带有SSE的预签名URL

时间:2019-08-27 13:57:22

标签: java amazon-web-services aws-sdk

我尝试使用SSE和AES256算法为存储桶创建一个预签名的网址。

每当我将请求(从邮递员)发送到我的存储桶时,我都会返回 <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> <AWSAccessKeyId>...</AWSAccessKeyId> <StringToSign>AWS4-HMAC-SHA256

我从存储桶中删除了加密,然后一切都按预期工作-因此,我认为我的问题在于实现它...

为了连接到S3,我通过以下代码创建了AmazonS3EncryptionClientBuilder`的新bean:

var credentials = new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey));
var encryptionMaterials = new StaticEncryptionMaterialsProvider(new EncryptionMaterials(generateSecretKey()));

return AmazonS3EncryptionClientBuilder
                .standard()
                .withCredentials(credentials)
                .withRegion(getClientRegion())
                .withEncryptionMaterials(encryptionMaterials)
                .build();

然后,在我的AmazonSerivce中,我创建的预签名URL是以下代码:

final GeneratePresignedUrlRequest generatePresignedUrlRequest =
                new GeneratePresignedUrlRequest(amazonConfiguration.getBucketName(), fileName)
                        .withMethod(HttpMethod.PUT)
                        .withSSEAlgorithm(SSEAlgorithm.AES256);

return s3Client.generatePresignedUrl(generatePresignedUrlRequest);

编辑:

此外-这是我从url本身获取的标头: response-content-disposition:inline%3B%20filename%3D%2283a9b66c-3ee2-4cc0-851a-266f3d6a81dc%22 X-Amz-Algorithm:AWS4-HMAC-SHA256 X-Amz-Date:20190828T075015Z X-Amz-SignedHeaders:host%3Bx-amz-server-side-encryption X-Amz-Expires:1799 X-Amz-Credential:AKIARTL3KQPR6IRHJIKL%2F20190828%2Feu-central-1%2Fs3%2Faws4_request X-Amz-Signature:75854367e3b4eea8ff3a05b7256e47ab1d16f1bf6957c6cd17970b3da217783

我在发送请求时手动添加了标题X-Amz-Server-Side-Encryption: AES256,并得到了相同的错误...

1 个答案:

答案 0 :(得分:0)

经过长时间的调查,看来我将X-Amz-Server-Side-Encryption设置为查询参数而不是标头-因此上传被拒绝...