我正在尝试使用vb脚本从AWS S3中获取对象,但是我一直收到错误消息“ SignatureDoesNotMatch”
我使用vb脚本和Javascript构建了HASH函数的代码
这是我的代码
<script type="text/javascript" language="javascript" runat="server" src="js/crypto-js/core.js"></script>
<script type="text/javascript" language="javascript" runat="server" src="js/crypto-js/enc-base64.js"></script>
<script type="text/javascript" language="javascript" runat="server" src="js/crypto-js/sha256.js"></script>
<script type="text/javascript" language="javascript" runat="server" src="js/crypto-js/hmac.js"></script>
<script type="text/javascript" language="javascript" runat="server">
var CryptoJS; //Hay que declararla para que esté al alcance de VBScript
</script>
<script language="vbscript" runat="server">
Class Encrypt_Cfg
public iv
public mode
public padding
Function hasOwnProperty(name)
hasOwnProperty = (name="iv" or name="mode" or name="padding")
End Function
End Class
</script>
<%
Function mac256(key, ent)
Dim encWA
Set encWA = ConvertUtf8StrToWordArray(ent)
Dim keyWA
Set keyWA = ConvertUtf8StrToWordArray(key)
Dim resWA
Set resWA = CryptoJS.HmacSHA256(encWA, key)
Set mac256 = resWA
End Function
Function ConvertUtf8StrToWordArray(data)
If (typename(data) = "String") Then
Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data)
Elseif (typename(data) = "JScriptTypeInfo") Then
On error resume next
'Set ConvertUtf8StrToWordArray = CryptoJS.enc.Utf8.parse(data.toString(CryptoJS.enc.Utf8))
Set ConvertUtf8StrToWordArray = CryptoJS.lib.WordArray.create().concat(data) 'Just assert that data is WordArray
If Err.number>0 Then
Set ConvertUtf8StrToWordArray = Nothing
End if
On error goto 0
Else
Set ConvertUtf8StrToWordArray = Nothing
End if
End Function
Function ToIsoDateTime(datetime)
ToIsoDateTime = ToIsoDate(datetime) & "T" & ToIsoTime(datetime) & CurrentTimezone
End Function
Public Function ToIsoDate(datetime)
ToIsoDate = CStr(Year(datetime)) & "-" & StrN2(Month(datetime)) & "-" & StrN2(Day(datetime))
End Function
Public Function ToIsoTime(datetime)
ToIsoTime = StrN2(Hour(datetime)) & ":" & StrN2(Minute(datetime)) & ":" & StrN2(Second(datetime))
End Function
Private Function StrN2(n)
If Len(CStr(n)) < 2 Then StrN2 = "0" & n Else StrN2 = n
End Function
Function formatNumber(value, digits)
if digits > len(value) then
formatNumber = String(digits-len(value),"0") & value
else
formatNumber = value
end if
End Function
'adjust time to GMT'
gettime = DateAdd("h",-8,now())
gettime = DateAdd("s",3,gettime)
isotimestamp = ToIsoDateTime(gettime)&"Z"
isotimestamp2 = replace(isotimestamp,"-","")
isotimestamp2 = replace(isotimestamp2,":","")
Const access_key = "AKIAIOSFODNN7EXAMPLE"
Const secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
datestamp = Year(date) & formatNumber(Month(date),2) & formatNumber(Day(date),2)
service = "s3"
host = "mubucketname.amazonaws.com"
region = "us-east-2"
endpoint = "http://mubucketname.s3.amazonaws.com"
request_parameters = ""
method = "GET"
request_parameters = ""
canonical_uri = "/mubucketname/test.txt"
canonical_querystring = request_parameters
canonical_headers = "host:" & host & vbLf & "x-amz-content-sha256:UNSIGNED-PAYLOAD" & vbLf & "x-amz-date:" & isotimestamp2 & vbLf
signed_headers = "host;x-amz-content-sha256;x-amz-date"
payload_hash = "UNSIGNED-PAYLOAD"
canonical_request = method & vbLf & Server.URLEncode(canonical_uri) & vbLf & canonical_querystring & vbLf & canonical_headers & vbLf & signed_headers & vbLf & payload_hash
algorithm = "AWS4-HMAC-SHA256"
credential_scope = datestamp & "/" & region & "/" & service & "/" & "aws4_request"
string_to_sign = algorithm & vbLf & isotimestamp2 & vbLf & credential_scope & vbLf & sha256(canonical_request)
kDate = mac256("AWS4"&access_key, datestamp)
kRegion = mac256(kDate, region)
kService = mac256(kRegion, service)
kSigning = mac256(kService, "aws4_request")
signing_key = kSigning
signature = mac256(signing_key, string_to_sign)
authorization_header = algorithm & " " & "Credential=" & access_key & "/" & credential_scope & ", " & "SignedHeaders=" & signed_headers & ", " & "Signature=" & signature
'headers = {"x-amz-date":amzdate, "x-amz-content-sha256": "UNSIGNED-PAYLOAD", "Authorization":authorization_header}
request_url = endpoint & canonical_uri
response.write "<b>Credential_Scope</b><br>"
response.write credential_scope
response.write "<br><br>"
response.write "<b>Canonical_Request</b><br>"
response.write canonical_request
response.write "<br><br>"
response.write "<b>StringToSign</b><br>"
response.write string_to_sign
response.write "<br><br>"
response.write "<b>SigningKey</b><br>"
response.write signing_key
response.write "<br><br>"
response.write "<b>Signature</b><br>"
response.write signature
response.write "<br><br>"
response.write "<b>Authorization Header</b><br>"
response.write authorization_heade
response.write "<br><br>"
Dim strSignature: strSignature = Signature
Dim strAuthorization: strAuthorization = "AWS " & strAccessKeyID & ":" & strSignature
'-- Upload: --'
Dim xhttp: Set xhttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
xhttp.open "GET", request_url, False
xhttp.setRequestHeader "Content-Type", "text/plain"
xhttp.setRequestHeader "Host", awsbucket & ".s3.amazonaws.com/"
xhttp.setRequestHeader "x-amz-date", isotimestamp2
xhttp.setRequestHeader "x-amz-content-sha256", "UNSIGNED-PAYLOAD"
xhttp.setRequestHeader "Authorization", authorization_header
xhttp.send
If xhttp.status = "200" Then
s3_Upload = "1"
Else
s3_Upload = "0:" & xhttp.responseText
End If
response.write s3_Upload
Set xhttp = Nothing
%>
无论我尝试了什么,我总是收到我的签名不匹配的错误
“我们计算出的请求签名与您提供的签名不匹配。请检查您的密钥和签名方法”
我很确定我已经遵循了每个步骤
这是AWS S3文档 https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
任何想法我该如何解决?