diff --git a/Cargo.toml b/Cargo.toml
index c557dc0..0313f65 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,6 +10,8 @@ edition = "2018"
 argparse = "0.2.2"
 rust-crypto = "0.2.36"
 indicatif = "0.13.0"
+urlencoding = "1.0.0"
+base64 = "0.11.0"
 rust_util = { git = "https://github.com/jht5945/rust_util" }
 
 
diff --git a/src/main.rs b/src/main.rs
index 0eb6735..b70326a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,38 +1,83 @@
+use std::{
+    time::SystemTime,
+};
+use crypto::{
+    mac::{
+        Mac,
+        MacResult,
+    },
+    hmac::Hmac,
+    sha1::Sha1,
+};
+
+pub const OSS_VERB_GET: &str = "GET";
+
+pub struct OSSConfig {
+    pub endpoint: String,
+    pub access_key_id: String,
+    pub access_key_secret: String,
+}
+
 fn main() {
     println!("Hello, world!");
 
-    println!("{}", generate_oss_signed_url("", "", "", "", "", 1_u64, true));
+    println!("{}", SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs());
+
+    println!("{}", generate_oss_signed_url("shanghai.aliyuncs.com", "aaa", "bbb", "aaaa", "b.txt", 1_u64, true));
 }
 
 // https://help.aliyun.com/document_detail/31952.html
-// Signature = urlencode(base64(hmac-sha1(AccessKeySecret,
-//     VERB + "\n"
-//     + CONTENT-MD5 + "\n"
-//     + CONTENT-TYPE + "\n"
-//     + EXPIRES + "\n"
-//     + CanonicalizedOSSHeaders
-//     + CanonicalizedResource)))
-// https://git.hatter.ink/hatter/oss-backupd/wiki/Signed-OSS-URL
 fn generate_oss_signed_url(endpoint: &str, access_key_id: &str, access_key_secret: &str,
-                            bucket_name: &str, key: &str, expire_in_seconds: u64, is_http: bool) -> String {
+                            bucket_name: &str, key: &str, expire_in_seconds: u64, is_https: bool) -> String {
     let mut signed_url = String::new();
-    signed_url.push_str(if is_http {
-        "http://"
-    } else {
-        "https://"
-    });
+    signed_url.push_str(if is_https { "https://" } else { "http://" });
     signed_url.push_str(bucket_name);
     signed_url.push_str(".");
     signed_url.push_str(endpoint);
     signed_url.push_str("/");
     signed_url.push_str(key);
 
+    let current_secs = get_current_secs();
+    let expire_secs = current_secs + expire_in_seconds;
+
     signed_url.push_str("?Expires=");
-    // TODO
+    signed_url.push_str(expire_secs.to_string().as_str());
     signed_url.push_str("&OSSAccessKeyId=");
-    // TODO
+    signed_url.push_str(&urlencoding::encode(access_key_id));
     signed_url.push_str("&Signature=");
-    // TODO
+
+    let to_be_signed = get_to_be_signed(OSS_VERB_GET, expire_secs, bucket_name, key);
+    let signature = to_base64(calc_hmac_sha1(access_key_secret.as_bytes(), to_be_signed.as_bytes()));
+    signed_url.push_str(&urlencoding::encode(signature.as_str()));
 
     signed_url
-}
\ No newline at end of file
+}
+
+fn to_base64(mac_result: MacResult) -> String {
+    base64::encode(mac_result.code())
+}
+
+fn calc_hmac_sha1(key: &[u8], message: &[u8]) -> MacResult {
+    let mut hmac = Hmac::new(Sha1::new(), key);
+    hmac.input(message);
+    hmac.result()
+}
+
+fn get_to_be_signed(verb: &str, expire_secs: u64, bucket_name: &str, key: &str) -> String {
+    let mut to_be_signed = String::new();
+    to_be_signed.push_str(verb);
+    to_be_signed.push_str("\n");
+    to_be_signed.push_str("\n");
+    to_be_signed.push_str("\n");
+    to_be_signed.push_str(expire_secs.to_string().as_str());
+    to_be_signed.push_str("\n");
+    to_be_signed.push_str("/");
+    to_be_signed.push_str(bucket_name);
+    to_be_signed.push_str("/");
+    to_be_signed.push_str(key);
+    to_be_signed
+}
+
+fn get_current_secs() -> u64 {
+    SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs()
+}