1. 首页
  2. 问答
  3. 张贴到AWS S3签名不匹配错误

张贴到AWS S3签名不匹配错误

2013-03-14 124 views
1

这是我的形式张贴到AWS S3签名不匹配错误

<html> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
    </head> 
    <body> 

    <form action="http://mybucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data"> 
    Key to upload: <input type="input" name="key" value="user/eric/" /><br /> 
    <input type="hidden" name="acl" value="public-read" /> 



    <input type="hidden" name="AWSAccessKeyId" value="myAWSId" /> 
    <input type="hidden" name="Policy" value="Base64EncodingOfPolicy"/> 
    <input type="hidden" name="Signature" value="Signature Calculated as urlencode(base64(HMAC-SHA1(secret, policy base64 encoded string same as utf-8 encoded)))" /> 
    File: <input type="file" name="file" /> <br /> 
    <!-- The elements after this will be ignored --> 
    <input type="submit" name="submit" value="Upload to Amazon S3" /> 
    </form> 

</html>

这是我的政策

{ "expiration": "2014-12-01T12:00:00.000Z", 

    "conditions": [ 

    {"acl": "public-read" }, 

    {"bucket": "mybucket" }, 

    ["starts-with", "$key", "user/eric/"], 

    ] 

}

这是编码政策的base64

eyAiZXhwaXJhdGlvbiI6ICIyMDE0LTEyLTAxVDEyOjAwOjAwLjAwMFoiLA0KDQogICJjb25kaXRp 
b25zIjogWw0KDQogICAgeyJhY2wiOiAicHVibGljLXJlYWQiIH0sDQoNCiAgICB7ImJ1Y2tldCI6 
ICJoYWJpdHN1c2VybWVkaWEiIH0sDQoNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNl 
ci9lcmljLyJdLA0KDQogIF0NCg0KfQ==

我已经使用了尝试带有和不带换行符的base64编码字符串。在使用上述编码和换行符时,我是否应该记住一些具体的内容?

即使经过多次尝试考虑所有可能的排列,我仍然会收到SignatureDoesNotMatch错误。

我还使用了签名验证工具,并检查了AWS接受和匹配的内容。 http://aws.amazon.com/code/199

我该如何去调试呢?如果您已成功使用REST API发布到S3,您是否可以共享该代码段?

来源

2013-03-14 Pratik Mandrekar

回答

1

好的我在一段时间后能够解决这个问题。

这是我的Python代码生成签名

import base64 
import hmac 
from hashlib import sha1 
import urllib 


input = open("policy.txt", "rb") 
policy = input.read() 
policy_encoded = base64.b64encode(policy).encode("UTF-8") 
secret = "<my_aws_secret>" 

print 'Encoded Policy %s' %(policy_encoded) 

hashed = hmac.new(secret,policy_encoded, sha1) 


#This is the required value 
signature = base64.b64encode(hashed.digest()) 

#This is not required for a HTTP POST form based request, only when it has to be passed in urlencoded format 
signature_urlencoded = urllib.quote_plus(base64.b64encode(hashed.digest())) 

print 'Signature urlencoded %s' %(signature)

我policy.txt中是

{ "expiration": "2014-12-01T12:00:00.000Z", 

"conditions": [ 

     {"acl": "public-read" }, 

     {"bucket": "<mybucket>" }, 

     {"success_action_status" : "201"}, 

     ["starts-with", "$key", "uploads/"], 
     ] 

}

我的形式看起来像

<form action="http://habitsusermedia.s3.amazonaws.com/" method="post" enctype="multipart/form-data"> 

       <input type="hidden" name="acl" value="public-read" /> 
       <input type="input" name="key" value="uploads/${filename}" /> 
       <input type="hidden" name="success_action_status" value="201" /> 

       <input type="hidden" name="AWSAccessKeyId" value="<aws_access_key>" /> 

       <input type="hidden" name="Policy" value="<policy_encoded_as_base64>"/> 

       <input type="hidden" name="Signature" value="<signature>" /> 

       File: <input type="file" name="file" /> <br /> 

       <!-- The elements after this will be ignored --> 
       <input type="submit" name="submit" value="Upload to Amazon S3" /> 
       </form>

确保您的AWS桶配置为接受来自任何域的POSTS,PUT。为此使用策略生成工具。

有一篇有用的文章解释这些概念AWS

来源

2013-03-15 16:29:25

相关问题

 相关问题