1. 首頁
  2. 問答
  3. 張貼到AWS S3簽名不匹配錯誤

張貼到AWS S3簽名不匹配錯誤

2013-03-14 86 views
1

這是我的形式張貼到AWS S3簽名不匹配錯誤

<html> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
    </head> 
    <body> 

    <form action="http://mybucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data"> 
    Key to upload: <input type="input" name="key" value="user/eric/" /><br /> 
    <input type="hidden" name="acl" value="public-read" /> 



    <input type="hidden" name="AWSAccessKeyId" value="myAWSId" /> 
    <input type="hidden" name="Policy" value="Base64EncodingOfPolicy"/> 
    <input type="hidden" name="Signature" value="Signature Calculated as urlencode(base64(HMAC-SHA1(secret, policy base64 encoded string same as utf-8 encoded)))" /> 
    File: <input type="file" name="file" /> <br /> 
    <!-- The elements after this will be ignored --> 
    <input type="submit" name="submit" value="Upload to Amazon S3" /> 
    </form> 

</html>

這是我的政策

{ "expiration": "2014-12-01T12:00:00.000Z", 

    "conditions": [ 

    {"acl": "public-read" }, 

    {"bucket": "mybucket" }, 

    ["starts-with", "$key", "user/eric/"], 

    ] 

}

這是編碼政策的base64

eyAiZXhwaXJhdGlvbiI6ICIyMDE0LTEyLTAxVDEyOjAwOjAwLjAwMFoiLA0KDQogICJjb25kaXRp 
b25zIjogWw0KDQogICAgeyJhY2wiOiAicHVibGljLXJlYWQiIH0sDQoNCiAgICB7ImJ1Y2tldCI6 
ICJoYWJpdHN1c2VybWVkaWEiIH0sDQoNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNl 
ci9lcmljLyJdLA0KDQogIF0NCg0KfQ==

我已經使用了嘗試帶有和不帶換行符的base64編碼字符串。在使用上述編碼和換行符時,我是否應該記住一些具體的內容?

即使經過多次嘗試考慮所有可能的排列,我仍然會收到SignatureDoesNotMatch錯誤。

我還使用了簽名驗證工具,並檢查了AWS接受和匹配的內容。 http://aws.amazon.com/code/199

我該如何去調試呢?如果您已成功使用REST API發佈到S3,您是否可以共享該代碼段?

來源

2013-03-14 Pratik Mandrekar

回答

1

好的我在一段時間後能夠解決這個問題。

這是我的Python代碼生成簽名

import base64 
import hmac 
from hashlib import sha1 
import urllib 


input = open("policy.txt", "rb") 
policy = input.read() 
policy_encoded = base64.b64encode(policy).encode("UTF-8") 
secret = "<my_aws_secret>" 

print 'Encoded Policy %s' %(policy_encoded) 

hashed = hmac.new(secret,policy_encoded, sha1) 


#This is the required value 
signature = base64.b64encode(hashed.digest()) 

#This is not required for a HTTP POST form based request, only when it has to be passed in urlencoded format 
signature_urlencoded = urllib.quote_plus(base64.b64encode(hashed.digest())) 

print 'Signature urlencoded %s' %(signature)

我policy.txt中是

{ "expiration": "2014-12-01T12:00:00.000Z", 

"conditions": [ 

     {"acl": "public-read" }, 

     {"bucket": "<mybucket>" }, 

     {"success_action_status" : "201"}, 

     ["starts-with", "$key", "uploads/"], 
     ] 

}

我的形式看起來像

<form action="http://habitsusermedia.s3.amazonaws.com/" method="post" enctype="multipart/form-data"> 

       <input type="hidden" name="acl" value="public-read" /> 
       <input type="input" name="key" value="uploads/${filename}" /> 
       <input type="hidden" name="success_action_status" value="201" /> 

       <input type="hidden" name="AWSAccessKeyId" value="<aws_access_key>" /> 

       <input type="hidden" name="Policy" value="<policy_encoded_as_base64>"/> 

       <input type="hidden" name="Signature" value="<signature>" /> 

       File: <input type="file" name="file" /> <br /> 

       <!-- The elements after this will be ignored --> 
       <input type="submit" name="submit" value="Upload to Amazon S3" /> 
       </form>

確保您的AWS桶配置爲接受來自任何域的POSTS,PUT。爲此使用策略生成工具。

有一篇有用的文章解釋這些概念AWS

來源

2013-03-15 16:29:25

相關問題

 相關問題