Che*_*het 7 c# amazon sha1 rsa rsacryptoserviceprovider
有没有人使用.net实际上制定了如何成功签署一个与CloudFront私有内容一起使用的签名?经过几天的尝试,我只能获得Access Denied.
我一直在使用以下代码的变体,并尝试使用OpenSSL.Net和AWSSDK,但还没有RSA-SHA1的签名方法.
签名(数据)看起来像这样
{"Statement":[{"Resource":"http://xxxx.cloudfront.net/xxxx.jpg","Condition":?{"DateLessThan":?{"AWS:EpochTime":1266922799}}}]}
更新:通过删除上述签名中的单个空格解决所有这些问题.
如果我之前只注意到它!
此方法尝试对签名进行签名以在固定URL中使用.因此,变量包括chand在has中使用的填充,并在签名之前反转byte [],因为OpenSSL就是这样做的.
public string Sign(string data)
{
using (SHA1Managed SHA1 = new SHA1Managed())
{
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
RSACryptoServiceProvider.UseMachineKeyStore = false;
// Amazon PEM converted to XML using OpenSslKey
provider.FromXmlString("<RSAKeyValue><Modulus>.....");
byte[] plainbytes = System.Text.Encoding.UTF8.GetBytes(data);
byte[] hash = SHA1.ComputeHash(plainbytes);
//Array.Reverse(sig); // I have see some examples that reverse the hash
byte[] sig = provider.SignHash(hash, "SHA1");
return Convert.ToBase64String(sig);
}
}
通过使用我的CloudBerry Explorer生成CloudFront固定策略URL,我注意到我已经验证了在S3和CloudFront中正确设置了内容.他们是如何做到的呢?
任何想法将不胜感激.谢谢
如果有兴趣的话,这里是完整的代码:
internal class CloudFrontSecurityProvider
{
private readonly RSACryptoServiceProvider privateKey;
private readonly string privateKeyId;
private readonly SHA1Managed sha1 = new SHA1Managed();
public CloudFrontSecurityProvider(string privateKeyId, string privateKey)
{
this.privateKey = new RSACryptoServiceProvider();
RSACryptoServiceProvider.UseMachineKeyStore = false;
this.privateKey.FromXmlString( privateKey );
this.privateKeyId = privateKeyId;
}
private static int GetUnixTime(DateTime time)
{
DateTime referenceTime = new DateTime(1970, 1,1);
return (int) (time - referenceTime).TotalSeconds;
}
public string GetCannedUrl(string url, DateTime expiration)
{
string expirationEpoch = GetUnixTime( expiration ).ToString();
string policy =
@"{""Statement"":[{""Resource"":""<url>"",""Condition"":{""DateLessThan"":{""AWS:EpochTime"":<expiration>}}}]}".
Replace( "<url>", url ).
Replace( "<expiration>", expirationEpoch );
string signature = GetUrlSafeString( Sign( policy ) );
return url + string.Format("?Expires={0}&Signature={1}&Key-Pair-Id={2}", expirationEpoch, signature, this.privateKeyId);
}
private static string GetUrlSafeString(byte[] data)
{
return Convert.ToBase64String( data ).Replace( '+', '-' ).Replace( '=', '_' ).Replace( '/', '~' );
}
private byte[] Sign(string data)
{
byte[] plainbytes = Encoding.UTF8.GetBytes(data);
byte[] hash = sha1.ComputeHash(plainbytes);
return this.privateKey.SignHash(hash, "SHA1");
}
}
| 归档时间: |
|
| 查看次数: |
3387 次 |
| 最近记录: |