Amazon web services 我们计算的请求签名与您提供的签名不匹配。S3 Bucket Http Post_Amazon Web Services_Amazon S3

Amazon web services 我们计算的请求签名与您提供的签名不匹配。S3 Bucket Http Post

amazon-web-services amazon-s3

Amazon web services 我们计算的请求签名与您提供的签名不匹配。S3 Bucket Http Post,amazon-web-services,amazon-s3,Amazon Web Services,Amazon S3,我试图在教程之后使用HTTPPOST方法将图像上传到s3存储桶。但每次我都会遇到以下错误 Error <Code>SignatureDoesNotMatch</Code> <Message> The request signature we calculated does not match the signature you provided. Check your key and signing method. </Message&g

我试图在教程之后使用HTTPPOST方法将图像上传到s3存储桶。但每次我都会遇到以下错误

 Error
 <Code>SignatureDoesNotMatch</Code>
 <Message>
 The request signature we calculated does not match the signature you 
 provided. Check your key and signing method.
  </Message>

要提出请求，我有以下表格：

 <form action="http://mynewdulibucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input"  name="key" value="user/user1/${filename}" /><br />
<input type="hidden" name="acl" value="public-read" />
<input type="hidden" name="success_action_redirect" value="http://mynewdulibucket.s3.amazonaws.com/successful_upload.html" />
Content-Type:
<input type="input"  name="Content-Type" value="image/jpeg" /><br />
<input type="hidden" name="x-amz-meta-uuid" value="14365123651274" />
<input type="hidden" name="x-amz-server-side-encryption" value="AES256" />
<input type="text"   name="X-Amz-Credential" value="XXXXXXXXXXXXX/20151229/us-east-1/s3/aws4_request" />
<input type="text"   name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text"   name="X-Amz-Date" value="20151229T000000Z" />

Tags for File:
<input type="input"  name="x-amz-meta-tag" value="" /> <br />
<input type="hidden" name="Policy" value="XXXXXXXXXXXXXXX"/>
<input type="hidden" name="X-Amz-Signature" value="XXXXXXXXXXXXX" />
File:
<input type="file"   name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />

生成策略和签名并粘贴到相关表单字段的代码是：

public class Main {

public static void main(String[] args) throws Exception
{
    String policy_document = "{\"expiration\":\"2018-12-30T12:00:00.000Z\",\"conditions\":[{\"bucket\":\"mynewdulibucket\"},[\"starts-with\",\"$key\",\"user/user1/MyPhoto.jpg\"],{\"acl\":\"public-read\"},{\"success_action_redirect\":\"http://mynewdulibucket.s3.amazonaws.com/successful_upload.html\"},[\"starts-with\",\"$Content-Type\",\"image/\"],{\"x-amz-meta-uuid\":\"14365123651274\"},{\"x-amz-server-side-encryption\":\"AES256\"},[\"starts-with\",\"$x-amz-meta-tag\",\"\"],{\"x-amz-credential\":\"AKIAJQHQNWQ7FCTGNKQQ/20151229/us-east-1/s3/aws4_request\"},{\"x-amz-algorithm\":\"AWS4-HMAC-SHA256\"},{\"x-amz-date\":\"20151229T000000Z\"}]}";
    String encodedPolicy = new String(Base64.getEncoder().encode(policy_document.getBytes("UTF-8"))).replaceAll("\n", "").replaceAll("\r", "");
    String secretKey = "XXXXXXXXXXXXXXXX";

    String signature = getSigning(secretKey, "20151229T000000Z", "us-east-1", "s3",encodedPolicy);

    //the following values get pasted into the form fields Policy and X-Amz-Signature respectively (see above XXXXX)
    System.out.println("base64 " + encodedPolicy);

    System.out.println("signature " + signature);

}


static byte[] HmacSHA256(String data, byte[] key) throws Exception
{
    String algorithm="HmacSHA256";
    Mac mac = Mac.getInstance(algorithm);
    mac.init(new SecretKeySpec(key, algorithm));
    return mac.doFinal(data.getBytes("UTF8"));
}

static String getSigning(String key, String dateStamp, String regionName, String serviceName,String base64signature) throws Exception {
    byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
    byte[] kDate = HmacSHA256(dateStamp, kSecret);
    byte[] kRegion = HmacSHA256(regionName, kDate);
    byte[] kService = HmacSHA256(serviceName, kRegion);
    //
    byte[] kSigning = HmacSHA256("aws4_request", kService);

    byte[] signature = HmacSHA256(base64signature, kSigning);

    return new String(Base64.getEncoder().encode(signature));
}

当您没有正确地进行身份验证时，就会出现这种误导性错误

验证以下任一情况：

您的~/.aws/config是正确的。您在调用时正确地提供了API密钥。您的环境变量正在正确地传递凭据。从中运行此操作的实例具有分配给其IAM角色的适当权限。

仅供参考您的x-amz-date值可能不是您想要的，因为根据您提供的链接，上传必须在2015年12月30日中午UTC之前进行是的，这就是我将过期日期更改为过期的原因：2018-12-30T12:00:00.000Z请更正策略以指定[以$key开始，user/user1/]，然后重试，并用更正的内容更新问题。另外，不要从表单中取消策略。这不敏感。你解决过这个问题吗，乔治？我在这个问题上看不出任何理由。不明显的是~/.aws/config甚至会被读取，没有对环境变量的引用，API键是硬编码的静态字符串，并且没有使用IAM角色。我唯一一次看到aws在S3调用中吐出签名错误，原因是请求者没有正确地进行身份验证。我错过什么了吗？如果是这样的话，我想了解更多！密钥和密码不匹配，或者密码输入错误，将导致签名不匹配，是的。这里的问题是，您提出的具体建议与问题中提供的材料不匹配。没有使用角色，OP直接对请求进行签名，而不是使用SDK。假设字符串secretKey=xxxxxxxxxxxxxx；还有秋叶。。。如果凭据是正确的，则问题必须出现在OPs签名算法中，或者签名的策略与策略要验证的请求不完全匹配。

public class Main {

public static void main(String[] args) throws Exception
{
    String policy_document = "{\"expiration\":\"2018-12-30T12:00:00.000Z\",\"conditions\":[{\"bucket\":\"mynewdulibucket\"},[\"starts-with\",\"$key\",\"user/user1/MyPhoto.jpg\"],{\"acl\":\"public-read\"},{\"success_action_redirect\":\"http://mynewdulibucket.s3.amazonaws.com/successful_upload.html\"},[\"starts-with\",\"$Content-Type\",\"image/\"],{\"x-amz-meta-uuid\":\"14365123651274\"},{\"x-amz-server-side-encryption\":\"AES256\"},[\"starts-with\",\"$x-amz-meta-tag\",\"\"],{\"x-amz-credential\":\"AKIAJQHQNWQ7FCTGNKQQ/20151229/us-east-1/s3/aws4_request\"},{\"x-amz-algorithm\":\"AWS4-HMAC-SHA256\"},{\"x-amz-date\":\"20151229T000000Z\"}]}";
    String encodedPolicy = new String(Base64.getEncoder().encode(policy_document.getBytes("UTF-8"))).replaceAll("\n", "").replaceAll("\r", "");
    String secretKey = "XXXXXXXXXXXXXXXX";

    String signature = getSigning(secretKey, "20151229T000000Z", "us-east-1", "s3",encodedPolicy);

    //the following values get pasted into the form fields Policy and X-Amz-Signature respectively (see above XXXXX)
    System.out.println("base64 " + encodedPolicy);

    System.out.println("signature " + signature);

}


static byte[] HmacSHA256(String data, byte[] key) throws Exception
{
    String algorithm="HmacSHA256";
    Mac mac = Mac.getInstance(algorithm);
    mac.init(new SecretKeySpec(key, algorithm));
    return mac.doFinal(data.getBytes("UTF8"));
}

static String getSigning(String key, String dateStamp, String regionName, String serviceName,String base64signature) throws Exception {
    byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
    byte[] kDate = HmacSHA256(dateStamp, kSecret);
    byte[] kRegion = HmacSHA256(regionName, kDate);
    byte[] kService = HmacSHA256(serviceName, kRegion);
    //
    byte[] kSigning = HmacSHA256("aws4_request", kService);

    byte[] signature = HmacSHA256(base64signature, kSigning);

    return new String(Base64.getEncoder().encode(signature));
}