1. 首页
  2. 问答
  3. AWS4签名与Java的基于浏览器的发布

AWS4签名与Java的基于浏览器的发布

2016-04-15 92 views
2

我按照上述例子来创建一个“Base64编码字符串政策”和“签名值”与Java后端:http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.htmlAWS4签名与Java的基于浏览器的发布

但我的“签名值“与示例不符。 我错过了什么吗?

我相信getSignatureKeyHmacSHA256都可以,因为我在可靠的来源中找到了。也许getStringToSign不正确。

这里是我的代码:

import javax.crypto.Mac; 
import javax.crypto.spec.SecretKeySpec; 

import org.apache.commons.codec.binary.Base64; 
import static com.google.common.io.BaseEncoding.base16; 

public class AwsSignatureGenerator { 

    public static void main(String[] args) throws Exception { 
     String signature = getSignature(getSignatureKey("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", 
                 "20151229", 
                 "us-east-1", 
                 "s3")); 
     System.out.println(signature); 
    } 

    public static String getStringToSign(){ 
     String s3Policy = "{ \"expiration\": \"2015-12-30T12:00:00.000Z\", \"conditions\": [ {\"bucket\": \"sigv4examplebucket\"}, [\"starts-with\", \"$key\", \"user/user1/\"], {\"acl\": \"public-read\"}, {\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"}, [\"starts-with\", \"$Content-Type\", \"image/\"], {\"x-amz-meta-uuid\": \"14365123651274\"}, {\"x-amz-server-side-encryption\": \"AES256\"}, [\"starts-with\", \"$x-amz-meta-tag\", \"\"], {\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"}, {\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"}, {\"x-amz-date\": \"20151229T000000Z\" } ] }"; 
     return new Base64().encodeAsString(s3Policy.getBytes()); 
    } 

    public static byte[] HmacSHA256(String data, byte[] key) throws Exception { 
     String algorithm="HmacSHA256"; 
     Mac mac = Mac.getInstance(algorithm); 
     mac.init(new SecretKeySpec(key, algorithm)); 
     return mac.doFinal(data.getBytes("UTF8")); 
    } 

    public static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception { 
     byte[] kSecret = ("AWS4" + key).getBytes("UTF8"); 
     byte[] kDate = HmacSHA256(dateStamp, kSecret); 
     byte[] kRegion = HmacSHA256(regionName, kDate); 
     byte[] kService = HmacSHA256(serviceName, kRegion); 
     byte[] kSigning = HmacSHA256("aws4_request", kService); 
     return kSigning; 
    } 

    public static String getSignature(byte[] key) throws Exception{ 
     return base16().lowerCase().encode(HmacSHA256(getStringToSign(), key)); 
    } 
}

来源

2016-04-15 felipepastorelima

+0

你能在代码中发布错误的大概位置吗? –

+0

我相信“getSignatureKey”和“HmacSHA256”都可以,因为我在可靠的来源中找到了它。也许“** getStringToSign **”是**不正确**。 – felipepastorelima

回答

1

我检查你的政策 用base64它看起来像这样:

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLCAiY29uZGl0aW9ucyI6IFsgeyJidWNrZXQiOiAic2lndjRleGFtcGxlYnVja2V0In0sIFsic3RhcnRzLXdpdGgiLCAiJGtleSIsICJ1c2VyL3VzZXIxLyJdLCB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LCB7InN1Y2Nlc3NfYWN0aW9uX3JlZGlyZWN0IjogImh0dHA6Ly9zaWd2NGV4YW1wbGVidWNrZXQuczMuYW1hem9uYXdzLmNvbS9zdWNjZXNzZnVsX3VwbG9hZC5odG1sIn0sIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwgeyJ4LWFtei1zZXJ2ZXItc2lkZS1lbmNyeXB0aW9uIjogIkFFUzI1NiJ9LCBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXSwgeyJ4LWFtei1jcmVkZW50aWFsIjogIkFLSUFJT1NGT0ROTjdFWEFNUExFLzIwMTUxMjI5L3VzLWVhc3QtMS9zMy9hd3M0X3JlcXVlc3QifSwgeyJ4LWFtei1hbGdvcml0aG0iOiAiQVdTNC1ITUFDLVNIQTI1NiJ9LCB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfSBdIH0=

在JSON,它看起来像这样:

{ 
    "expiration": "2015-12-30T12:00:00.000Z", 
    "conditions": [ 
     { 
      "bucket": "sigv4examplebucket" 
     }, 
     [ 
      "starts-with", 
      "$key", 
      "user/user1/" 
     ], 
     { 
      "acl": "public-read" 
     }, 
     { 
      "success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html" 
     }, 
     [ 
      "starts-with", 
      "$Content-Type", 
      "image/" 
     ], 
     { 
      "x-amz-meta-uuid": "14365123651274" 
     }, 
     { 
      "x-amz-server-side-encryption": "AES256" 
     }, 
     [ 
      "starts-with", 
      "$x-amz-meta-tag", 
      "" 
     ], 
     { 
      "x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request" 
     }, 
     { 
      "x-amz-algorithm": "AWS4-HMAC-SHA256" 
     }, 
     { 
      "x-amz-date": "20151229T000000Z" 
     } 
    ] 
}

根据您的JSON和密钥,正确的签名应该是:

eb9df8c47e9c4bd6090809ed799f0146c71a10f7707aa1acc2c13e736d41ed54

按照这个应用程序,我创建 - >http://ttwd80.github.io/s3postcalculatorverify/

我会然而跳过 X-AMZ-日期和X-AMZ-元UUID

另外请注意, “文件” 字段必须是表单中的最后一个输入(除了提交按钮)。

来源

2016-06-03 22:08:31

相关问题

 相关问题