概述
设备向平台发起 HTTP/HTTPS 请求时,请求报文中需包含签名信息(X-TC-Signature)以验证请求者身份。
签名步骤
设备请求报文示例:
curl -X POST https://ap-guangzhou.gateway.tencentdevices.com/device/register \
-H "Content-Type: application/json; charset=utf-8" \
-H "X-TC-Algorithm: hmacsha256" \
-H "X-TC-Timestamp: 155****065" \
-H "X-TC-Nonce: 5456" \
-H "X-TC-Signature: 2230eefd229f582d8b1b891af****b91597240707d778ab3738f756258d7652c" \
-d '{"ProductId":"ASJ****GX","DeviceName":"xyz"}'
1. 拼接签名字符串
StringToSign =
HTTPRequestMethod + \n +
CanonicalHost + \n +
CanonicalURI + \n +
CanonicalQueryString + \n +
Algorithm + \n +
RequestTimestamp + \n +
Nonce + \n +
HashedCanonicalRequest
| 参数名称 | 描述 |
|---|---|
| HTTPRequestMethod | HTTP 请求方式, 支持 POST |
| CanonicalHost | HTTP 请求的 Host 地址 |
| CanonicalURI | HTTP 请求 URI 。例如 https://ap-guangzhou.gateway.tencentdevices.com/device/register 的 URI 为 /device/register |
| CanonicalQueryString | 发起 HTTP 请求 URL 中的查询字符串,对于 POST 请求,固定为空字符串 "" |
| Algorithm | 签名方法。目前支持 HmacSha256 和 HmacSha1 |
| RequestTimestamp | 请求时间戳 |
| Nonce | 随机数 |
| HashedCanonicalRequest | 请求正文 Hash 值。HTTP 请求正文做 SHA256 哈希,然后十六进制编码,最后编码串转换成小写字母 |
根据以上的规则,示例中的规范签名串如下:
POST
ap-guangzhou.gateway.tencentdevices.com
/device/register
hmacsha256
155****065
5456
35e9c5b0e3ae67532d3c9f17ead6c902226****b1ff7f6e89887f1398934f0642. 计算签名
- 使用密钥签名,包括产品级密钥和设备级密钥,伪代码如下:
Signature = Base64_Encode(HMAC_SHA256(SignSecret, StringToSign))参数名称 描述 SignSecret 签名密钥,如动态注册使用 ProductSecret,设备发布消息或上报日志则使用 psk StringToSign 待签名的字符串 - 使用证书签名,伪代码如下:
Signature = Base64_Encode(RSA_SHA256(PrivateKey, StringToSign))参数名称 描述 PrivateKey 证书私钥,如设备发布消息或上报日志则使用设备的 X509 私钥证书 StringToSign 待签名的字符串
3. 组装请求报文
根据上述得到的签名串,最终完整的请求如下:
POST https://ap-guangzhou.gateway.tencentdevices.com/devregister
Content-Type: application/json
Host: ap-guangzhou.gateway.tencentdevices.com
X-TC-Algorithm: HmacSha256
X-TC-Timestamp: 155****065
X-TC-Nonce: 5456
X-TC-Signature: 2230eefd229f582d8b1b891af71****1597240707d778ab3738f756258d7652c
{"ProductId":"ASJ****GX","DeviceName":"xyz"}
示例代码
Python3 示例代码如下。
import hashlib
import random
import time
import hmac
import base64
if __name__ == '__main__':
sign_format = '%s\n%s\n%s\n%s\n%s\n%d\n%d\n%s'
url_format = '%s://ap-guangzhou.gateway.tencentdevices.com/device/register'
request_format = "{\"ProductId\":\"%s\",\"DeviceName\":\"%s\"}"
device_name = 'dev***'
product_id = 'JCZ****KXS'
product_secret = 'X42fPqw********94cY5sQ1Y'
request_text = request_format % (product_id, device_name)
request_hash = hashlib.sha256(request_text.encode("utf-8")).hexdigest()
nonce = random.randrange(2147483647)
timestamp = int(time.time())
sign_content = sign_format % (
"POST", "ap-guangzhou.gateway.tencentdevices.com",
"/device/register", "", "hmacsha256", timestamp,
nonce, request_hash)
print("\nsign_content: \n" + sign_content)
sign_base64 = base64.b64encode(hmac.new(product_secret.encode("utf-8"),
sign_content.encode("utf-8"), hashlib.sha256).digest())
print("sign_base64: " + str(sign_base64))
是
否
本页内容是否解决了您的问题?