无法在Python中为方法构造AWS S3签名
我有一段Python代码,试图创建对AWS的签名HTTPS调用。(来自) 然而,我得到的回应是无法在Python中为方法构造AWS S3签名,python,amazon-web-services,amazon-s3,Python,Amazon Web Services,Amazon S3,我有一段Python代码,试图创建对AWS的签名HTTPS调用。(来自) 然而,我得到的回应是 403我们计算的请求签名与您提供的签名不匹配。检查服务器上的“密钥和签名方法”。 我可以从AWS CLI运行该命令,这样我就知道我的密钥是有效的,并且我在网上找不到任何与我当前拥有的密钥不同的内容。此外,我已经查看了Boto3,它无法执行我想要的操作 import sys, os, base64, datetime, hashlib, hmac import requests # pip insta
403我们计算的请求签名与您提供的签名不匹配。检查服务器上的“密钥和签名方法”。import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# Standard Variables
aws_service = 's3'
aws_region = 'us-east-1'
endpoint = 'https://s3.amazonaws.com'
algorithm = 'AWS4-HMAC-SHA256'
signedHeaders = 'host;x-amz-content-sha256;x-amz-date'
def test():
method = 'GET'
requestParameters = 'max-keys=2'
path = '/'
bucket = 'my-test-bucket'
signatureRequest(method, requestParameters, path, bucket)
# Creates the Authorization Header for the request
def signatureRequest(method, requestParameters, objPath, bucket):
accessKey = os.environ.get('AWS_ACCESSKEY_ID')
secretKey = os.environ.get('AWS_SECRET_ACCESSKEY')
if accessKey is None or secretKey is None:
print 'No access key is available.'
sys.exit()
# Variables
host= aws_service + '.' + aws_region + '.amazonaws.com'
t = datetime.datetime.utcnow()
amzDate = t.strftime('%Y%m%dT%H%M%SZ')
dateStamp = t.strftime('%Y%m%d')
canonicalUri = objPath
canonicalQuerystring = 'Action=' + requestParameters
payloadHash = hashlib.sha256('').hexdigest() # hash is always '' for GET
#--- Create the request (Task 1) ---
canonicalHeaders = 'host:' + host + '\n' + 'x-amz-content-sha256:' + payloadHash + '\n' + 'x-amz-date:' + amzDate + '\n'
canonicalRequest = method + '\n' + canonicalUri + '\n' + canonicalQuerystring + '\n' + canonicalHeaders + '\n' + signedHeaders + '\n' + payloadHash
print '--- Canonical Request (Task 1) ---'
print 'method \ncanonicalUri \ncanonicalQuerystring \ncanonical_headers \nsigned_headers \npayload_hash \n'
print '%s \n\n' % canonicalRequest
#--- String to Sign (Task 2) ---
credentialScope = dateStamp + '/' + aws_region + '/' + aws_service + '/' + 'aws4_request'
stringToSign = algorithm + '\n' + amzDate + '\n' + credentialScope + '\n' + hashlib.sha256(canonicalRequest).hexdigest()
#--- Signature (Task 3) ---
signingKey = getSignatureKey(secretKey, dateStamp, aws_region, aws_service)
signature = hmac.new(signingKey, (stringToSign).encode('utf-8'), hashlib.sha256).hexdigest()
#--- authorizationHeader (Task 4) ---
authorizationHeader = algorithm + ' ' + 'Credential=' + accessKey + '/' + credentialScope + ', ' + 'SignedHeaders=' + signedHeaders + ', ' + 'Signature=' + signature
requestUrl = endpoint + '?' + canonicalQuerystring # Creates the URL
#The 'host' header is added automatically by the Python 'requests' library.
headers = {'x-amz-content-sha256': payloadHash, 'x-amz-date':amzDate, 'Authorization':authorizationHeader}
sendRequest(requestUrl, headers)
# Key Signing Functions
def sign(key, msg):
'''
Copied from https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
'''
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):
'''
Copied from https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
'''
kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
print '%s' % kSigning
return kSigning
# Sends the request to AWS and prints the return code
def sendRequest(url, headers):
r = requests.get(url, headers=headers)
print 'Response from AWS: %d\n' % r.status_code
print r.text
我很想知道boto3不能满足您的需求的地方有哪些。boto3涵盖了AWS中的所有API。此外,它还为您处理签名。如果您要自己构建签名,您将进入一个痛苦和痛苦的巨大世界。您肯定应该深入研究boto3。
canonicalQuerystring='Action='+requestParametersAction=requestParameterscanonicalQuerystring='Action='+requestParametersAction=requestParameters