kong api网关hmac-auth认证插件的使用

1、安装hmac-auth插件

我这里使用的kong管理界面为konga，在插件中选择hmac-auth插件

接下来我们对hmac-auth插件进行配置

下一步就是如何请求使用hmac-auth插件的网关了，我这里语言使用的是java，加密算法使用的是hmac-sha256，不多说，直接上代码

package com.kong.demo.test;import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;/*** @author ningchengrenjia* @date 2020/7/30 10:13**/
public class Simple {//请求体private static final String BODY="{\"test\":\"test\"}";//用户生成的hmac auth secretprivate static final String SECRET="12345";private static final String URL="";public static void main(String[] args){/*** 请求体加密，若在配置hmac-auth插件选择validate request body为true则需要对请求体进行加密*/String digest = encryptPassword(BODY);//GMT格式时间Date date=new Date();DateFormat format=new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z", Locale.US);format.setTimeZone(TimeZone.getTimeZone("GMT"));String hdate = format.format(date);/*** 生成签名的内容content* 若在配置hmac-auth插件时选择validate request body为true的情况下，content为：* String content=stb.append("date: ").append(hdate).append("\n").append("digest: SHA-256=").append(digest).toString();* 若在配置hmac-auth插件时选择validate request body为false的情况下，content为：* String content=stb.append("date: ").append(hdate).toString();** content中的内容都需要添加到请求头中，具体请看httpClient方法*/StringBuilder stb = new StringBuilder();String content=stb.append("date: ").append(hdate).append("\n").append("digest: SHA-256=").append(digest).toString();System.out.println(content);String signature = null;try {signature = new String(Base64.getEncoder().encode(signatureReturnBytes(content, SECRET)), "US-ASCII");System.out.println(signature);} catch (Exception e) {e.printStackTrace();}httpClient(digest,URL,hdate,signature,BODY);}/*** http请求时需要在请求头中添加认证相关信息* Authorization: hmac username="test", algorithm="hmac-sha256", headers="date digest", signature={}"* headers="date digest"中的内容为signature加密的内容，headers中列出的内容要添加到请求头中，如下面请求示例* 如 main 方法中content = stb.append("date: ").append(hdate).toString();* 那么headers="date"*/public static void httpClient(String digest, String url,String date,String signature,String body){CloseableHttpClient httpClient = HttpClients.createDefault();try{HttpPost httpPost = new HttpPost(url);httpPost.setHeader("Content-Type","application/json");httpPost.setHeader("Authorization","hmac username=\"test\", algorithm=\"hmac-sha256\", headers=\"date digest\", signature="+"\""+signature+"\"");httpPost.setHeader("date ",date);httpPost.setHeader("Digest ","SHA-256="+digest);StringEntity stringEntity = new StringEntity(body, "UTF-8");httpPost.setEntity(stringEntity);HttpResponse response = httpClient.execute(httpPost);}catch (Exception e){e.printStackTrace();}}public static byte[] signatureReturnBytes(String data, String key) throws NoSuchAlgorithmException, InvalidKeyException {SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA256");Mac mac = Mac.getInstance("HmacSHA256");mac.init(signingKey);return mac.doFinal(data.getBytes());}public static String encryptPassword(String password){byte[] hashBytes = sha(password);return Base64.getEncoder().encodeToString(hashBytes);}public static byte[] sha(final String strText) {if (strText != null && strText.length() > 0) {try {MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");messageDigest.update(strText.getBytes());return messageDigest.digest();} catch (NoSuchAlgorithmException e) {return null;}}else{return null;}}
}