, l, &LogGroup{ + Logs: []*Log{ + { + Time: &t, + Contents: []*LogContent{ + { + Key: proto.String("test"), + Value: proto.String("test"), + }, + }, + }, + }, + }) + s.Require().NoError(err) + cursor, err := s.client.GetCursor(p, l, 0, "end") + s.Require().NoError(err) + cursorTime, err := s.client.GetCursorTime(p, l, 0, cursor) + s.Require().NoError(err) + s.Greater(cursorTime.Unix(), int64(0)) + s.client.DeleteLogStore(p, l) +} + func TestSignerV1Suite(t *testing.T) { suite.Run(t, new(SignerV1Suite)) } diff --git a/signature_v4_test.go b/signature_v4_test.go index d80d4706..bbd3a31e 100644 --- a/signature_v4_test.go +++ b/signature_v4_test.go @@ -141,13 +141,13 @@ func (s *SignerV4Suite) TestSignV4Case6() { func (s *SignerV4Suite) TestSignV1Case1() { headers := map[string]string{ "x-log-apiversion": "0.6.0", - "x-log-signaturemethod": "hmac-sha1", + "x-log-signaturemethod": "hmac-sha256", "x-log-bodyrawsize": "0", "Date": "Mon, 3 Jan 2010 08:33:47 GMT", } mockAKID := "mockAccessKeyID" mockAKSec := "mockAccessKeySecret" - expSign := "Rwm6cTKzoti4HWoe+GKcb6Kv07E=" + expSign := "hNNf3Nv33R//Gxu++a0anEi7d5xbS5gapaPd/6eIxTk=" expAuth := fmt.Sprintf("SLS %s:%s", mockAKID, expSign) v1 := SignerV1{accessKeyID: mockAKID, accessKeySecret: mockAKSec} @@ -176,7 +176,7 @@ func (s *SignerV4Suite) TestSignV1Case2() { } mockAKID := "mockAccessKeyID" mockAKSec := "mockAccessKeySecret" - expSign := "87xQWqFaOSewqRIma8kPjGYlXHc=" + expSign := "GGHiEECbn3P3QaMh2fLMs94z95xDVeQmhULhe54o0S4=" expAuth := fmt.Sprintf("SLS %s:%s", mockAKID, expSign) v1 := SignerV1{ accessKeyID: mockAKID,