反应本机 - aws 签名 - 获取请求失败，并显示：“我们计算的请求签名与您提供的签名不匹配。”

发布于 2025-01-14 05:28:27 字数 2010 浏览 1 评论 0原文

在我花了两周时间才获得使用“agnostic-aws-signature”包运行的 POST 请求后，我还想发出 GET 请求。自从他们之后，我又花了两周的时间来调试这个整天收到 403 消息的程序。

我已经尝试过可能已经有 POST 的所有软件包 - 结果只是不可知论对我有用。

在尝试了几天的 GET 请求后，我开始编写自己的签名创建代码，也是因为错误消息为我提供了规范的请求和要签名的字符串，而我无法使用包进行审查。现在，这两个错误消息与我的代码 100% 匹配，但我仍然收到相同的错误消息。

现在这是完整的消息：

"error": "我们计算的请求签名与您提供的签名。检查您的 AWS 秘密访问密钥和签名方法。有关详细信息，请参阅服务文档。Canonical 此请求的字符串应该是

GET
/dev-myapp-status/myappstatus
creation_time=1644990779295&myapp_id=f0dfb080-cea3-4111-828f-39c945e010a3
host:api.meetus.app
x-amz-content-sha256:
x-amz-date:20220315T100602Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

待签名字符串应该是

AWS4-HMAC-SHA256
20220315T100602Z
20220315/eu-central-1/execute-api/aws4_request
bc72522ed88d2e8e59a40f756e43cf97f08f01eebe3bbeee57e9ef876396ceb4

使用我自己的实现，这看起来与我所拥有的 100% 相同，因为我现在可以控制它。（请原谅我再次发布相同的内容..）

此外，我还检查了凭证可能超出了对我的心理健康有益的范围..我可以获取新的 IAM 凭证，这些是我使用的凭证。（这就是为什么我后来将 sec-token 添加到标题中。）

在我看来，这意味着后面的代码一定有问题。所以我只在这里发布这段代码，希望有人能帮忙。

create ksign:

async function createSignatureKey(
  secretkey,
  authDate,
  regionName,
  serviceName,
) {
  let kDate = await hmac('AWS4' + secretkey, authDate, 'binary');

  let kRegion = await hmac(kDate, regionName, 'binary');

  let kService = await hmac(kRegion, serviceName, 'binary');

  let kSigning = await hmac(kService, 'aws4_request', 'binary');

  return kSigning;
}

创建签名:

var hmacSignature = await hmac(kSigning, stringToSign, 'binary');
var signature = await toHex(hmacSignature);

和 to hex:

async function toHex(str) {
  var result = '';
  for (var i = 0; i < str.length; i++) {
    result += str.charCodeAt(i).toString(16);
  }
  return result;
}

在此之后，我只将标头放在一起，如果我做错了什么，aws 会给我一个很好且非常具体的答案，什么是错的。所以我认为问题实际上是这里概述的签名计算。

原文

After it took me two weeks to get a POST request running with the 'agnostic-aws-signature' package I wanted to also make a GET request. Since them I am again two weeks on debugging this one getting the 403 message all day long.

I have tried probably all packages that are out there already with POST - with the result that just agnostic worked for me.

After trying a few days with that one on the GET request, I began to put together my own code for the signature creation, also because the error message is giving me the canonical request and string to sign which I could not review with the packages. Now those two match 100% from the error message to my code, still I am getting the same error message.

Now here is the full message:

"error": "The request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.The Canonical
String for this request should have been

GET
/dev-myapp-status/myappstatus
creation_time=1644990779295&myapp_id=f0dfb080-cea3-4111-828f-39c945e010a3
host:api.meetus.app
x-amz-content-sha256:
x-amz-date:20220315T100602Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

The String-to-Sign should have been

AWS4-HMAC-SHA256
20220315T100602Z
20220315/eu-central-1/execute-api/aws4_request
bc72522ed88d2e8e59a40f756e43cf97f08f01eebe3bbeee57e9ef876396ceb4

With my own implementation this looks 100% the same as what I have, because I can control it now. (Please spare me to post the same lines again..)

Also I checked the Credentials probably more than is good for my mental health.. I can fetch new IAM creds and those are the ones that I use. (Which is why I later add the sec-token to the headers..)

In my view that means there must be something wrong with the code that comes afterwards.
So I will only post this code here, I hope someone can help.

create ksign:

async function createSignatureKey(
  secretkey,
  authDate,
  regionName,
  serviceName,
) {
  let kDate = await hmac('AWS4' + secretkey, authDate, 'binary');

  let kRegion = await hmac(kDate, regionName, 'binary');

  let kService = await hmac(kRegion, serviceName, 'binary');

  let kSigning = await hmac(kService, 'aws4_request', 'binary');

  return kSigning;
}

create signature:

var hmacSignature = await hmac(kSigning, stringToSign, 'binary');
var signature = await toHex(hmacSignature);

and to hex:

async function toHex(str) {
  var result = '';
  for (var i = 0; i < str.length; i++) {
    result += str.charCodeAt(i).toString(16);
  }
  return result;
}

After this I only put together the headers, if I do something wrong there aws gives me a good and very specific answer what is wrong. So I think the issue really is the signature calculation outlined here.

分享到QQ

分享到微博