86 lines
3.3 KiB
PHP
86 lines
3.3 KiB
PHP
// 腾讯云API签名v3实现示例
|
||
// 本代码基于腾讯云API签名v3文档实现: https://cloud.tencent.com/document/product/213/30654
|
||
// 请严格按照文档说明使用,不建议随意修改签名相关代码
|
||
<?php
|
||
|
||
function sign($key, $msg) {
|
||
return hash_hmac("sha256", $msg, $key, true);
|
||
}
|
||
|
||
// 密钥信息从环境变量读取,需要提前在环境变量中设置 TENCENTCLOUD_SECRET_ID 和 TENCENTCLOUD_SECRET_KEY
|
||
// 使用环境变量方式可以避免密钥硬编码在代码中,提高安全性
|
||
// 生产环境建议使用更安全的密钥管理方案,如密钥管理系统(KMS)、容器密钥注入等
|
||
// 请参见:https://cloud.tencent.com/document/product/1278/85305
|
||
// 密钥可前往官网控制台 https://console.cloud.tencent.com/cam/capi 进行获取
|
||
$secret_id = getenv("TENCENTCLOUD_SECRET_ID");
|
||
$secret_key = getenv("TENCENTCLOUD_SECRET_KEY");
|
||
$token = "";
|
||
|
||
$service = "lighthouse";
|
||
$host = "lighthouse.tencentcloudapi.com";
|
||
$req_region = "ap-guangzhou";
|
||
$version = "2020-03-24";
|
||
$action = "RebootInstances";
|
||
$payload = "{}";
|
||
$params = json_decode($payload);
|
||
$endpoint = "https://lighthouse.tencentcloudapi.com";
|
||
$algorithm = "TC3-HMAC-SHA256";
|
||
$timestamp = time();
|
||
$date = gmdate("Y-m-d", $timestamp);
|
||
|
||
// ************* 步骤 1:拼接规范请求串 *************
|
||
$http_request_method = "POST";
|
||
$canonical_uri = "/";
|
||
$canonical_querystring = "";
|
||
$ct = "application/json; charset=utf-8";
|
||
$canonical_headers = "content-type:".$ct."\nhost:".$host."\nx-tc-action:".strtolower($action)."\n";
|
||
$signed_headers = "content-type;host;x-tc-action";
|
||
$hashed_request_payload = hash("sha256", $payload);
|
||
$canonical_request = "$http_request_method\n$canonical_uri\n$canonical_querystring\n$canonical_headers\n$signed_headers\n$hashed_request_payload";
|
||
|
||
// ************* 步骤 2:拼接待签名字符串 *************
|
||
$credential_scope = "$date/$service/tc3_request";
|
||
$hashed_canonical_request = hash("sha256", $canonical_request);
|
||
$string_to_sign = "$algorithm\n$timestamp\n$credential_scope\n$hashed_canonical_request";
|
||
|
||
// ************* 步骤 3:计算签名 *************
|
||
$secret_date = sign("TC3".$secret_key, $date);
|
||
$secret_service = sign($secret_date, $service);
|
||
$secret_signing = sign($secret_service, "tc3_request");
|
||
$signature = hash_hmac("sha256", $string_to_sign, $secret_signing);
|
||
|
||
// ************* 步骤 4:拼接 Authorization *************
|
||
$authorization = "$algorithm Credential=$secret_id/$credential_scope, SignedHeaders=$signed_headers, Signature=$signature";
|
||
|
||
// ************* 步骤 5:构造并发起请求 *************
|
||
$headers = [
|
||
"Authorization" => $authorization,
|
||
"Content-Type" => "application/json; charset=utf-8",
|
||
"Host" => $host,
|
||
"X-TC-Action" => $action,
|
||
"X-TC-Timestamp" => $timestamp,
|
||
"X-TC-Version" => $version
|
||
];
|
||
if ($req_region) {
|
||
$headers["X-TC-Region"] = $req_region;
|
||
}
|
||
if ($token) {
|
||
$headers["X-TC-Token"] = $token;
|
||
}
|
||
|
||
try {
|
||
$ch = curl_init();
|
||
curl_setopt($ch, CURLOPT_URL, $endpoint);
|
||
curl_setopt($ch, CURLOPT_POST, true);
|
||
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
|
||
curl_setopt($ch, CURLOPT_HTTPHEADER, array_map(function ($k, $v) { return "$k: $v"; }, array_keys($headers), $headers));
|
||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||
$response = curl_exec($ch);
|
||
curl_close($ch);
|
||
|
||
echo $response;
|
||
} catch (Exception $err) {
|
||
echo $err->getMessage();
|
||
}
|
||
|
||
?>
|