我是AWS的新手,任何人都可以帮助我如何使用STS API生成会话令牌以将文件上传到S3 的简介: 我浏览了AWS文档并在Google上进行了研究我在下面的库中找到了codeigniter来将文件上传到S3 https://github.com/psugand/CodeIgniter-S3 它工作正常,我可以使用我的访问ID和密钥上传文件。但我们的要求是从Amazon生成获取临时凭证并发送给iOS开发人员,以便他们可以直接将文件上传到S3。我在Amazon文档中找到了以下链接,我需要按照4个任务获取临时凭据。 http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html 但有些反应总是说我创造的签名不匹配。以下是我的代码和亚马逊的回复。如果我做错了什么,请帮助我。
$AWSAccessKeyId = "AKIAIK4R57JLAFN4Z5SA";
$SecretAccessKey = AMAZON_SECRET_KEY;
$region = 'us-east-1';
$service = 'sts';
$term = 'aws4_request';
$Timestamp = gmdate('D, d M Y H:i:s') . ' GMT';
$date = gmdate('Ymd\THis\Z');
$credentialsScope = gmdate('Ymd').'/'.$region.'/'.$service.'/'.$term;
$credentials = $AWSAccessKeyId.'/'.$credentialsScope;
任务1规范请求
$CanonicalRequest =
'POST'."\n".
"/"."\n".
'Action=GetSessionToken&Version=2011-06-15&Name=Aasim&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=3600&X-Amz-Credential='.$credentials.'&X-Amz-Date='.$date.'&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date'."\n".
'content-type:text/xml;charset=utf-8'."\n".
'host:sts.amazonaws.com'."\n".
'x-amz-date:'.$Timestamp."\n"."\n".
'content-type;host;x-amz-date'."\n".
hash("sha256",'UNSIGNED-PAYLOAD')."\n";
$hashedRequestPayload = hash("sha256",$CanonicalRequest);
任务2创建字符串到符号
$StringToSign =
'AWS4-HMAC-SHA256'."\n".
$date."\n".
$credentialsScope."\n".
$hashedRequestPayload;
任务3计算签名
$kDate = hash_hmac('sha256', 'AWS4'.$SecretAccessKey, gmdate('Ymd'));
$kRegion = hash_hmac('sha256', $kDate,'us-east-1');
$kService = hash_hmac('sha256', $kRegion,'sts');
$kSigning = hash_hmac('sha256', $kService,'aws4_request');
$Signature = hash_hmac('sha256',$kSigning, $StringToSign);
任务4将签名信息添加到请求
$querystring = 'Action=GetSessionToken';
$querystring .= '&Version=2011-06-15';
$querystring .= '&X-Amz-Algorithm=AWS4-HMAC-SHA256';
$querystring .= '&X-Amz-Credential='.$credentials;
$querystring .= '&X-Amz-Date='.$date;
$querystring .= '&X-Amz-Expires=3600';
$querystring .= '&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date';
$querystring .= '&X-Amz-Signature='.$Signature;
执行卷曲请求
$endpoint = 'https://sts.amazonaws.com/?'.$querystring;
$headers = array(
'x-amz-date:'.$Timestamp,
'host:sts.amazonaws.com',
'content-type: text/xml;charset=utf-8',
);
$session = curl_init($endpoint); // create a curl session
curl_setopt($session, CURLOPT_POST, true); // POST request type
curl_setopt($session, CURLOPT_RETURNTRANSFER, true); // return values as a string - not to std out
curl_setopt($session, CURLOPT_HTTPHEADER, $headers);
$responseXML = curl_exec($session);
print_r($responseXML);
亚马逊的回复
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/
Action=GetSessionToken&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIK4R57JLAFN4Z5SA%2F20141231%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=20141231T065554Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date
content-type:text/xml;charset=utf-8
host:sts.amazonaws.com
x-amz-date:Wed, 31 Dec 2014 06:55:54 GMT
content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20141231T065554Z
20141231/us-east-1/sts/aws4_request
c3ec81de483674a1bf52b60307ae36a4b5e00cff6c85a30f07cc5d00eeb0d699'
</Message>
</Error>
<RequestId>15cb2945-90ba-11e4-829d-1362e6783c1f</RequestId>
</ErrorResponse>
我正在使用codeiginter。请帮我 。提前致谢