我尝试生成AWS4签名,直接从客户端浏览器上传到S3存储桶。我使用此处的示例在C#中生成签名:
AWS - Deriving the Signing Key with .NET (C#)
要验证生成的策略和签名是否正确,我已使用此处示例中的访问密钥和策略:
AWS - Examples: Browser-Based Upload using HTTP POST (Using AWS Signature Version 4)
我已经尝试了几种方法来生成策略但它不匹配。我甚至复制并粘贴了示例中的确切策略字符串。那么为什么这不起作用呢?
var policy = "{ \"expiration\": \"2015-12-30T12:00:00.000Z\"," +
"\"conditions\": [" +
"{\"bucket\": \"sigv4examplebucket\"}," +
"[\"starts-with\", \"$key\", \"user/user1/\"]," +
"{\"acl\": \"public-read\"}," +
"{\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"}," +
"[\"starts-with\", \"$Content-Type\", \"image/\"]," +
"{\"x-amz-meta-uuid\": \"14365123651274\"}," +
"{\"x-amz-server-side-encryption\": \"AES256\"}," +
"[\"starts-with\", \"$x-amz-meta-tag\", \"\"]," +
"{\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"}," +
"{\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"}," +
"{\"x-amz-date\": \"20151229T000000Z\" }]}";
// hash the Base64 version of the policy document and pass this to the signer as the body hash
var policyStringBytes = Encoding.UTF8.GetBytes(policy);
return Convert.ToBase64String(policyStringBytes);
示例说明策略字符串应为:
eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9
但上述方法返回:
eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLCJjb25kaXRpb25zIjogW3siYnVja2V0IjogInNpZ3Y0ZXhhbXBsZWJ1Y2tldCJ9LFsic3RhcnRzLXdpdGgiLCAiJGtleSIsICJ1c2VyL3VzZXIxLyJdLHsiYWNsIjogInB1YmxpYy1yZWFkIn0seyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vc2lndjRleGFtcGxlYnVja2V0LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSx7IngtYW16LW1ldGEtdXVpZCI6ICIxNDM2NTEyMzY1MTI3NCJ9LHsieC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbiI6ICJBRVMyNTYifSxbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXSx7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSx7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfV19
如果我甚至无法获得匹配的策略字符串,那么就没有希望生成匹配的签名。
答案 0 :(得分:0)
基本上这就是你需要做的。 根据文档页面的输出,将base64代码复制并粘贴到https://www.base64decode.org/ 然后单击解码。 这将显示解码的json内容。
我这样做了,我将它与你的json内容进行了比较。 - 正如@ hjpotter92所提到的,你需要为新行提供\ n - 你需要看一下空格
示例显示
<space>"conditions": [
和
<space><space><space><space>{"bucket": "sigv4examplebucket"},
但您的代码显示
"conditions": [
和
{"bucket": "sigv4examplebucket"},
希望这会有所帮助。