in src/main/java/com/alibaba/cloudapi/sdk/util/SignUtil.java [81:117]
public static String buildStringToSign(ApiRequest apiRequest) {
StringBuilder sb = new StringBuilder();
sb.append(apiRequest.getMethod().getValue()).append(SdkConstant.CLOUDAPI_LF);
//如果有@"Accept"头,这个头需要参与签名
if (apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_ACCEPT) != null) {
sb.append(apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_ACCEPT));
}
sb.append(SdkConstant.CLOUDAPI_LF);
//如果有@"Content-MD5"头,这个头需要参与签名
if (apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_CONTENT_MD5) != null) {
sb.append(apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_CONTENT_MD5));
}
sb.append(SdkConstant.CLOUDAPI_LF);
//如果有@"Content-Type"头,这个头需要参与签名
if (apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_CONTENT_TYPE) != null) {
sb.append(apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_CONTENT_TYPE));
}
sb.append(SdkConstant.CLOUDAPI_LF);
//签名优先读取HTTP_CA_HEADER_DATE,因为通过浏览器过来的请求不允许自定义Date(会被浏览器认为是篡改攻击)
if (apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_DATE) != null) {
sb.append(apiRequest.getFirstHeaderValue(HttpConstant.CLOUDAPI_HTTP_HEADER_DATE));
}
sb.append(SdkConstant.CLOUDAPI_LF);
//将headers合成一个字符串
sb.append(buildHeaders(apiRequest));
//将path、queryParam、formParam合成一个字符串
sb.append(buildResource(apiRequest));
return sb.toString();
}