AWS S3直接上载返回无效签名(版本4签名)C#

时间:2018-03-09 00:25:29

标签: c# amazon-web-services post amazon-s3

我正在尝试直接从浏览器将文件上传到Amazon S3。我阅读了文档,并按照示例provided by amazon

示例方法除post方法外有效。错误消息我们计算的请求签名与您提供的签名不匹配。检查您的密钥和签名方法。

我还检查了this代码示例。并将答案应用于代码并仍然得到相同的错误。

public class PolicyBuilder
{
    public static string Key = "Key";
    public static string Secret = "Secret";

    public static string GetS3PolicySignatureV4()
    {
        var policyBuilder = new StringBuilder();

        policyBuilder.AppendFormat("{{ \"expiration\": \"{0}\",\r\n", "2018-12-30T12:00:00.000Z");
        policyBuilder.Append("  \"conditions\": [\r\n");
        policyBuilder.Append("    [\"starts-with\", \"$key\", \"\"],\r\n");
        policyBuilder.AppendFormat("    {{\"x-amz-credential\": \"{0}\"}},\r\n",  Key + "/20180308/us-east-1/s3/aws4_request");
        policyBuilder.Append("    {\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"},\r\n");
        policyBuilder.Append("    {\"x-amz-date\": \"20180308T000000Z\" }\r\n");
        policyBuilder.Append("  ]\r\n}");

        var policyString = policyBuilder.ToString();
        var policyStringBytes = Encoding.UTF8.GetBytes(policyString);
        var policy = Convert.ToBase64String(policyStringBytes);

        byte[] signingKey = GetSignatureKey(Key, "20180308", "us-east-1", "s3");
        byte[] signature = HmacSHA256(policy, signingKey);
        var sig = ToHexString(signature, true);
        return sig;
    }

    static byte[] HmacSHA256(String data, byte[] key)
    {
        String algorithm = "HmacSHA256";
        KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(algorithm);
        kha.Key = key;

        return kha.ComputeHash(Encoding.UTF8.GetBytes(data));
    }

    static byte[] GetSignatureKey(String key, String dateStamp, String regionName, String serviceName)
    {
        byte[] kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
        byte[] kDate = HmacSHA256(dateStamp, kSecret);
        byte[] kRegion = HmacSHA256(regionName, kDate);
        byte[] kService = HmacSHA256(serviceName, kRegion);
        byte[] kSigning = HmacSHA256("aws4_request", kService);

        return kSigning;
    }

    public static string ToHexString(byte[] data, bool lowercase)
    {
        var sb = new StringBuilder();
        for (var i = 0; i < data.Length; i++)
        {
            sb.Append(data[i].ToString(lowercase ? "x2" : "X2"));
        }
        return sb.ToString();
    }
}

以下是表格:

&#13;
&#13;
<!DOCTYPE html>

<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="utf-8" />
    <title></title>
</head>
<body>
    <form action="http://MyBucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
        <input type="hidden" name="key" value="/images/a5827206-ea2c-4fc6-a66b-aebde27d0ea3.jpg" />
        <input type="hidden" name="x-amz-credential" value="Key/20180308/us-east-1/s3/aws4_request" />
        <input type="hidden" name="x-amz-algorithm" value="AWS4-HMAC-SHA256" />
        <input type="hidden" name="x-amz-date" value="20180308T000000Z" />
        <input type="hidden" name="policy" value='<Base64PolicyResult>' />
        <input type="hidden" name="x-amz-signature" value="<GenerateSignature>" />
        File:
        <input type="file" name="file" /> <br />
        <input type="submit" name="submit" value="Upload to Amazon S3" />
    </form>
</body>
</html>
&#13;
&#13;
&#13;

我仍然遇到同样的错误。我应该在亚马逊s3上为我的桶设置任何具体政策吗? 我的代码有什么问题吗? :(

1 个答案:

答案 0 :(得分:2)

错误就在这里......

byte[] signingKey = GetSignatureKey(Key, "20180308", "us-east-1", "s3");

这一行应该是......

byte[] signingKey = GetSignatureKey(Secret, "20180308", "us-east-1", "s3");

您正在使用aws-access-key-id而不是密钥来生成签名密钥。