Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

Amazon AWS签名V4 Java提供了错误的编码

1 月,3 周 Questions & Answers

我试图创建一个简单的表单,使用AWS签名V4直接从浏览器将对象发布到S3中的bucket中

我使用Java为预签名表单生成策略和签名值。现在,我只想测试它是否有效,所以我不介意这是一个手动签名生成过程

我的Java代码如下

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

public class Lala {    
    static String policy_document = "{ \"expiration\": \"2015-12-30T12:00:00.000Z\"," +
            "  \"conditions\": [" +
            "    {\"bucket\": \"sigv4examplebucket\"}," +
            "    [\"starts-with\", \"$key\", \"user/user1/\"]," +
            "    {\"acl\": \"public-read\"}," +
            "    {\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"}," +
            "    [\"starts-with\", \"$Content-Type\", \"image/\"]," +
            "    {\"x-amz-meta-uuid\": \"14365123651274\"}," +
            "    {\"x-amz-server-side-encryption\": \"AES256\"}," +
            "    [\"starts-with\", \"$x-amz-meta-tag\", \"\"]," +
            "    {\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"}," +
            "    {\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"}," +
            "    {\"x-amz-date\": \"20151229T000000Z\" }" +
            "  ]" +
            "}";

    static String secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";

    public static void main(String[] args) throws Exception {
        // Create a policy using UTF-8 encoding.
        byte[] utf8_policy = policy_document.getBytes("UTF-8");

        // Convert the UTF-8-encoded policy bytes to Base64. The result is the StringToSign.
        String base64_policy = new String(Base64.encodeBase64(utf8_policy));

        // Create a signing key.
        byte[] signing_key = getSignatureKey(secret_key , "20151229", "us-east-1", "s3");

        // Use the signing key to sign the StringToSign using HMAC-SHA256 signing algorithm.
        byte[] signature_bytes = HmacSHA256(base64_policy, signing_key);
        String signature = Hex.encodeHexString(signature_bytes);

        System.out.println(base64_policy);
        System.out.println();
        System.out.println(signature);
    }

    static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception  {
        byte[] kSecret = ("AWS4" + key).getBytes("UTF-8");
        byte[] kDate    = HmacSHA256(dateStamp, kSecret);
        byte[] kRegion  = HmacSHA256(regionName, kDate);
        byte[] kService = HmacSHA256(serviceName, kRegion);
        byte[] kSigning = HmacSHA256("aws4_request", kService);
        return kSigning;
    }

    static byte[] HmacSHA256(String data, byte[] key) throws Exception  {
        String algorithm="HmacSHA256";
        Mac mac = Mac.getInstance(algorithm);
        mac.init(new SecretKeySpec(key, algorithm));
        return mac.doFinal(data.getBytes("UTF-8"));
    }
}

策略文档和访问/密钥对都取自Amazon的示例here

我的代码返回以下Base64编码策略:

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLCAgImNvbmRpdGlvbnMiOiBbICAgIHsiYnVja2V0IjogInNpZ3Y0ZXhhbXBsZWJ1Y2tldCJ9LCAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwgICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwgICAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vc2lndjRleGFtcGxlYnVja2V0LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LCAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sICAgIHsieC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbiI6ICJBRVMyNTYifSwgICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sICAgIHsieC1hbXotY3JlZGVudGlhbCI6ICJBS0lBSU9TRk9ETk43RVhBTVBMRS8yMDE1MTIyOS91cy1lYXN0LTEvczMvYXdzNF9yZXF1ZXN0In0sICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwgICAgeyJ4LWFtei1kYXRlIjogIjIwMTUxMjI5VDAwMDAwMFoiIH0gIF19

还有下面的签名

1df5972015a56d4fdef92944436b91ce1f39b5cc684dcce9f4dab74b82734e84

与亚马逊在上述链接中提供的内容不同

我错过什么了吗?我有一种感觉,policy_document变量中的字符串格式可能会把事情搞砸,但无论我如何格式化它(即新行、转义等),我似乎都无法让它工作


共 (1) 个答案

  1. # 1 楼答案

    解码亚马逊和你的,他们是不一样的,主要是在格式上。简单的格式差异将导致不同的签名哈希

    在您的情况下,需要在每行末尾添加换行符

    亚马逊

    { "expiration": "2015-12-30T12:00:00.000Z",
  "conditions": [
    {"bucket": "sigv4examplebucket"},
    ["starts-with", "$key", "user/user1/"],
    {"acl": "public-read"},
    {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"},
    ["starts-with", "$Content-Type", "image/"],
    {"x-amz-meta-uuid": "14365123651274"},
    {"x-amz-server-side-encryption": "AES256"},
    ["starts-with", "$x-amz-meta-tag", ""],

    {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request"},
    {"x-amz-algorithm": "AWS4-HMAC-SHA256"},
    {"x-amz-date": "20151229T000000Z" }
  ]
}

    你的:

    { "expiration": "2015-12-30T12:00:00.000Z",  "conditions": [    {"bucket": "sigv4examplebucket"},    ["starts-with", "$key", "user/user1/"],    {"acl": "public-read"},    {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"},    ["starts-with", "$Content-Type", "image/"],    {"x-amz-meta-uuid": "14365123651274"},    {"x-amz-server-side-encryption": "AES256"},    ["starts-with", "$x-amz-meta-tag", ""],    {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request"},    {"x-amz-algorithm": "AWS4-HMAC-SHA256"},    {"x-amz-date": "20151229T000000Z" }  ]}
'