2012-01-26 165 views
6

我想我已經閱讀了幾乎所有的基於64位編碼的瀏覽器,基於表單的帖子閱讀到S3:舊文檔和新文檔。例如:Python生成的S3簽名簽名

http://doc.s3.amazonaws.com/proposals/post.html

即使發現這一點:

http://s3.amazonaws.com/doc/s3-example-code/post/post_sample.html

而不是使用上述或亞馬遜的新政策發生器,或反覆折騰博託,我試圖起草一份更簡單的.py腳本,它從明文文件(policy.txt)中提取策略JSON,然後生成必要的base-64編碼簽名,以幫助我草擬HTML表單。

簽名本身(依賴於編碼策略)沒有正確編碼...可能是由於某種類型的utf-8與ascii或\ n(換行符)問題?

我正在使用的腳本如下,策略和AWS祕密密鑰private_key來自我用來查看此腳本是否有效的AWS測試用例。下面的腳本中包含了正確編碼的簽名 - 如Amazon所引用 - 以供參考。

誰能告訴我爲什麼下面計算的簽名不被亞馬遜?:

提供換句話說,參考簽名匹配:

爲什麼這是正確編碼:

policy_encoded = base64.b64encode(policy) 

但這一個不是:

signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest()) 

PYTHON signature c alculator ...

#!/usr/bin/env python 
# -*- coding: utf-8 -*- 

import base64, hmac, sha 
from sys import argv 

script, policy = argv 

private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o' 
input = open("..Desktop/policy.txt", "rb") 
policy = input.read() 
policy_encoded = base64.b64encode(policy) 
signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest()) 
print "Your policy base-64 encoded is %s." % (policy_encoded) 
print "Your signature base-64 encoded is %s." % (signature) 
print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA=" 

JSON政策(policy.txt中 - UTF-8)

{ "expiration": "2007-12-01T12:00:00.000Z", 
"conditions": [ 
{"bucket": "johnsmith"}, 
["starts-with", "$key", "user/eric/"], 
{"acl": "public-read"}, 
{"success_action_redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html"}, 
["starts-with", "$Content-Type", "image/"], 
{"x-amz-meta-uuid": "14365123651274"}, 
["starts-with", "$x-amz-meta-tag", ""] 
] 
} 
+0

Rik:呃...我很抱歉!甚至沒有看到他們! :(難以讓SO編輯器接受帶有縮進的JSON塊,你能說 - 告訴我應該在解決這個問題時專注於什麼...? – Sean

+1

使用'Ctrl + K'對於縮進代碼塊,它會自動添加4個空格,看看我編輯的內容(點擊[x分鐘前](http://stackoverflow.com/posts/9018767/revisions)以查看以前的修訂版)。主要代碼仍然是格式不正確的,並且太......以及太多的話我也會說你的問題看起來有點「可怕」,重點問題將更有可能解決*(寫出好問題絕非易事)* –

+0

好吧,謝謝,請注意,我想回到你的編輯,我會盡量收緊它,使它不那麼冗長。 – Sean

回答

5

我認爲這是到你policy.txt中文件的內容。

我把政策從引用鏈接(http://doc.s3.amazonaws.com/proposals/post.html)並將其保存爲policy.txt中

{ "expiration": "2007-12-01T12:00:00.000Z", 
    "conditions": [ 
    {"bucket": "johnsmith" }, 
    ["starts-with", "$key", "user/eric/"], 
    {"acl": "public-read" }, 
    {"redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html" }, 
    ["starts-with", "$Content-Type", "image/"], 
    {"x-amz-meta-uuid": "14365123651274"}, 
    ["starts-with", "$x-amz-meta-tag", ""], 
    ] 
} 

爲了得到完全相同的簽名,該文件必須具有完全相同的內容。

作爲參考,當我複製並粘貼: MD5(policy.txt中)= 5bce89d9ff799e2064c136d76bc7fc7a

如果我使用下面的腳本(你的一樣,只是調整的文件名和刪除args

#!/usr/bin/env python 
# -*- coding: utf-8 -*- 

import base64, hmac, sha 

private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o' 
input = open("policy.txt", "rb") 
policy = input.read() 
policy_encoded = base64.b64encode(policy) 
signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest()) 
print "Your policy base-64 encoded is %s." % (policy_encoded) 
print "Your signature base-64 encoded is %s." % (signature) 
print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA=" 

輸出我得到:

 
Your policy base-64 encoded is 
eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjo 
gWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIiB9LAogICAgWyJzdGFydHMtd2l0aCIsICIka2V5Ii 
wgInVzZXIvZXJpYy8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LAogICAgeyJyZWRpcmVjd 
CI6ICJodHRwOi8vam9obnNtaXRoLnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRt 
bCIgfSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHs 
ieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIi 
R4LWFtei1tZXRhLXRhZyIsICIiXSwKICBdCn0K 
Your signature base-64 encoded is 2qCp0odXe7A9IYyUVqn0w2adtCA= 
Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA= 

所以,你的代碼的工作,我只是覺得你簽署一個稍微不同政策(空白區別)