1. 首页
  2. 问答
  3. S3在Elixir中对浏览器POST命令进行签名

S3在Elixir中对浏览器POST命令进行签名

2016-07-02 37 views
1

我正在努力通过S3 signing example。但我没有在他们的文档中获得临时答案。我在iex开始:S3在Elixir中对浏览器POST命令进行签名

policy = %{"conditions"=> [ 
     %{"bucket"=> "sigv4examplebucket"}, 
     ["starts-with", "$key", "user/user1/"], 
     %{"acl"=> "public-read"}, 
     %{"success_action_redirect"=> "http=>//sigv4examplebucket.s3.amazonaws.com/successful_upload.html"}, 
     ["starts-with", "$Content-Type", "image/"], 
     %{"x-amz-meta-uuid"=> "14365123651274"}, 
     %{"x-amz-server-side-encryption"=> "AES256"}, 
     ["starts-with", "$x-amz-meta-tag", ""], 
     %{"x-amz-credential"=> "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request"}, 
     %{"x-amz-algorithm"=> "AWS4-HMAC-SHA256"}, 
     %{"x-amz-date"=> "20151229T000000Z"} 
     ] 
    } 

stringToSign = policy |> Poison.encode! |> Base.encode64

stringToSign出来,而不是亚马逊的例子更短。

对于签名我有这些助手:

@secret_key "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 

def signing_key2(secret, date, region, service) do 
    hash_sha256("AWS4" <> secret, date) 
    |> hash_sha256(region) 
    |> hash_sha256(service) 
    |> hash_sha256("aws4_request") 
end 

def hash_sha256(secret, msg) do 
    hash_sha256_bis(secret, msg) 
    |> Base.url_encode64 
end 

def hash_sha256_bis(secret, msg) do 
    :crypto.hmac(:sha256, secret, msg) 
end 


signing_key2(@secret_key, "20151229", "us-east-1", "s3")

但这出来比测试答案短。会欢迎一些指针。

来源

2016-07-02 Simon H

回答

1

您正在错误地创建派生密钥。您不应该使用base64编码中间hmac结果。

只有实际字符串的签署HMAC需要的任何编码,并且只是需要通过Base.encode16(case: :lower)

来源

2016-07-03 13:32:09

+0

嗨,非常感谢。我现在有一个长度相同的字符串,但是有大写字母,并且小写字母不够用,请重新查看我的代码 –

+0

这似乎有效,但现在我很惊讶,因为当我重读说明书时,会谈到十六进制编码最终签名,并且不起作用(结果太短) –

1

如果解码来自亚马逊的例子中的Base64字符串,你会注意到,他们使用的是\ r \ n的换行符:

iex(25)> Base.decode64("eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9") 
{:ok, 
"{ \"expiration\": \"2015-12-30T12:00:00.000Z\",\r\n \"conditions\": [\r\n {\"bucket\": \"sigv4examplebucket\"},\r\n [\"starts-with\", \"$key\", \"user/user1/\"],\r\n {\"acl\": \"public-read\"},\r\n {\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"},\r\n [\"starts-with\", \"$Content-Type\", \"image/\"],\r\n {\"x-amz-meta-uuid\": \"14365123651274\"},\r\n {\"x-amz-server-side-encryption\": \"AES256\"},\r\n [\"starts-with\", \"$x-amz-meta-tag\", \"\"],\r\n\r\n {\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"},\r\n {\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"},\r\n {\"x-amz-date\": \"20151229T000000Z\" }\r\n ]\r\n}"}

还要注意双换行符在那里,你不会得到来自Poison。为了得到完全相同的base64结果,你可以这样做:

s = ~s({ "expiration": "2015-12-30T12:00:00.000Z", 
    "conditions": [ 
    {"bucket": "sigv4examplebucket"}, 
    ["starts-with", "$key", "user/user1/"], 
    {"acl": "public-read"}, 
    {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"}, 
    ["starts-with", "$Content-Type", "image/"], 
    {"x-amz-meta-uuid": "14365123651274"}, 
    {"x-amz-server-side-encryption": "AES256"}, 
    ["starts-with", "$x-amz-meta-tag", ""], 

    {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request"}, 
    {"x-amz-algorithm": "AWS4-HMAC-SHA256"}, 
    {"x-amz-date": "20151229T000000Z" } 
    ] 
}) 
iex(24)> s |> String.replace("\n", "\r\n") |> Base.encode64 
"eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9"

不是很确定如何计算最终的签名,但这解释了base64编码字符串的值不同。

来源

2016-07-03 10:44:46 splatte

+0

感谢基数为16(输出。我有点担心是多么敏感,这一切都是像马车无聊的事情返回! –

相关问题

 相关问题