How to Use Signed URLs in Huawei Cloud CDN Service (Sample Python Codes)
Introduction
Hi, 🐱🏍🎯In this article, I will explain what a Signed URL means and how to use the Signed URL feature in the Huawei Cloud CDN service. There are four type of signed URL method on Huawei CDN service. You can find Python3 codes for each method.
What is a Signed URL?
A signed URL temporarily provides access to a resource. Signed URLs contain user/authentication information in their query string, allowing users without credentials to perform specific actions on a resource. You can add more information in the query string and these values cannot be changed on the client-side.
We can use signed URLs for 2 purposes.
1.) If we want the content we created to be active for a short time, the signed URL can be used.
For example, if we want to download a content that we allow to be downloaded within a certain period of time, we can use a signed URL.
The download link will remain active only during the time we have defined.
2.) We can only allow our API feeds to be received by authorized recipients. Anyone who does not have secret key information will not be able to access the content we provide.
We can show mobile applications as an example of usage. Only the mobile application with secret key information will be able to create a signed url and it will not be possible to access this content outside of our mobile application.
How to setup signed URLs in Huawei Cloud CDN service
In the Huawei Cloud CDN service, URL signing can be easily defined in 4 different methods.
Below we will show these 4 types of URL signing and sample Python codes.
Log in to the Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.
The CDN console is displayed.
In the navigation pane, choose Domains.
In the domain list, click the target domain name or click Configure in the Operation column.
Click the Access Control tab and click Sign URL.
Signing Method A
An example Method A signed URL looks like:
http://DomainName/Filename?auth_key=timestamp-rand-uid-md5hash
http://DomainName/Filename?auth_key=timestamp-rand-uid-sha256
You can find detail information about method A from official document page
https://support.huaweicloud.com/intl/en-us/usermanual-cdn/cdn_01_0040.html
The following uses the MD5 algorithm as an example:
Assume the back-to-origin URL is as follows:
http://hwcdn.example.com/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3
Set Private Key to huaweicloud123.
The authentication takes effect since 00:00:00 on June 30, 2017. Timestamp is 1498752000. Set the validity period to 1800s.
The CDN node constructs a string for calculating Hash Value.
/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3–1498752000–0–0-huaweicloud123
The CDN node calculates HashValue according to the signed character string.
HashValue = md5sum(“/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3–1498752000–0–0-huaweicloud123”) = 40e64d69aac7d15edfc6ec8a080042cb
The request URL is as follows:
If the request is within the validity period (from 00:00:00 on June 30, 2017 to 00:30:00 on June 30, 2017) and the calculated Hash Value is the same as the md5hash value (40e64d69aac7d15edfc6ec8a080042cb) carried in the request, the authentication is successful.
In the example below, I will quickly set a Method A signing and show how this signed URL can be created on the client side with Python code.
import hashlib
import time
# replace these values with your own
secret_key = "1password9"
cdn_domain = "method-a.cloudtest.com.tr"
uri = "/homepage.png"
expiration = int(time.time()) + 60 # valid for 60 seconds
#method a
rawdata = "{uri}-{expiration}-0-0-{secret_key}".format(uri=uri, expiration=expiration, secret_key=secret_key)
sha = hashlib.sha256(str(rawdata).encode("utf-8")).hexdigest() #For Sha256 hash
mdpass = hashlib.md5(str(rawdata).encode("utf-8")).hexdigest() #For MD5 hash
signature = mdpass
# construct the signed URL
#method a
method_a = "http://{cdn_domain}{uri}?auth_key={expiration}-0-0-{signature}".format(cdn_domain=cdn_domain, uri=uri, expiration=expiration, signature=signature)
signed_url = method_a
print("private key: " + secret_key)
print("expiration: " + str(expiration))
print("raw data: " + rawdata)
print("signature: " + signature)
print("signed_url: " + signed_url)Copy codeCopy code
Signing Method B
An example signed URL looks like:
http://DomainName/timestamp/sha256/FileName
http://DomainName/timestamp/md5hash/FileName
You can find detail information about method A from official document page
https://support.huaweicloud.com/intl/en-us/usermanual-cdn/cdn_01_0041.html
The following uses the MD5 algorithm as an example:
Assume that the back-to-origin URL is as follows:
http://hwcdn.example.com/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3
Set Private Key to huaweicloud123.
timestamp is 201706301000.
The CDN node constructs a string for calculating md5hash.
huaweicloud123201706301000/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3
The CDN node calculates md5hash according to the signed character string.
md5hash = md5sum(“huaweicloud123201706301000/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3”) = 51415b2256b64a9772a30edf69c00b08
The request URL is:
If the request is within the validity period (from 10:00:00 on June 30, 2017 to 10:30:00 on June 30, 2017) and the calculated md5hash is the same as the md5hash value (51415b2256b64a9772a30edf69c00b08) carried in the request, the authentication is successful.
In the example below, I will quickly set a Method B signing and show how this signed URL can be created on the client side with Python code.
import hashlib
from datetime import datetime, timezone, timedelta
import datetime
# replace these values with your own
secret_key = "1password9"
cdn_domain = "method-B.cloudtest.com.tr"
uri = "/homepage.png"
timezone_offset = 8.0
tzinfo = timezone(timedelta(hours=timezone_offset))
now = datetime.datetime.now(tzinfo)
year_month_day_format = '%Y%m%d%H%M'
expiration =now.strftime(year_month_day_format)
#method b
rawdata = "{secret_key}{expiration}{uri}".format(secret_key=secret_key, expiration=expiration,uri=uri)
sha = hashlib.sha256(str(rawdata).encode("utf-8")).hexdigest() #For Sha256 hash
mdpass = hashlib.md5(str(rawdata).encode("utf-8")).hexdigest() #For MD5 hash
signature = mdpass
# construct the signed URL
#method b
method_b = "http://{cdn_domain}/{expiration}/{signature}{uri}".format(cdn_domain=cdn_domain, expiration=expiration, signature=signature, uri=uri)
signed_url = method_b
print("private key: " + secret_key)
print("expiration: " + str(expiration))
print("raw data: " + rawdata)
print("signature: " + signature)
print("signed_url: " + signed_url)
Signing Method C1
An example signed URL looks like:
http://DomainName/{<sha256>/<timestamp>}/FileName
http://DomainName/{<md5hash>/<timestamp>}/FileName
You can find detail information about method A from official document page
https://support.huaweicloud.com/intl/en-us/usermanual-cdn/cdn_01_0042.html
The following uses the MD5 algorithm as an example:
Assume that the back-to-origin URL is as follows:
http://hwcdn.example.com/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3
Set Private Key to huaweicloud123.
The authentication takes effect since 10:00:00 on June 30, 2017. Timestamp is 5955b0a0. Set the validity period to 1800s.
The CDN node constructs a string for calculating md5hash.
huaweicloud123/T128_2_1_0_sdk/0210/M00/82/3E/test.mp35955b0a0
The CDN node calculates md5hash according to the signed character string.
md5hash = md5sum(huaweicloud123/T128_2_1_0_sdk/0210/M00/82/3E/test.mp35955b0a0) = aecf1b07f481bbb8122eef5cd52a4bc1
The request URL is:
If the request is within the validity period (from 10:00:00 on June 30, 2017 to 10:30:00 on June 30, 2017) and the calculated md5hash is the same as the md5hash value (aecf1b07f481bbb8122eef5cd52a4bc1) carried in the request, the authentication is successful.
In the example below, I will quickly set a Method C1 signing and show how this signed URL can be created on the client side with Python code.
import hashlib
import time
# replace these values with your own
secret_key = "1password9"
cdn_domain = "method-c1.cloudtest.com.tr"
uri = "/homepage.png"
expiration = int(time.time()) + 60 # valid for 60 seconds
#method c1
rawdata= "{secret_key}{uri}{expiration}".format(secret_key=secret_key, uri=uri, expiration=expiration)
sha = hashlib.sha256(str(rawdata).encode("utf-8")).hexdigest() #For Sha256 hash
mdpass = hashlib.md5(str(rawdata).encode("utf-8")).hexdigest() #For MD5 hash
signature = mdpass
# construct the signed URL
#method c1
method_c1 = "http://{cdn_domain}/{signature}/{expiration}{uri}".format(cdn_domain=cdn_domain, signature=signature, expiration=expiration, uri=uri)
signed_url = method_c1
print("private key: " + secret_key)
print("expiration: " + str(expiration))
print("raw data: " + rawdata)
print("signature: " + signature)
print("signed_url: " + signed_url)
Signing Method C2
An example signed URL looks like:
http://DomainName/FileName?auth_key=<sha256>×tamp=<timestamp>
http://DomainName/FileName?auth_key=<md5hash>×tamp=<timestamp>
You can find detail information about method A from official document page
https://support.huaweicloud.com/intl/en-us/usermanual-cdn/cdn_01_0140.html
The following uses the MD5 algorithm as an example:
Assume that the back-to-origin URL is as follows:
http://hwcdn.example.com/T128_2_1_0_sdk/0210/M00/82/3E/test.mp3
Set PrivateKey to huaweicloud123.
The authentication takes effect since 10:00:00 on June 30, 2017. Timestamp is 5955b0a0. Set the validity period to 1800s.
The CDN node constructs a string for calculating md5hash.
huaweicloud123/T128_2_1_0_sdk/0210/M00/82/3E/test.mp35955b0a0
The CDN node calculates md5hash according to the signed character string.
md5hash = md5sum(huaweicloud123/T128_2_1_0_sdk/0210/M00/82/3E/test.mp35955b0a0) = aecf1b07f481bbb8122eef5cd52a4bc1
The request URL is:
If the request is within the validity period (from 10:00:00 on June 30, 2017 to 10:30:00 on June 30, 2017) and the calculated md5hash is the same as the md5hash value (aecf1b07f481bbb8122eef5cd52a4bc1) carried in the request, the authentication is successful.
In the example below, I will quickly set a Method C2 signing and show how this signed URL can be created on the client side with Python code.
import hashlib
import time
# replace these values with your own
secret_key = "1password9"
cdn_domain = "method-c2.cloudtest.com.tr"
uri = "/homepage.png"
expiration = int(time.time()) + 60 # valid for 60 seconds
#method c2
rawdata= "{secret_key}{uri}{expiration}".format(secret_key=secret_key, uri=uri, expiration=expiration)
sha = hashlib.sha256(str(rawdata).encode("utf-8")).hexdigest() #For Sha256 hash
mdpass = hashlib.md5(str(rawdata).encode("utf-8")).hexdigest() #For MD5 hash
signature = mdpass
# construct the signed URL
#method c2
method_c2 = "http://{cdn_domain}{uri}?auth_key={signature}×tamp={expiration}".format(cdn_domain=cdn_domain, uri=uri, signature=signature, expiration=expiration)
signed_url = method_c2
print("private key: " + secret_key)
print("expiration: " + str(expiration))
print("raw data: " + rawdata)
print("signature: " + signature)
print("signed_url: " + signed_url)
Conclusion👌
in conclusion, I wanted to show what the Signed URL service is and how it is used, with sample python codes in this article. This feature for especially who want to publish short-term content or show content within the application. With the sample codes in this article, this feature can be used in other programming languages very easily.
References
- Huawei Cloud official document