Aws签名版本4策略与示例不匹配

时间:2017-02-14 16:07:03

标签: c# amazon-web-services amazon-s3

我尝试生成AWS4签名,直接从客户端浏览器上传到S3存储桶。我使用此处的示例在C#中生成签名:

AWS - Deriving the Signing Key with .NET (C#)

要验证生成的策略和签名是否正确,我已使用此处示例中的访问密钥和策略:

AWS - Examples: Browser-Based Upload using HTTP POST (Using AWS Signature Version 4)

我已经尝试了几种方法来生成策略但它不匹配。我甚至复制并粘贴了示例中的确切策略字符串。那么为什么这不起作用呢?

var policy = "{ \"expiration\": \"2015-12-30T12:00:00.000Z\"," +
                     "\"conditions\": [" +
                     "{\"bucket\": \"sigv4examplebucket\"}," +
                     "[\"starts-with\", \"$key\", \"user/user1/\"]," +
                     "{\"acl\": \"public-read\"}," +
                     "{\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"}," +
                     "[\"starts-with\", \"$Content-Type\", \"image/\"]," +
                     "{\"x-amz-meta-uuid\": \"14365123651274\"}," +
                     "{\"x-amz-server-side-encryption\": \"AES256\"}," +
                     "[\"starts-with\", \"$x-amz-meta-tag\", \"\"]," +
                     "{\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"}," +
                     "{\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"}," +
                     "{\"x-amz-date\": \"20151229T000000Z\" }]}";

// hash the Base64 version of the policy document and pass this to the signer as the body hash
var policyStringBytes = Encoding.UTF8.GetBytes(policy);
return Convert.ToBase64String(policyStringBytes);

示例说明策略字符串应为:

  

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9

但上述方法返回:

  

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLCJjb25kaXRpb25zIjogW3siYnVja2V0IjogInNpZ3Y0ZXhhbXBsZWJ1Y2tldCJ9LFsic3RhcnRzLXdpdGgiLCAiJGtleSIsICJ1c2VyL3VzZXIxLyJdLHsiYWNsIjogInB1YmxpYy1yZWFkIn0seyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vc2lndjRleGFtcGxlYnVja2V0LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSx7IngtYW16LW1ldGEtdXVpZCI6ICIxNDM2NTEyMzY1MTI3NCJ9LHsieC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbiI6ICJBRVMyNTYifSxbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXSx7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSx7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfV19

如果我甚至无法获得匹配的策略字符串,那么就没有希望生成匹配的签名。

1 个答案:

答案 0 :(得分:0)

基本上这就是你需要做的。 根据文档页面的输出,将base64代码复制并粘贴到https://www.base64decode.org/ 然后单击解码。 这将显示解码的json内容。

我这样做了,我将它与你的json内容进行了比较。 - 正如@ hjpotter92所提到的,你需要为新行提供\ n - 你需要看一下空格

示例显示

<space>"conditions": [<space><space><space><space>{"bucket": "sigv4examplebucket"},

但您的代码显示

"conditions": [{"bucket": "sigv4examplebucket"},

希望这会有所帮助。