为了对策略进行编码,我编写了一小段python代码,如下所示:
import hmac
import hashlib
import base64
def sign(key, msg):
return hmac.new(key, msg, hashlib.sha256).digest()
post_policy = """{ "expiration": "2018-12-30T12:00:00.000Z",
"conditions": [
{"bucket": "<my_bucket>"},
["starts-with", "$key", "user/user1/"],
{"acl": "public-read"},
{"success_action_redirect": "http://my_bucket.s3.amazonaws.com/successful_upload.html"},
["starts-with", "$Content-Type", "image/"],
{"x-amz-meta-uuid": "14365123651274"},
{"x-amz-server-side-encryption": "AES256"},
["starts-with", "$x-amz-meta-tag", ""],
{"x-amz-credential": "<my-access-id>/20151229/us-east-2/s3/aws4_request"},
{"x-amz-algorithm": "AWS4-HMAC-SHA256"},
{"x-amz-date": "20181229T000000Z" }
]
}"""
post_policy_utf8 = unicode(post_policy, "utf-8")
base64_encoded_policy = base64.b64encode(post_policy_utf8)
secret_key = '<my_secret_key>'
signed_policy = sign(("AWS4" + base64_encoded_policy), secret_key)
encoded_signed_policy = base64.b64encode(signed_policy)
我的html表单就像这样
<form action="http://<my_bucket>.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input" name="key" value="user/user1/${filename}" /><br />
<input type="hidden" name="acl" value="public-read" />
<input type="hidden" name="success_action_redirect" value="http://<my_bucket>.s3.amazonaws.com/successful_upload.html" />
Content-Type:
<input type="input" name="Content-Type" value="image/jpeg" /><br />
<input type="hidden" name="x-amz-meta-uuid" value="14365123651274" />
<input type="hidden" name="x-amz-server-side-encryption" value="AES256" />
<input type="text" name="X-Amz-Credential" value="AKIAJ5CZ54I742JS652A/20151229/us-east-2/s3/aws4_request" />
<input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text" name="X-Amz-Date" value="20181229T000000Z" />
Tags for File:
<input type="input" name="x-amz-meta-tag" value="" /><br />
<input type="hidden" name="Policy" value='eyAiZXhwaXJhdGlvbiI6ICIyMDE4LTEyLTMwVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiZmlsZS51cGxvYWQuZnJvbS5icm93c2VyIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIn0sCiAgICB7InN1Y2Nlc3NfYWN0aW9uX3JlZGlyZWN0IjogImh0dHA6Ly9maWxlLnVwbG9hZC5mcm9tLmJyb3dzZXIuczMuYW1hem9uYXdzLmNvbS9zdWNjZXNzZnVsX3VwbG9hZC5odG1sIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sCiAgICB7IngtYW16LW1ldGEtdXVpZCI6ICIxNDM2NTEyMzY1MTI3NCJ9LAogICAgeyJ4LWFtei1zZXJ2ZXItc2lkZS1lbmNyeXB0aW9uIjogIkFFUzI1NiJ9LAogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sCiAgICAKICAgIHsieC1hbXotY3JlZGVudGlhbCI6ICJBS0lBSjVDWjU0STc0MkpTNjUyQS8yMDE1MTIyOS91cy1lYXN0LTIvczMvYXdzNF9yZXF1ZXN0In0sCiAgICB7IngtYW16LWFsZ29yaXRobSI6ICJBV1M0LUhNQUMtU0hBMjU2In0sCiAgICB7IngtYW16LWRhdGUiOiAiMjAxODEyMjlUMDAwMDAwWiIgfQogIF0KfQ==' />
<input type="hidden" name="X-Amz-Signature" value="ZG0xBgY5y1Fin0D7kKAO9tuqGntG1Ptw4GDaiLvfvGU=" />
File:
<input type="file" name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
我们从python 2.7代码中获取的base64策略值和签名。 当我提交此信息时,AWS表示签名不匹配。我哪里出错了以及如何纠正这个问题?