Import 如何为AWS导入API请求生成签名？_Import_Amazon S3_Amazon Web Services_Amazon

Import 如何为AWS导入API请求生成签名？

import amazon-s3 amazon-web-services

Import 如何为AWS导入API请求生成签名？,import,amazon-s3,amazon-web-services,amazon,Import,Amazon S3,Amazon Web Services,Amazon,根据AWS导入API文档，请求如下所示： POST / HTTP/1.1 content-type:application/x-www-form-urlencoded;charset=utf-8 host: https://importexport.amazonaws.com content-length:356 Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket %0Aaccess

根据AWS导入API文档，请求如下所示：

POST / HTTP/1.1
content-type:application/x-www-form-urlencoded;charset=utf-8
host: https://importexport.amazonaws.com
content-length:356

Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket 
%0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 
Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 
S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 
postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 
country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& 
SignatureVersion=2&SignatureMethod=%2FVfkltRBOoSUi1sWxRzN8rw%3D

aws_secret = 'foo' # aws provides this

query_string = 'Operation=CreateJob&Manifest=...' # this is for your api call

hmac = HMAC::SHA256.new(aws_secret)
hmac.update(query_string)
signature = Base64.encode64(hmac.digest).chomp

如您所见，正文数据中的最后一个参数是SignatureMethod。但它看起来像签名。我找到了SignatureMethod的两个可用值。它们是HmacSHA1和HmacSHA256

我使用aws/s3 gem来生成签名查询字符串，最后得到的请求与前一个请求类似，但在最后有一点变化

POST / HTTP/1.1
content-type:application/x-www-form-urlencoded;charset=utf-8
host: https://importexport.amazonaws.com
content-length:356

Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket 
%0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 
Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 
S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 
postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 
country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& 
SignatureVersion=2&SignatureMethod=HmacSHA1&Expires=2010-09-16T00:50:54-07:00&Signature=%2FVfkltRBOoSUi1sWxRzN8rw%3D

但回应仍然是403禁止

HTTP/1.1 403 Forbidden
x-amzn-RequestId: c0cb004b-c15e-11df-ad6c-5731ef5a3d54
Content-MD5: HvqVlJqxxJ5B5A73W4nUCg==
Content-Type: text/xml
Content-Length: 439
Date: Thu, 16 Sep 2010 06:50:55 GMT

<ErrorResponse xmlns="http://importexport.amazonaws.com/doc/2010-06-01/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
  </Error>
  <RequestId>c0cb004b-c15e-11df-ad6c-5731ef5a3d54</RequestId>
</ErrorResponse>

你可以在这里找到我用来测试这个的代码

请告诉我哪里出了问题，以及如何正确生成签名。

我不确定这个gem是做什么的，但基本签名是这样工作的：

POST / HTTP/1.1
content-type:application/x-www-form-urlencoded;charset=utf-8
host: https://importexport.amazonaws.com
content-length:356

Operation=CreateJob&Manifest=manifestVersion%3A%202.0%0Abucket%3A%20myBucket 
%0AaccessKeyId%3A%2013Q2729HYRYMYRB3FK02%0AreturnAddress%3A%0A%20%20%20%20name%3A%20 
Amazon.com%20ATTN%20Joe%20Random%20%0A%20%20%20%20street1%3A%201200%20AAAA%20Ave%20 
S.%0A%20%20%20%20city%3A%20Seattle%0A%20%20%20%20stateOrProvince%3A%20WA%0A%20%20%20%20 
postalCode%3A%2098114%0A%20%20%20%20phoneNumber%3A%20206-266-0000%0A%20%20%20%20 
country%3A%20USA&JobType=Import&AWSAccessKeyId=1111729HYRYMYRB3FK02& 
SignatureVersion=2&SignatureMethod=%2FVfkltRBOoSUi1sWxRzN8rw%3D

aws_secret = 'foo' # aws provides this

query_string = 'Operation=CreateJob&Manifest=...' # this is for your api call

hmac = HMAC::SHA256.new(aws_secret)
hmac.update(query_string)
signature = Base64.encode64(hmac.digest).chomp

顺便说一句：您应该重新生成凭据，因为您在此处共享了访问密钥