AWS签名与凭据不匹配

时间:2020-03-05 15:20:16

标签: php json amazon-web-services post amazon-s3

我正在使用aws APi发送我的JSON数据,但是在生成错误时出现错误 它总是说我们计算出的请求签名与您提供的签名不匹配。 我已使用http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html来获得奖赏

但是签名总是错误的

这是我的发送请求

define('S3_KEY', '#######');
    define('S3_SECRET', '###########');
    define('S3_REGION', 'ap-southeast-2');

if ( empty( S3_KEY ) ) {
    throw new Exception('No S3_KEY defined');
}

if ( empty( S3_SECRET ) ) {
    throw new Exception('No S3_SECRET defined');
}

if ( empty( S3_REGION ) ) {
    throw new Exception('No S3_REGION defined');
}


/// AWS API keys
$aws_access_key_id = S3_KEY;
$aws_secret_access_key = S3_SECRET;


$aws_region = S3_REGION;
$host_name = 'sul5ad38qb.execute-api.ap-southeast-2.amazonaws.com';
$content='{
    "callbackApiKey": "1234-1234-1234-1234-123412341234",
    "callbackUrl": "https://pcs-supplied-urlxxxxyz",
    "id": "00003b18e77a447a9c25e8ab3bsrbest",
    "submission": {
        "AgedCareResidentialACFIEvent": {
            "commonEventHeader": {
                "uniqueEventID": "aaaa12345678901234567890",
                "sequenceNumber": "1",
                "EDIMinorCustomerID": "MUS12345"
            },
            "agedCareACFIEventHeader": {
                "reClaimType": "N",
                "agedCareServiceNumber": "1234",
                "acfiScheme": "B"
            },
        }

}';
$content_type = 'application/json';
// Service name for S3
$aws_service_name = 'execute-api';

// UTC timestamp and date
$timestamp = gmdate('Ymd\THis\Z');
$date = gmdate('Ymd');


// HTTP request headers as key & value
$request_headers = array();
$request_headers['Content-Type'] = $content_type;
$request_headers['Date'] = $timestamp;
$request_headers['Host'] = $host_name;
$request_headers['x-amz-content-sha256'] = hash('sha256', $content);
// Sort it in ascending order
ksort($request_headers);

// Canonical headers
$canonical_headers = [];
foreach($request_headers as $key => $value) {
    $canonical_headers[] = strtolower($key) . ":" . $value;
}
$canonical_headers = implode("\n", $canonical_headers);

// Signed headers
$signed_headers = [];
foreach($request_headers as $key => $value) {
    $signed_headers[] = strtolower($key);
}
$signed_headers = implode(";", $signed_headers);


// Cannonical request 
$canonical_request = [];
$canonical_request[] = "POST";
$canonical_request[] = "/testing/user/";
$canonical_request[] = "";
$canonical_request[] = $canonical_headers;
$canonical_request[] = "";
$canonical_request[] = $signed_headers;
$canonical_request[] = hash('sha256', $content);
$canonical_request = implode("\n", $canonical_request);
$canonical_request="'".$canonical_request."'";
$error=[];
$error[]=$canonical_request;

$hashed_canonical_request = hash('sha256', $canonical_request);


// AWS Scope
$scope = [];
$scope[] = $date;
$scope[] = $aws_region;
$scope[] = $aws_service_name;
$scope[] = "aws4_request";

// String to sign
$string_to_sign = [];
$string_to_sign[] = "AWS4-HMAC-SHA256"; 
$string_to_sign[] = $timestamp; 
$string_to_sign[] = implode('/', $scope);
$string_to_sign[] = $hashed_canonical_request;
$string_to_sign = implode("\n", $string_to_sign);
$string_to_sign="'".$string_to_sign."'";
$error[]=$string_to_sign;

// Signing key
$kSecret = 'AWS4' . $aws_secret_access_key;
$kDate = hash_hmac('sha256', $date, $kSecret, true);
$kRegion = hash_hmac('sha256', $aws_region, $kDate, true);
$kService = hash_hmac('sha256', $aws_service_name, $kRegion, true);
$kSigning = hash_hmac('sha256', 'aws4_request', $kService, true);

// Signature
$signature = bin2hex(hash_hmac('sha256', $string_to_sign, $kSigning));



// Authorization
$authorization = [
    'Credential=' . $aws_access_key_id . '/' . implode('/', $scope),
    'SignedHeaders=' . $signed_headers,
    'Signature=' . $signature
];
$authorization = 'AWS4-HMAC-SHA256' . ' ' . implode( ',', $authorization);
/*print_r($authorization);
die;*/

// Curl headers
$curl_headers = [ 'Authorization: ' . $authorization ];

foreach($request_headers as $key => $value) {
    $curl_headers[] = $key . ": " . $value;
}

$url = 'https://'. $host_name.'/testing/user/';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
$output = curl_exec($ch); 
$error[]=json_decode($output,true);
print_r($error);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if($http_code != 200) 
    //exit('Error : Failed to upload');
curl_close($ch);

这是来自AWS的回复

<ErrorResponse>
             <Error>
                   <Type>Sender</Type>
                   <Code>SignatureDoesNotMatch</Code>
                   <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
             </Error>
             <RequestID>ba13b457-bd7c-4413-b138-b216f887ac68</RequestID>
        </ErrorResponse>

0 个答案:

没有答案
相关问题
最新问题