1. 首頁
  2. 問答
  3. 如何爲AWS Import API請求生成簽名?

如何爲AWS Import API請求生成簽名?

2010-09-16 44 views
4

按照AWS導入API文檔的要求是這樣的:如何爲AWS Import API請求生成簽名?

POST/HTTP/1.1 
content-type:application/x-www-form-urlencoded;charset=utf-8 
host: https://importexport.amazonaws.com 
content-length:356 

Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket 
%0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 
Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 
S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 
postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 
country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& 
SignatureVersion=2&SignatureMethod=%2FVfkltRBOoSUi1sWxRzN8rw%3D

正如你可以看到主體數據的最後一個參數是是SignatureMethod。但它看起來像簽名。我發現了SignatureMethod的兩個可用值。他們是HmacSHA1和HmacSHA256。

爲了生成Signature查詢字符串,我使用了aws/s3 gem,最後我得到了類似前一個請求的請求,但最後發生了很小的變化。

POST/HTTP/1.1 
content-type:application/x-www-form-urlencoded;charset=utf-8 
host: https://importexport.amazonaws.com 
content-length:356 

Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket 
%0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 
Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 
S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 
postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 
country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& 
SignatureVersion=2&SignatureMethod=HmacSHA1&Expires=2010-09-16T00:50:54-07:00&Signature=%2FVfkltRBOoSUi1sWxRzN8rw%3D

但是,響應仍然是403禁止。

HTTP/1.1 403 Forbidden 
x-amzn-RequestId: c0cb004b-c15e-11df-ad6c-5731ef5a3d54 
Content-MD5: HvqVlJqxxJ5B5A73W4nUCg== 
Content-Type: text/xml 
Content-Length: 439 
Date: Thu, 16 Sep 2010 06:50:55 GMT 

<ErrorResponse xmlns="http://importexport.amazonaws.com/doc/2010-06-01/"> 
    <Error> 
    <Type>Sender</Type> 
    <Code>SignatureDoesNotMatch</Code> 
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message> 
    </Error> 
    <RequestId>c0cb004b-c15e-11df-ad6c-5731ef5a3d54</RequestId> 
</ErrorResponse>

你可以找到我用來測試這個位置http://gist.github.com/581726

請告訴我出了什麼問題,以及如何正確地生成簽名的代碼。

來源

2010-09-16 mhorbul

回答

1

我不知道這種寶石做什麼,但一個基本的簽署是這樣的:

aws_secret = 'foo' # aws provides this 

query_string = 'Operation=CreateJob&Manifest=...' # this is for your api call 

hmac = HMAC::SHA256.new(aws_secret) 
hmac.update(query_string) 
signature = Base64.encode64(hmac.digest).chomp

BTW:既然你在這裏分享你的快捷鍵,您應該重新生成憑證。

來源

2011-12-01 12:21:41 Till

相關問題

 相關問題