python-3.x - s3 后签名与 AWS 文档示例不匹配(python)
问题描述
我试图在此处重现以下示例中计算的签名。
显示签名后构造的文档在这里。
这是我的 python 代码,它尝试逐步重现 de 以创建签名(使用与示例相同的参数):
import hmac
import hashlib
secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
aws_region = 'us-east-1'
aws_service = 's3'
date_str = '20151229'
encoded_policy = 'eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9'
def digest(key, msg):
return hmac.new(key.encode('UTF-8'), msg.encode('UTF-8'), hashlib.sha256).hexdigest()
date_key = digest(date_str, ('AWS4' + secret_access_key))
date_region_key = digest(date_key, aws_region)
date_region_service_key = digest(date_region_key, aws_service)
signing_key = digest(date_region_service_key, 'aws4_request')
signature = digest(signing_key, encoded_policy)
print(signature)
此代码返回我以下签名:
6f86ebce05110fadcd2972035d7dee85e120171012d340467a518f37db41d253
但预计会返回此签名(如 aws 示例所示):
8afdbf4008c03f22c2cd3cdb72e4afbb1f6a588f3255ac628749a66d7f09699e
我究竟做错了什么?
解决方案
我并没有真正意识到我的代码有什么问题,但是经过多次阅读文档和多次尝试后,我找到了一个对我有帮助的代码,并将我带到了正确的签名处。
这是代码:
import hmac
import hashlib
import codecs
def sign(key, msg):
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):
kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, "aws4_request")
return kSigning
key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
dateStamp = '20151229'
regionName = 'us-east-1'
serviceName = 's3'
string_to_sign = 'eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9'
signing_key = getSignatureKey(key, dateStamp, regionName, serviceName)
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
print(signature)
我从这个页面得到了这个片段,这里。
希望这可以帮助任何有同样问题的人。
推荐阅读
- html - 文本对齐如何在 HTML/CSS 中工作
- python - 如果消息有一定数量的反应,则将消息提取到另一个通道 - discord.py 重写
- r - 如何下载小于 3.6 的 R 版本的包“markovchain”
- timestamp - Postman:测试不同时间戳的断言
- powershell - Powershell 使用 System.Windows.Forms.SaveFileDialog 将目录位置选择到变量中
- react-native - 接收react-native应用程序ble发送的数据
- sml - 展平 SML 获取问题的数据类型列表
- javascript - 随机消息回复 Discord.js 2020
- google-bigquery - 如何在 Bigquery 中更改列模式
- python - 使用 numPy 和 matplotlib 绘制函数相对于两个变量的最大值