我尝试使用SSE和AES256算法为存储桶创建一个预签名的网址。
每当我将请求(从邮递员)发送到我的存储桶时,我都会返回
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>...</AWSAccessKeyId>
<StringToSign>AWS4-HMAC-SHA256
我从存储桶中删除了加密,然后一切都按预期工作-因此,我认为我的问题在于实现它...
为了连接到S3,我通过以下代码创建了AmazonS3EncryptionClientBuilder`的新bean:
var credentials = new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey));
var encryptionMaterials = new StaticEncryptionMaterialsProvider(new EncryptionMaterials(generateSecretKey()));
return AmazonS3EncryptionClientBuilder
.standard()
.withCredentials(credentials)
.withRegion(getClientRegion())
.withEncryptionMaterials(encryptionMaterials)
.build();
然后,在我的AmazonSerivce中,我创建的预签名URL是以下代码:
final GeneratePresignedUrlRequest generatePresignedUrlRequest =
new GeneratePresignedUrlRequest(amazonConfiguration.getBucketName(), fileName)
.withMethod(HttpMethod.PUT)
.withSSEAlgorithm(SSEAlgorithm.AES256);
return s3Client.generatePresignedUrl(generatePresignedUrlRequest);
编辑:
此外-这是我从url本身获取的标头:
response-content-disposition:inline%3B%20filename%3D%2283a9b66c-3ee2-4cc0-851a-266f3d6a81dc%22
X-Amz-Algorithm:AWS4-HMAC-SHA256
X-Amz-Date:20190828T075015Z
X-Amz-SignedHeaders:host%3Bx-amz-server-side-encryption
X-Amz-Expires:1799
X-Amz-Credential:AKIARTL3KQPR6IRHJIKL%2F20190828%2Feu-central-1%2Fs3%2Faws4_request
X-Amz-Signature:75854367e3b4eea8ff3a05b7256e47ab1d16f1bf6957c6cd17970b3da217783
我在发送请求时手动添加了标题X-Amz-Server-Side-Encryption: AES256
,并得到了相同的错误...
答案 0 :(得分:0)
经过长时间的调查,看来我将X-Amz-Server-Side-Encryption
设置为查询参数而不是标头-因此上传被拒绝...