AWS S3错误签名与Javascript不匹配

时间:2018-10-02 20:20:23

标签: javascript amazon-web-services amazon-s3 signature

每当我尝试从存储桶(或任何调用)中列出对象时,都会收到“签名不匹配” 403错误。 我无法使用SDK ,但是我在SDK调用中检查了XMLHttpRequest对象,以尝试在设置文档的同时尝试设置自己的对象。我很确定我的canonString出了什么问题,但是我不确定它到底出了什么问题。我用AWS提供的值检查了我的getSigningKey函数,它正确地计算了它,所以我知道不是那样的。我也很确定时间格式正确(最终是20181002THHMMSSZ,我认为这是正确的),所以我也不认为这是正确的。我刚刚开始阅读有关x-amz-content-sha256的字符串表示为“ UNSIGNED-PAYLOAD”的信息,但是用“ UNSIGNED-PAYLOAD”替换CryptoJS.SHA256(“”)。getString()无效!

var request = new XMLHttpRequest();
var signingKey = getSigningKey(dateStamp, secretKey, regionName, serviceName);
var time = new Date();

time = time.toISOString();
time = time.replace(/:/g, '').replace(/-/g,'');
time = time.substring(0,time.indexOf('.'))+"Z";
console.log(time); //If it is October 2nd 2018 @4:16:38 (EST) it returns 20181002T201638Z

var canonString = "GET\n"+
                    encodeURI("/")+"\n"+
                    encodeURI("delimiter")+'='+encodeURI("/")+'&'+
                    encodeURI("max-keys")+'='+encodeURI("100")+'&'+
                    encodeURI("prefix")+'='+encodeURI("08")+'\n'+
                    "host:"+bucketName+".s3.amazonaws.com\n"+
                    'x-amz-content-sha256:'+CryptoJS.SHA256("").toString()+'\n'+
                    'x-amz-date:'+time+'\n'+
                    CryptoJS.SHA256("").toString();

var stringToSign = "AWS4-HMAC-SHA256\n"+
                    time+"\n"+
                    "20181002/us-east-1/s3/aws4_request\n"+
                    CryptoJS.SHA256(canonString).toString();

var authString = CryptoJS.HmacSHA256(signingKey, stringToSign).toString();

request.open("GET", "https://"+bucketName+".s3.amazonaws.com/?delimiter=%2F&max-keys=100&prefix=08", false);
request.setRequestHeader("Authorization", "AWS4-HMAC-SHA256 Credential="+accessKey+"/20181002/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature="+authString);
request.setRequestHeader("host", bucketName+".s3.amazonaws.com");
request.setRequestHeader("x-amz-content-sha256", CryptoJS.SHA256("").toString());
request.setRequestHeader("x-amz-date", time);
console.log(request);
request.send();

该代码会在响应中产生此错误消息:

<?xml version="1.0" encoding="UTF-8"?>↵<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>{Access Key Hidden}</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256↵20181002T192135Z↵20181002/us-east-1/s3/aws4_request↵514a2938b1655dd64c17a1ee5cdc3e5c31951f1532698a936e2228c075e6bc3d</StringToSign><SignatureProvided>6d685e715760ec0fd4c4665b10d7902902493df4e6252e6a6687752a5831d23d</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 38 31 30 30 32 54 31 39 32 31 33 35 5a 0a 32 30 31 38 31 30 30 32 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 35 31 34 61 32 39 33 38 62 31 36 35 35 64 64 36 34 63 31 37 61 31 65 65 35 63 64 63 33 65 35 63 33 31 39 35 31 66 31 35 33 32 36 39 38 61 39 33 36 65 32 32 32 38 63 30 37 35 65 36 62 63 33 64</StringToSignBytes><CanonicalRequest>GET↵/↵delimiter=%2F&amp;max-keys=100&amp;prefix=08↵host:{bucketName}.s3.amazonaws.com↵x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855↵x-amz-date:20181002T192135Z↵↵host;x-amz-content-sha256;x-amz-date↵e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 0a 64 65 6c 69 6d 69 74 65 72 3d 25 32 46 26 6d 61 78 2d 6b 65 79 73 3d 31 30 30 26 70 72 65 66 69 78 3d 30 38 0a 68 6f 73 74 3a 64 65 6d 6f 61 70 70 2d 62 75 63 6b 65 74 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 38 31 30 30 32 54 31 39 32 31 33 35 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>3F949681DE5F906A</RequestId><HostId>PPpPc2z8fL+UYQ1Qfo+CeH2z/Cf7sHRWJARYtLaw5+1LVYphP0jIhTtoEDjTipt3veaSd8/jvpY=</HostId></Error>"

编辑:也忘记包含此错误:

Refused to set unsafe header "host"

0 个答案:

没有答案
相关问题
最新问题