Tun*_*ung 10 java rest signature amazon-web-services
当我从REST客户端调用API端点时,我通过关注Signature得到了错误.
请求:
主持人:https://xxx.execute-api.ap-southeast-1.amazonaws.com/latest/api/name
授权:AWS4-HMAC-SHA256 Credential =
{AWSKEY}/ 20160314/ap-southeast-1/execute-api/aws4_request,SignedHeaders = host; range; x-amz-date,Signature ={signature}X-Amz-Date:20160314T102915Z
响应:
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. The Canonical String for this request should have been 'xxx' "
}
从Java代码开始,我遵循AWS参考如何生成签名.
String secretKey = "{mysecretkey}";
String dateStamp = "20160314";
String regionName = "ap-southeast-1";
String serviceName = "execute-api";
byte[] signature = getSignatureKey(secretKey, dateStamp, regionName, serviceName);
System.out.println("Signature : " + Hex.encodeHexString(signature));
static byte[] HmacSHA256(String data, byte[] key) throws Exception {
String algorithm="HmacSHA256";
Mac mac = Mac.getInstance(algorithm);
mac.init(new SecretKeySpec(key, algorithm));
return mac.doFinal(data.getBytes("UTF8"));
}
static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception {
byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
生成签名时,我可以知道我错了吗?
参考如何生成签名:http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java
ami*_*mil 12
您可以使用AWS从的Java-SDK-核心类:https://github.com/aws/aws-sdk-java/tree/master/aws-java-sdk-core
更具体地说,Request,Aws4Signer和其他一些:
//Instantiate the request
Request<Void> request = new DefaultRequest<Void>("es"); //Request to ElasticSearch
request.setHttpMethod(HttpMethodName.GET);
request.setEndpoint(URI.create("http://..."));
//Sign it...
AWS4Signer signer = new AWS4Signer();
signer.setRegionName("...");
signer.setServiceName(request.getServiceName());
signer.sign(request, new AwsCredentialsFromSystem());
//Execute it and get the response...
Response<String> rsp = new AmazonHttpClient(new ClientConfiguration())
.requestExecutionBuilder()
.executionContext(new ExecutionContext(true))
.request(request)
.errorResponseHandler(new SimpleAwsErrorHandler())
.execute(new SimpleResponseHandler<String>());
如果你想要一个更干净的设计,你可以使用Decorator模式来组成一些优雅的类并隐藏上面的混乱.这方面的一个例子:http://www.amihaiemil.com/2017/02/18/decorators-with-tunnels.html
从上面的代码示例中,您似乎没有创建规范请求并将其包含在按照http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-签名的字符串中请求.html
您没有自己实现这一点,而是考虑使用第三方库。
aws-v4-signer-java是一个轻量级的零依赖库,可以轻松生成 AWS V4 签名。
String contentSha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
HttpRequest request = new HttpRequest("GET", new URI("https://examplebucket.s3.amazonaws.com?max-keys=2&prefix=J"));
String signature = Signer.builder()
.awsCredentials(new AwsCredentials(ACCESS_KEY, SECRET_KEY))
.header("Host", "examplebucket.s3.amazonaws.com")
.header("x-amz-date", "20130524T000000Z")
.header("x-amz-content-sha256", contentSha256)
.buildS3(request, contentSha256)
.getSignature();
免责声明:我是图书馆的作者。
| 归档时间: |
|
| 查看次数: |
17963 次 |
| 最近记录: |