2017-07-29 118 views
1

我正在使用boto3生成上傳文件到s3的簽名。Python S3上傳簽名不匹配

我得到錯誤我們計算的請求籤名與您提供的簽名不匹配。檢查你的密鑰和簽名方法。

這是我迄今爲止所做的。

policy_document = {'expiration': '2017-07-29T07:51:16.010Z', 'conditions': [{'acl': 'public-read'}, {'bucket': 'testinstantrad'}, {'Content-Type': 'application/pdf'}, {'success_action_status': '200'}, {'key': 'web_uploads/3bda0d30-a556-4347-973b-ae21957d808f-Amendments.pdf'}, {'x-amz-meta-qqfilename': 'Amendments.pdf'}, ['content-length-range', '0', '5000000']]} 

policy = base64.b64encode(json.dumps(policy_document).encode("utf-8")) 
signature= base64.b64encode(hmac.new(b'AWS_SECRET_KEY', json.dumps(policy_document).encode(), hashlib.sha1).digest("utf-8")) 

response_payload = json.dumps({'policy' : policy, 'signature' : signature}) 

更多下面的錯誤:

接收響應狀態403體: SignatureDoesNotMatch我們計算出你所提供的簽名不匹配的請求籤名。檢查你的密鑰和簽名method.AKIAJJ5AEA2H4Y4C4R4Qb'eyJleHBpcmF0aW9uIjogIjIwMTctMDctMjlUMTE6MzY6NDcuOTY5WiIsICJjb25kaXRpb25zIjogW3siYWNsIjogInB1YmxpYy1yZWFkIn0sIHsiYnVja2V0IjogInRlc3RpbnN0YW50cmFkIn0sIHsiQ29udGVudC1UeXBlIjogImFwcGxpY2F0aW9uL3BkZiJ9LCB7InN1Y2Nlc3NfYWN0aW9uX3N0YXR1cyI6ICIyMDAifSwgeyJrZXkiOiAid2ViX3VwbG9hZHMvNTQ0NTY2ODAtNjNjNS00ZTI3LWI4M2QtMTE1YTI2NTM1ZTRjLUFtZW5kbWVudHMucGRmIn0sIHsieC1hbXotbWV0YS1xcWZpbGVuYW1lIjogIkFtZW5kbWVudHMucGRmIn0sIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAiMCIsICI1MDAwMDAwIl1dfQ =='b'vv + KB + QmFLcSYORC4hEisyaULNY = '62 27 65 79 4A 65 6C 48 42 70 63 6D 46 30 61 57 39 75 49 6A 67 6F 49 49 6A 77 54 4D 63 74 4d 44 63 74 4d 6a 6c 55 4d 54 45 36 4d 7a 59 36 4e 44 63 75 4f 54 59 35 57 69 49 73 49 43 4a 6a 62 32 35 6b 61 58 52 70 62 32 35 7a 49 6a 6f 67 57 33 73 69 59 57 4e 73 49 6a 6f 67 49 6e 42 31 59 6d 78 70 59 79 31 79 5a 57 46 6b 49 6e 30 73 49 48 73 69 59 6e 56 6a 61 32 56 30 49 6a 6f 67 49 6e 52 6c 63 33 52 70 62 6e 4e 30 59 57 35 30 63 6d 46 6b 49 6e 30 7 3 49 48 73 69 51 32 39 75 64 47 56 75 64 43 31 55 65 58 42 6c 49 6a 6f 67 49 6d 46 77 63 47 78 70 59 32 46 30 61 57 39 75 4c 33 42 6b 5a 69 4a 39 4c 43 42 37 49 6e 4e 31 59 32 4e 6c 63 33 4e 66 59 57 4e 30 61 57 39 75 58 33 4e 30 59 58 52 31 63 79 49 36 49 43 49 79 4d 44 41 69 66 53 77 67 65 79 4a 72 5a 58 6b 69 4f 69 41 69 64 32 56 69 58 33 56 77 62 47 39 68 5a 48 4d 76 4e 54 51 30 4e 54 59 32 4f 44 41 74 4e 6a 4e 6a 4e 53 30 30 5a 54 49 33 4c 57 49 34 4d 32 51 74 4d 54 45 31 59 54 49 32 4e 54 4d 31 5a 54 52 6a 4c 55 46 74 5a 57 35 6b 62 57 56 75 64 48 4d 75 63 47 52 6d 49 6e 30 73 49 48 73 69 65 43 31 68 62 58 6f 74 62 57 56 30 59 53 31 78 63 57 5a 70 62 47 56 75 59 57 31 6c 49 6a 6f 67 49 6b 46 74 5a 57 35 6b 62 57 56 75 64 48 4d 75 63 47 52 6d 49 6e 30 73 49 46 73 69 59 32 39 75 64 47 56 75 64 43 31 73 5a 57 35 6e 64 47 67 74 63 6d 46 75 5a 32 55 69 4c 43 41 69 4d 43 49 73 49 43 49 31 4d 44 41 77 4d 44 41 77 49 6c 31 64 66 51 3d 3d 2746B920FF32C5D0AFrRgGlQJRihHemtLMBf/mQVsXx3AryuJ8 7oQbIVkiAk7HCpM6E9QyAw4Wugp0rgT3cdeRhPjOSjc =

+0

爲什麼不讓客戶照顧它呢? http://boto3.readthedocs.io/en/latest/reference/services/s3.html#client – strongjz

回答

1

我認爲這可能是事實政策需要進行base64編碼。

這是我一直在使用的一些代碼。你會看到細微的差別:

policy_document = '{"expiration": "2018-01-01T00:00:00Z", "conditions": [ {"bucket": "my-bucket"}, ["starts-with", "$key", "uploads/"], {"acl": "private"}, {"success_action_redirect": "http://my-bucket/ok.html"}, ["content-length-range", 0, 1048000] ] }' 

AWS_SECRET_ACCESS_KEY = "XXX" 

policy = base64.b64encode(policy_document) 

signature = base64.b64encode(hmac.new(AWS_SECRET_ACCESS_KEY, policy, hashlib.sha1).digest()) 

policy_document已經是一個字符串,因此缺乏json.dumps()但它在散列在使用前經過b64encode()

+0

感謝您的回覆。然而,policy = base64.b64encode(policy_document)給我一個類似字節的對象是必需的,而不是字符串 –

+0

@ErnestAppiah這不是這個答案告訴你在代碼中改變的東西。您應該將'policy'傳遞給HMAC算法,以便該值已經在base64內* there *:'base64.b64encode(hmac.new(b'AWS_SECRET_KEY',policy,hashlib.sha1).digest(「utf-8 「))' –

+0

是的!您正在計算'策略',但不在散列中使用它。您錯誤地使用'policy_document'。 –