我正在编写用于从AWS S3下载对象的预签名URL。我使用AWS Java SDK中的generatePresignedUrl方法。但是,在使用生成的预签名URL发出GET请求时,我从AWS获得SignatureDoesNotMatch。我很困惑,因为我使用官方SDK中的方法生成它和一个非常简单的GET请求,但没有运气。任何帮助非常感谢!
代码(取自AWS docs):
java.util.Date expiration = new java.util.Date();
long milliSeconds = expiration.getTime();
milliSeconds += 1000 * 60 * 60; // Add 1 hour.
expiration.setTime(milliSeconds);
GeneratePresignedUrlRequest generatePresignedUrlRequest =
new GeneratePresignedUrlRequest(bucketName, objectKey);
generatePresignedUrlRequest.setMethod(HttpMethod.GET);
generatePresignedUrlRequest.setExpiration(expiration);
URL url = s3client.generatePresignedUrl(generatePresignedUrlRequest);
我用于连接到AWS S3的凭据已经过测试;我能够使用AWS SDK中的相同凭据和S3下载方法下载S3对象。但是我从AWS获得的响应是来自上面的组合URL(例如,https://ozland.s3.amazonaws.com/1865b563cdc94fa28ef41ee0b9b0e608?AWSAccessKeyId=...AWSAccessKeyId...&Expires=1471300223&Signature=pbgcRB0Zg%2B3iicDQQbVX%2FqdNAAc%3D):
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message
<AWSAccessKeyId>...AWSAccessKeyId...</AWSAccessKeyId>
<StringToSign>GET
1471300223
/ozland/1865b563cdc94fa28ef41ee0b9b0e608</StringToSign>
<SignatureProvided>pbgcRB0Zg+3iicDQQbVX/qdNAAc=</SignatureProvided>
<StringToSignBytes>47 45 54 0a 0a 0a 31 34 37 31 33 30 30 32 32 33 0a 2f 61 6c 61 62 61 6d 61 63 6f 75 6e 74 79 2f 31 38 36 35 62 35 36 33 63 64 65 39 34 66 61 32 38 65 66 34 31 65 65 30 63 39 62 30 65 36 30 38</StringToSignBytes>
<RequestId>...RequestId...</RequestId>
<HostId>...HostId...</HostId></Error>
问题是为什么来自上面的response.StringToSign与AWS docs (AWS docs)描述它的方式不同。特别是根据文档,我希望StringToSign能像:
AWS4-HMAC-SHA256
20150830T123600Z
20150830/us-east-1/iam/aws4_request
f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59
aws-tools对我来说很合适,可以使用完全相同的S3存储桶和凭据生成预签名的网址。但是为什么我在这里得到SignatureDoesNotMatch呢?
谢谢!