我正在测试AWS SageMaker。我创建了端点,并尝试通过API访问端点(使用此指南:https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html)。但是无法获得过去的授权。我得到的答复是:
我们计算出的请求签名与您提供的签名不匹配。检查您的AWS Secret Access密钥和签名方法。请参阅服务文档以获取详细信息。\ n \ n此请求的规范字符串应为\ n'POST \ n / endpoints / xgboost-2019-12-25-08-51-25-561 / invocations \ n \ nhost: runtime.sagemaker.eu-west-1.amazonaws.com \ nrange:\ nx-amz-date:2019-12-26T14:58:11 + 07:00 \ n \ nhost; range; x-amz-date \ n68d422d2479a3c80b36057bcc22fda937f180e70324fb21e7ef4237fef88f22b '\ n \ n签名字符串应该是\ n'AWS4-HMAC-SHA256 \ n20191226T075811Z \ n20191226 / eu-west-1 / sagemaker / aws4_request \ nef356f71401921f6d7ba59a7942c20b47f26ffc154521d53383edddb8fa5c164'\ n
问题是,我发送的规范字符串是相同的:
POST \ n / endpoints / xgboost-2019-12-25-08-51-25-561 / invocations \ n \ nhost:runtime.sagemaker.eu-west-1.amazonaws.com \ nrange:\ nx- amz-date:2019-12-26T14:58:11 + 07:00 \ n \ nhost; range; x-amz-date \ n68d422d2479a3c80b36057bcc22fda937f180e70324fb21e7ef4237fef88f22b
“字符串到签名”是不同的,但仅与规范字符串,我发送的“字符串到签名”的哈希不同:
AWS4-HMAC-SHA256 \ n20191226T075811Z \ n20191226 / eu-west-1 / sagemaker / aws4_request \ nfbd97be5d9bb67d8cea04d8d31517c3b07d8342505cbd08dea3d6dcfd13f0742
我所有的代码:
$stamp = time();
$body = json_encode([75,41,1,999,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0]);
$canonical = 'POST\n/endpoints/xgboost-2019-12-25-08-51-25-561/invocations\n\nhost:runtime.sagemaker.eu-west-1.amazonaws.com\nrange:\nx-amz-date:' . date('c', $stamp) . '\n\nhost;range;x-amz-date\n' . hash('sha256', $body);
$toSign = 'AWS4-HMAC-SHA256\n' . date('Ymd\This\Z', ($stamp - (3600 * 7))) . '\n' . date('Ymd', $stamp) . '/eu-west-1/sagemaker/aws4_request\n' . hash('sha256', $canonical);
$key = hash_hmac(
'sha256',
hash_hmac(
'sha256',
hash_hmac(
'sha256',
hash_hmac('sha256', "AWS4" . '<Access Key ID>', date('Ymd', $stamp)),
'eu-west-1'
),
'sagemaker'
),
'aws4_request'
);
$signature = hash_hmac('sha256', $toSign, $key);
$headers = [
'Authorization: AWS4-HMAC-SHA256 Credential=<Access Key ID>/' . date('Ymd', $stamp) . '/eu-west-1/sagemaker/aws4_request Signature=' . $signature . ' SignedHeaders=host;range;x-amz-date',
'Content-Type: application/json',
'Accept: application/json',
'X-Amz-Date: ' . date('c', $stamp)
];
使用hash()函数是否错误?