尝试使用带有查询参数的Canonical Request在AWS S3上执行GET请求时,我遇到了一个非常奇怪的问题。以下是我的规范请求失败。
带查询参数的规范请求
GET
/
list-type=2&prefix=20170120
content-type:text/plain
host:<bucket>.s3-ap-south-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785
2b855
x-amz-date:20170217T084710Z
content-type;host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
我在回复中收到此403错误。
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>******MyAccessKey******</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20170217T084710Z
20170217/ap-south-1/s3/aws4_request
a34d06c9bbfb4f1c6ac8f168843fdac894b40251179cd0846c046bdf25e0576a</StringToSign><SignatureProvided>c6ac3eaba7b1ba2f4e83c296a5132aaed76d96845e995896db0490a1850d5934</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 37 30 32 31 37 54 30 38 34 37 31 30 5a 0a 32 30 31 37 30 32 31 37 2f 61 70 2d 73 6f 75 74 68 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 61 33 34 64 30 36 63 39 62 62 66 62 34 66 31 63 36 61 63 38 66 31 36 38 38 34 33 66 64 61 63 38 39 34 62 34 30 32 35 31 31 37 39 63 64 30 38 34 36 63 30 34 36 62 64 66 32 35 65 30 35 37 36 61</StringToSignBytes><CanonicalRequest>GET
/
content-type:text/plain
host:<bucket>.s3-ap-south-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170217T084710Z
content-type;host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 0a 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 74 65 78 74 2f 70 6c 61 69 6e 0a 68 6f 73 74 3a 6d 65 64 69 2d 61 73 73 69 73 74 2e 73 33 2d 61 70 2d 73 6f 75 74 68 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 37 30 32 31 37 54 30 38 34 37 31 30 5a 0a 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3b 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>053E8FA17F65DD3D</RequestId><HostId>b+BWn4unlVXDA28WO6H+R6T7cLSdwADlsCxGmzlbjTI3jGpAY5jNVedAcL7Jta5zcCISd2R7e6o=</HostId></Error>
现在当我在没有查询字符串的情况下执行相同的请求时,它可以正常工作。
有效的规范要求
GET
/
content-type:text/plain
host:<bucket>.s3-ap-south-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785
2b855
x-amz-date:20170217T094656Z
content-type;host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
我的凭据具有管理员权限,因此存储桶上允许所有操作。 有人可以帮我指出我在这里做错了吗?
答案 0 :(得分:1)
在审核问题时意识到我的错误。在发出请求时我错过了查询字符串参数。这就是问题发生的地方。我应该检查响应Canonical Request String,它清楚地显示缺少查询字符串。
URI不正确:https://<bucket>.s3-ap-south-1.amazonaws.com/
这将导致错误,因为S3将不会在请求中看到查询字符串参数,但Canonical Request中将提供相同的参数。
更正URI(带查询字符串参数):https://<bucket>.s3-ap-south-1.amazonaws.com/?list-type=2&prefix=20170120
这将工作,因为现在s3将在原始请求中看到查询字符串,同样也将在规范请求中可用。