python - 尝试在python中进行签名并添加策略并签名到html文档以使用post在s3存储桶中上传文件。给出签名不匹配错误

问题描述

我在 python 中导出签名的代码如下。在这里，我的意图是生成签名和字符串以登录，以便我可以在 html 表单中使用它们。它显示以下错误：

SignatureDoesNotMatch and the request signature we calculated does not match the signature you provided.

import sys,os,base64, datetime, hashlib, hmac
import requests

method = 'POST'
service = 's3'
host = 'myBucket.s3.amazonaws.com'
region = 'someregion'
request_parameters = ''

stToEncode = '{"expiration": "2020-06-30T12:00:00.000Z","conditions": [{"bucket": "myBucket"}, 
["starts-with","$key","user/user1/"],{"acl": "public-read"},{"success_action_redirect": 
"http://myBucket.s3.amazonaws.com/postHtml.html"},["starts-with", "$Content-Type", "text/"],{"x- 
amz- meta-uuid": "14365123651274"},{"x-amz-server-side-encryption": "AES256"},["starts-with",      
"$x-amz- meta-tag", ""],{"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20200630/us-east- 
1/s3/aws4_request"},{"x- amz-algorithm": "AWS4-HMAC-SHA256"},{"x-amz-date": "20200630T000000Z" 
}]}'

stEncode = stToEncode.encode('utf8')

b64_stEncode = base64.b64encode(stEncode)


t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, "aws4_request")
    return kSigning

 access_key = 'somekey' 
 secret_key = 'somesecret'

 if access_key is None or secret_key is None:
    print('No access key is available')
    sys.exit()

 t = datetime.datetime.utcnow()
 amzdate = t.strftime('%Y%m%dT%H%M%SZ')
 datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope 

 # ************* TASK 2: CREATE THE STRING TO SIGN*************
 # Match the algorithm to the hashing algorithm you use, either SHA-1 or
 # SHA-256 (recommended)

 canonical_uri = '/'
 canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'
 signed_headers = 'host;x-amz-date'
 canonical_querystring = request_parameters
 payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

 canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + 
 canonical_headers + '\n' + signed_headers + '\n' + payload_hash

 algorithm = 'AWS4-HMAC-SHA256'
 credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
 string_to_sign = algorithm + '\n' +  amzdate + '\n' +  credential_scope + '\n' +  
 hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

 # ************* TASK 3: CALCULATE THE SIGNATURE *************
 # Create the signing key using the function defined above.
 signing_key = getSignatureKey(secret_key, datestamp, region, service)

 # Sign the string_to_sign using the signing_key
 signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()


 #print(b64_stEncode)
 print(string_to_sign)
 print(signature)

标签： pythonpostamazon-s3