按照以下说明进行操作:https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html,我创建了一个函数,但我不断收到“签名不匹配错误”。我不知道我做错了什么我认为我遵循了所有的步骤。我相信我的钥匙和身份证是正确的。
这是我的代码:
$longDate = gmdate("Ymd\THis\Z");
$shortDate = gmdate("Ymd");
$region = $this->config['aws']['region'];
$version = $this->config['aws']['version'];
$bucket = $this->config['aws']['s3']['bucket'];
$host = "https://" .$bucket . ".s3.eu-central-1.amazonaws.com";
$url = "https://s3.eu-central-1.amazonaws.com/" .$bucket ."/" . $location;
$credentials = explode('aws_secret_access_key = ', explode('aws_access_key_id = ',file_get_contents($this->config['aws']['credentialsFile']))[1]);
$id = trim($credentials[0]);
$secret = trim($credentials[1]);
$canonicalRequest = "GET\n";
$canonicalRequest .= "/" . $location . "\n";
$canonicalRequest .= "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . urlencode("/") . $shortDate . urlencode("/") . $region . urlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host\n";
$canonicalRequest .= "host:" . $host . "\n";
$canonicalRequest .= "\n";
$canonicalRequest .= "host\n";
$canonicalRequest .= "UNSIGNED-PAYLOAD";
var_dump($canonicalRequest);
$stringToSign = "AWS4-HMAC-SHA256\n";
$stringToSign .= $longDate ."\n";
$stringToSign .= $shortDate . "/". $region ."/s3/aws4_request\n";
$stringToSign .= hash("sha256", $canonicalRequest);
var_dump($stringToSign);
$signingKey = hash_hmac("sha256", "aws4_request", hash_hmac("sha256", "s3", hash_hmac("sha256", $region, hash_hmac("sha256", $shortDate, "AWS4" . $secret, true), true), true), true);
$signature = hash_hmac("sha256", $stringToSign, $signingKey);
$url = $url . "?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . urlencode("/") . $shortDate . urlencode("/") . $region . urlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host&X-Amz-Signature=" . $signature;
答案 0 :(得分:0)
如果有人遇到此问题,则错误是将https添加到主机。这是有效的代码:
$location = str_replace(" ", "%20", $location);
$longDate = gmdate("Ymd\THis\Z");
$shortDate = gmdate("Ymd");
$region = $this->config['aws']['region'];
$bucket = $this->config['aws']['s3']['bucket'];
$host = $bucket . ".s3.eu-central-1.amazonaws.com";
$url = "https://" .$host ."/" . $location;
$credentials = explode('aws_secret_access_key = ', explode('aws_access_key_id = ',file_get_contents($this->config['aws']['credentialsFile']))[1]);
$id = trim($credentials[0]);
$secret = trim($credentials[1]);
$canonicalRequest = "GET\n";
$canonicalRequest .= "/" . $location . "\n";
var_dump(($location));
$canonicalRequest .= "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . rawurlencode("/") . $shortDate . rawurlencode("/") . $region . rawurlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host\n";
$canonicalRequest .= "host:" . $host . "\n";
$canonicalRequest .= "\n";
$canonicalRequest .= "host\n";
$canonicalRequest .= "UNSIGNED-PAYLOAD";
var_dump($canonicalRequest);
$stringToSign = "AWS4-HMAC-SHA256\n";
$stringToSign .= $longDate ."\n";
$stringToSign .= $shortDate . "/". $region ."/s3/aws4_request\n";
$stringToSign .= hash("sha256", $canonicalRequest);
var_dump($stringToSign);
$signingKey = hash_hmac("sha256", "aws4_request", hash_hmac("sha256", "s3", hash_hmac("sha256", $region, hash_hmac("sha256", $shortDate, "AWS4" . $secret, true), true), true), true);
$signature = hash_hmac("sha256", $stringToSign, $signingKey);
$url = $url . "?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . rawurlencode("/") . $shortDate . rawurlencode("/") . $region . rawurlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host&X-Amz-Signature=" . $signature;