使用预先签名的URL上传图像到s3总是返回403错误

时间:2015-09-12 13:06:50

标签: ios objective-c iphone amazon-s3

我正在尝试使用预先签名的网址将我的iPhone应用中的图片上传到S3。 AWS最终没有回答。

步骤1:iPhone向服务器发送请求到GET S3链接以上传图像

 {
    randomKey = "EJg=";
    "signed_request" = "https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg?AWSAccessKeyId=AKIXXXXXSWPIXXXXXNXQ&Expires=1442062152&Signature=L%2BMq%2FLMXXXXXXXXzmvyGXXXXXzU%3D";
    url = "https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg";
}

第2步:使用" signed_request"值我试图使用方法" PUT"

将图像上传到S3 
NSURL *url = [NSURL URLWithString:dict[@"signed_request"]];
// adding signed_request 
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
[request setHTTPBody:imgData];
[request setValue:@"public-read" forHTTPHeaderField:@"x-amz-acl"];
[request setValue:@"image/jpeg" forHTTPHeaderField:@"Content-Type"];
[request setHTTPMethod:@"PUT"];

NSURLSessionDataTask *task1 = [self.session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {

                NSError *err;

                NSString *dataString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
                //
                NSLog(@"data = %@", dataString);

 }];
 [task1 resume];

//来自服务器的响应

{ status code: 403, headers { URL: https://as-profile.s3.amazonaws.com/EJg%3Dios_1442061863.jpg?AWSAccessKeyId=AKIXXXXXSWPIXXXXXNXQ&Expires=1442062152&Signature=L%2BMq%2FLMXXXXXXXXzmvyGXXXXXzU%3D } { status code: 403, headers {
    Connection = close;
    "Content-Type" = "application/xml";
    Date = "Sat, 12 Sep 2015 12:44:30 GMT";
    Server = AmazonS3;
    "Transfer-Encoding" = Identity;
    "x-amz-id-2" = "mmKNUnKaR5bA4AY/odP2iLY4JAdPkFX7kqdCEteU+Lju2py7BC909ME+Z7+QQMM0Tq64UWtlgCQ=";
    "x-amz-request-id" = 3AE1557722FFB82F;
} }

//我收到的数据

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIXXXXXSWPIXXXXXNXQ</AWSAccessKeyId><StringToSign>PUT

image/jpeg
1442062152
x-amz-acl:public-read
/as-profile/EJg%3Dios_1442061863.jpg</StringToSign><SignatureProvided>L+Mq/LM2LWlBA8TzmvyGt19AJzU=</SignatureProvided><StringToSignBytes>50 55 54 0a 0a 69 6d 61 67 65 2f 6a 70 65 67 0a 31 34 34 32 30 36 32 31 35 32 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 61 73 2d 70 72 6f 66 69 6c 65 2f 45 4a 67 25 33 44 69 6f 73 5f 31 34 34 32 30 36 31 38 36 33 2e 6a 70 67</StringToSignBytes><RequestId>3AE1557722FFB82F</RequestId><HostId>mmKNUnKaR5bA4AY/odP2iLY4JAdPkFX7kqdCEteU+Lju2py7BC909ME+Z7+QQMM0Tq64UWtlgCQ=</HostId></Error>

1 个答案:

答案 0 :(得分:2)

我无法在您的代码中找到错误;但是,如响应所示,您的SignatureDoesNotMatch预期值。没有秘密密码,无法进入秘密俱乐部。从基础开始,然后缩小细节:

  • 确认您使用正确的密钥对进行ID,签名等
  • 验证该组密钥是否适用于正确的AWS / S3帐户(不是从Dev到Prod的交叉路口等)
  • 验证连接到这些密钥的AWS账户是否有权访问您要定位的S3容器
  • 验证AWS账户是否在正确的区域,并且请求将转到该区域
  • 确保定位latest S3 API
  • 尝试从其他客户端平台(浏览器,控制台,REST工具)复制请求以查看错误是否是特定于平台的
    • 您正在使用
  • Check the algorithm生成签名以确保其正常工作
  • 在汇总您的请求时查找common coding mistakes以确保您的请求格式正确(例如网址/空白字符编码,保留的XML字符)
  • 关注AWS Troubleshooting Guide
  • 如果未发现错误,请不要排除it could be a bug on Amazon's side并考虑提交错误报告或打开支持案例。
相关问题
最新问题