时间戳

首页 > 解决方案 > AWS S3 错误签名与 Javascript 不匹配

javascript - AWS S3 错误签名与 Javascript 不匹配

问题描述

每当我尝试列出存储桶(或任何调用)中的对象时,都会收到“签名不匹配”403 错误。我不能使用 SDK,但我检查了 SDK 调用中的 XMLHttpRequest 对象,以尝试设置我自己的对象,同时还遵循文档。我很确定我的 canonString 出了什么问题,但我不确定它到底出了什么问题。我用 AWS 提供的值检查了我的 getSigningKey 函数,它计算正确,所以我知道不是这样。我也很确定时间格式正确(最终是 20181002THHMMSSZ,我认为这是正确的)所以我也不认为是这样。我刚刚开始阅读有关 x-amz-content-sha256 的字符串常量“UNSIGNED-PAYLOAD”,但是将 CryptoJS.SHA256("").getString() 替换为“

var request = new XMLHttpRequest();
var signingKey = getSigningKey(dateStamp, secretKey, regionName, serviceName);
var time = new Date();

time = time.toISOString();
time = time.replace(/:/g, '').replace(/-/g,'');
time = time.substring(0,time.indexOf('.'))+"Z";
console.log(time); //If it is October 2nd 2018 @4:16:38 (EST) it returns 20181002T201638Z

var canonString = "GET\n"+
                    encodeURI("/")+"\n"+
                    encodeURI("delimiter")+'='+encodeURI("/")+'&'+
                    encodeURI("max-keys")+'='+encodeURI("100")+'&'+
                    encodeURI("prefix")+'='+encodeURI("08")+'\n'+
                    "host:"+bucketName+".s3.amazonaws.com\n"+
                    'x-amz-content-sha256:'+CryptoJS.SHA256("").toString()+'\n'+
                    'x-amz-date:'+time+'\n'+
                    CryptoJS.SHA256("").toString();

var stringToSign = "AWS4-HMAC-SHA256\n"+
                    time+"\n"+
                    "20181002/us-east-1/s3/aws4_request\n"+
                    CryptoJS.SHA256(canonString).toString();

var authString = CryptoJS.HmacSHA256(signingKey, stringToSign).toString();

request.open("GET", "https://"+bucketName+".s3.amazonaws.com/?delimiter=%2F&max-keys=100&prefix=08", false);
request.setRequestHeader("Authorization", "AWS4-HMAC-SHA256 Credential="+accessKey+"/20181002/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature="+authString);
request.setRequestHeader("host", bucketName+".s3.amazonaws.com");
request.setRequestHeader("x-amz-content-sha256", CryptoJS.SHA256("").toString());
request.setRequestHeader("x-amz-date", time);
console.log(request);
request.send();

该代码生成此错误消息作为响应:

<?xml version="1.0" encoding="UTF-8"?>↵&lt;Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>{Access Key Hidden}</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256↵20181002T192135Z↵20181002/us-east-1/s3/aws4_request↵514a2938b1655dd64c17a1ee5cdc3e5c31951f1532698a936e2228c075e6bc3d</StringToSign><SignatureProvided>6d685e715760ec0fd4c4665b10d7902902493df4e6252e6a6687752a5831d23d</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 38 31 30 30 32 54 31 39 32 31 33 35 5a 0a 32 30 31 38 31 30 30 32 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 35 31 34 61 32 39 33 38 62 31 36 35 35 64 64 36 34 63 31 37 61 31 65 65 35 63 64 63 33 65 35 63 33 31 39 35 31 66 31 35 33 32 36 39 38 61 39 33 36 65 32 32 32 38 63 30 37 35 65 36 62 63 33 64</StringToSignBytes><CanonicalRequest>GET↵/↵delimiter=%2F&amp;max-keys=100&amp;prefix=08↵host:{bucketName}.s3.amazonaws.com↵x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855↵x-amz-date:20181002T192135Z↵↵host;x-amz-content-sha256;x-amz-date↵e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest><CanonicalRequestBytes>47 45 54 0a 2f 0a 64 65 6c 69 6d 69 74 65 72 3d 25 32 46 26 6d 61 78 2d 6b 65 79 73 3d 31 30 30 26 70 72 65 66 69 78 3d 30 38 0a 68 6f 73 74 3a 64 65 6d 6f 61 70 70 2d 62 75 63 6b 65 74 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 38 31 30 30 32 54 31 39 32 31 33 35 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes><RequestId>3F949681DE5F906A</RequestId><HostId>PPpPc2z8fL+UYQ1Qfo+CeH2z/Cf7sHRWJARYtLaw5+1LVYphP0jIhTtoEDjTipt3veaSd8/jvpY=</HostId></Error>"

编辑:也忘了包括这个错误:

Refused to set unsafe header "host"

标签: javascriptamazon-web-servicesamazon-s3signature

解决方案

推荐阅读