寻找对此流程的一些评论,以便我可以确定签名计算出错的地方。
主要问题是生成签名密钥和签名 - 规范请求的哈希似乎与此处的引用匹配http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
sha256hmac和getSignature函数如下所示:
function sha256hmac(key, string, encoding = 'hex') {
return crypto.createHmac('sha256', key).update(string, 'utf8').digest(encoding);
};
function getSignature(stringToSign, signingDates) {
const dateKey = sha256hmac('AWS4' + S3_SECRET_KEY, signingDates.shortDate);
const dateRegionKey = sha256hmac(dateKey, S3_REGION);
const dateRegionServiceKey = sha256hmac(dateRegionKey, S3_SERVICE);
const signingKey = sha256hmac(dateRegionServiceKey, S3_REQUEST_TYPE);
const signature = sha256hmac(signingKey, stringToSign);
return signature;
}
感谢您的期待!
答案 0 :(得分:0)
修复:
// remove default hex encoding
function sha256hmac(key, string, encoding) {
return crypto.createHmac('sha256', key).update(string, 'utf8').digest(encoding);
};
function getSignature(stringToSign, signingDates) {
// do not supply an encoding argument to sha256hmac()
// each of these return a buffer
const dateKey = sha256hmac('AWS4' + S3_SECRET_KEY, signingDates.shortDate);
const dateRegionKey = sha256hmac(dateKey, S3_REGION);
const dateRegionServiceKey = sha256hmac(dateRegionKey, S3_SERVICE);
const signingKey = sha256hmac(dateRegionServiceKey, S3_REQUEST_TYPE);
// output hex encoding here
const signature = sha256hmac(signingKey, stringToSign, 'hex');
return signature;
}
没有完全理解https://nodejs.org/api/crypto.html#crypto_hmac_digest_encoding
计算使用的所有数据的HMAC摘要 hmac.update()。编码可以是'hex','latin1'或'base64'。如果 编码提供了一个返回的字符串;否则缓冲区就是 返回;
hmac.digest()之后,Hmac对象无法再次使用 调用。多次调用hmac.digest()将导致错误 抛出。