android学习之七牛（三）--上传凭证

具体过程参考官网开发者指南

转载请注明出处
[我的博客]http://www.lostbug.cn

只记录几个要点

• 书写上传策略

public class ImagePutPolicy implements Serializable {
    private String scope;
    private long deadline;
    private ReturnBody returnBody;
    public ImagePutPolicy( String fileName) {
        scope = QiNiuConstant.SAVESPACE+":"+fileName;
    }

    public long getDeadline() {
        return deadline;
    }

    public void setDeadline(long deadline) {
        this.deadline = System.currentTimeMillis()/1000+deadline;
    }

    public ReturnBody getReturnBody() {
        return returnBody;
    }

    public void setReturnBody(ReturnBody returnBody) {
        this.returnBody = returnBody;
    }

• 将上传策略Object 转Json样式字符串：

引用Google官方[Gson包]https://github.com/google/gson

 Gson gson=new Gson();
 String jsonObject= gson.toJson(mImagePutPolicy);

• 对JSON编码的上传策略进行URL安全的Base64编码，得到待签名字符数组

 String  encodedPutPolicy=Base64.encodeToString(jsonObject.getBytes(),Base64.URL_SAFE);

• 使用SecretKey对上一步生成的待签名字符数组计算HMAC-SHA1签名并进行URL安全的Base64编码：
  这是Android方法，然而用后是 bad token,原来android太智能，自动在后面加了”\n”，

encodedSign=hmacSha1(encodedPutPolicy,secretKey)
public static String hmacSha1(String base, String key)
            throws NoSuchAlgorithmException, InvalidKeyException {
        String type = "HmacSHA1";
        SecretKeySpec secret = new SecretKeySpec(key.getBytes(), type);
        Mac mac = Mac.getInstance(type);
        mac.init(secret);
        byte[] digest = mac.doFinal(base.getBytes());
        return Base64.encodeToString(digest, Base64.URL_SAFE).replaceAll("\n","");
    }

好像android方法与Java方法产生不同结果，用JAVA方法，一切OK:

 Mac mac = javax.crypto.Mac.getInstance("HmacSHA1");
        mac.init(new SecretKeySpec(StringUtils.utf8Bytes(QiNiuConstant.SECRETKEY), "HmacSHA1"));
        String encodedSign = UrlSafeBase64.encodeToString(mac.doFinal(StringUtils.utf8Bytes(encodedPutPolicy)));

• 将AccessKey、encodedSign和encodedPutPolicy用:连接起来

String uploadToken = QiNiuConstant.ACCESSKEY + ":" + encodedSign + ":" + encodedPutPolicy;