All Products
Search
Document Center

CDN:URL signing examples

Last Updated:Feb 02, 2024

This topic uses a Python demo to demonstrate how type A signing, type B signing, and type C signing are implemented.

Sample code:

For more information about the URL signing types, see the following topics:

Example:

Note
  • Python has two major versions, Python 2 and Python 3. Python 3 is not backward compatible with Python 2. Therefore, sample code for Python 2 and Python 3 is provided.

  • If a URL contains Chinese characters, encode the URL by using the UrlEncode() function before you run the code for URL signing.

  • Python 2 uses ASCII encoding, and Python 3 uses UTF-8 encoding. You need to use UTF-8 encoding for passing the hash. Therefore, UTF-8 encoding is added to the hashlib.md5() function in the sample code for Python 3.

Python3

import re
import time
import hashlib
import datetime
def md5sum(src):
    m = hashlib.md5()
    m.update(src.encode(encoding='utf-8'))                                    # Add the UTF-8 encoding operation.
    return m.hexdigest()
    # Type A signing
def a_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    rand = "0"      # "0" by default, other value is ok
    uid = "0"       # "0" by default, other value is ok
    sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
    hashvalue = md5sum(sstring)
    auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
    if args:
        return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
    else:
        return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
    # Type B signing
def b_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    # convert unix timestamp to "YYmmDDHHMM" format
    nexp = datetime.datetime.fromtimestamp(exp).strftime('%Y%m%d%H%M')
    sstring = key + nexp + path
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, nexp, hashvalue, path, args)
    # Type C signing
def c_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    hexexp = "%x" %exp
    sstring = key + path + hexexp
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, hashvalue, hexexp, path, args)
    # The following code block shows the values of the uri, key, and exp parameters:
def main():
    uri = "http://example.aliyundoc.com/ping?foo=bar"            # original uri
    key = "<input private key>"                         # private key of authorization
    exp = int(time.time()) + 1 * 3600                   # expiration time: 1 hour after current time
    # "1 * 3600" specifies the TTL value that the signing server assigns to signed URLs. You can specify a value based on your business requirements. Unit: seconds. The TTL value that is assigned by the signing server is irrelevant to the TTL value that is assigned by Alibaba Cloud CDN. 
    # Validity period of a signed URL = UNIX timestamp generated on the signing server + TTL assigned by the signing server + TTL assigned by Alibaba Cloud CDN.
    # For type A signing, if the UNIX timestamp that is generated on the signing server is 1444435200, the TTL value that is assigned by the signing server is 3600, and the TTL value that is assigned by Alibaba Cloud CDN is 1800, the validity period of the URL is 1444440600 (1444435200 + 3600 + 1800).
    # The following example shows how to implement type A signing:
    authuri = a_auth(uri, key, exp)                     # auth type: a_auth / b_auth / c_auth
    print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
    main()

Python2

import re
import time
import hashlib
import datetime
def md5sum(src):
    m = hashlib.md5()
    m.update(src)
    return m.hexdigest()
    # Type A signing
def a_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    rand = "0"      # "0" by default, other value is ok
    uid = "0"       # "0" by default, other value is ok
    sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
    hashvalue = md5sum(sstring)
    auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
    if args:
        return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
    else:
        return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
    # Type B signing
def b_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    # convert unix timestamp to "YYmmDDHHMM" format
    nexp = datetime.datetime.fromtimestamp(exp).strftime('%Y%m%d%H%M')
    sstring = key + nexp + path
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, nexp, hashvalue, path, args)
    # Type C signing
def c_auth(uri, key, exp):
    p = re.compile("^(http://|https://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "http://"
    if not path: path = "/"
    if not args: args = ""
    hexexp = "%x" %exp
    sstring = key + path + hexexp
    hashvalue = md5sum(sstring)
    return "%s%s/%s/%s%s%s" %(scheme, host, hashvalue, hexexp, path, args)
    # The following code block shows the values of the uri, key, and exp parameters:
def main():
    uri = "http://example.aliyundoc.com/ping?foo=bar"            # original uri
    key = "<input private key>"                         # private key of authorization
    exp = int(time.time()) + 1 * 3600                   # expiration time: 1 hour after current time
    # "1 * 3600" specifies the TTL value that the signing server assigns to signed URLs. You can specify a value based on your business requirements. Unit: seconds. The TTL value that is assigned by the signing server is irrelevant to the TTL value that is assigned by Alibaba Cloud CDN. 
    # Validity period of a signed URL = UNIX timestamp generated on the signing server + TTL assigned by the signing server + TTL assigned by Alibaba Cloud CDN.
    # For type A signing, if the UNIX timestamp that is generated on the signing server is 1444435200, the TTL value that is assigned by the signing server is 3600, and the TTL value that is assigned by Alibaba Cloud CDN is 1800, the validity period of the URL is 1444440600 (1444435200 + 3600 + 1800).
    # The following example shows how to implement type A signing:
    authuri = a_auth(uri, key, exp)                     # auth type: a_auth / b_auth / c_auth
    print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
    main()