发布到AWS S3签名不匹配错误

时间:2013-03-14 11:47:35

标签: python rest amazon-s3 base64

这是我的表格

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  </head>
  <body>

  <form action="http://mybucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
    Key to upload: <input type="input" name="key" value="user/eric/" /><br />
    <input type="hidden" name="acl" value="public-read" />



    <input type="hidden" name="AWSAccessKeyId" value="myAWSId" />
    <input type="hidden" name="Policy" value="Base64EncodingOfPolicy"/>
    <input type="hidden" name="Signature" value="Signature Calculated as urlencode(base64(HMAC-SHA1(secret, policy base64 encoded string same as utf-8 encoded)))" />
    File: <input type="file" name="file" /> <br />
    <!-- The elements after this will be ignored -->
    <input type="submit" name="submit" value="Upload to Amazon S3" />
  </form>

</html>

这是我的政策

{ "expiration": "2014-12-01T12:00:00.000Z",

  "conditions": [

    {"acl": "public-read" },

    {"bucket": "mybucket" },

    ["starts-with", "$key", "user/eric/"],

  ]

}

这是base64编码的策略

eyAiZXhwaXJhdGlvbiI6ICIyMDE0LTEyLTAxVDEyOjAwOjAwLjAwMFoiLA0KDQogICJjb25kaXRp
b25zIjogWw0KDQogICAgeyJhY2wiOiAicHVibGljLXJlYWQiIH0sDQoNCiAgICB7ImJ1Y2tldCI6
ICJoYWJpdHN1c2VybWVkaWEiIH0sDQoNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNl
ci9lcmljLyJdLA0KDQogIF0NCg0KfQ==

我尝试过使用带有和不带换行符的base64编码字符串。在使用上述编码和换行符时,我应该记住一些特定内容吗?

即使多次尝试考虑所有可能的排列,我仍然会收到SignatureDoesNotMatch错误。

我还使用了签名验证工具并检查了AWS接受的内容并且匹配。 http://aws.amazon.com/code/199

我该如何调试?如果您已使用REST API成功发布到S3,您可以共享该代码段吗?

1 个答案:

答案 0 :(得分:1)

好的我能在一段时间后解决这个问题。

这是我生成签名的python代码

import base64
import hmac
from hashlib import sha1
import urllib


input = open("policy.txt", "rb")
policy = input.read()
policy_encoded = base64.b64encode(policy).encode("UTF-8")
secret = "<my_aws_secret>"

print 'Encoded Policy  %s' %(policy_encoded)

hashed = hmac.new(secret,policy_encoded, sha1)


#This is the required value
signature = base64.b64encode(hashed.digest())

#This is not required for a HTTP POST form based request, only when it has to be passed in urlencoded format
signature_urlencoded = urllib.quote_plus(base64.b64encode(hashed.digest()))

print 'Signature urlencoded  %s' %(signature)

我的policy.txt是

{ "expiration": "2014-12-01T12:00:00.000Z",

"conditions": [

        {"acl": "public-read" },

        {"bucket": "<mybucket>" },

        {"success_action_status" : "201"},

        ["starts-with", "$key", "uploads/"],
        ]

}

我的表格看起来像

<form action="http://habitsusermedia.s3.amazonaws.com/" method="post" enctype="multipart/form-data">

                <input type="hidden" name="acl" value="public-read" />
                <input type="input" name="key" value="uploads/${filename}" />
                <input type="hidden" name="success_action_status" value="201" />

                <input type="hidden" name="AWSAccessKeyId" value="<aws_access_key>" />

                <input type="hidden" name="Policy" value="<policy_encoded_as_base64>"/>

                <input type="hidden" name="Signature" value="<signature>" />

                File: <input type="file" name="file" /> <br />

                <!-- The elements after this will be ignored -->
                <input type="submit" name="submit" value="Upload to Amazon S3" />
                </form>

确保您的AWS存储桶配置为接受来自任何域的POSTS,PUT。使用策略生成工具。

有一篇有用的文章在AWS

上解释了这些概念
相关问题
最新问题