0

亚马逊有一些使用 HMAC 签署 REST 调用的示例。但是,在 Metro / WinRT 应用程序中使用以下代码时,签名不匹配。

HMAC的计算方法:

internal string CreateHMAC(
        string message,
        string algorithmName,
        string key)
    {
        MacAlgorithmProvider macAlgorithmProvider = MacAlgorithmProvider.OpenAlgorithm(algorithmName);
        var binaryMessage = CryptographicBuffer.ConvertStringToBinary(message, BinaryStringEncoding.Utf8);
        var binaryKeyMaterial = CryptographicBuffer.ConvertStringToBinary(key, BinaryStringEncoding.Utf8);
        var hmacKey = macAlgorithmProvider.CreateKey(binaryKeyMaterial);
        var binarySignedMessage = CryptographicEngine.Sign(hmacKey, binaryMessage);
        var signedMessage = CryptographicBuffer.EncodeToBase64String(binarySignedMessage);
        return signedMessage;
    }

测试检查示例:

var hmac = this.Amazon.CreateHMAC("GET\nwebservices.amazon.com\n/onca/xml\nAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06", "HMAC_SHA256", "1234567890");
var encoded = WebUtility.UrlEncode(hmac);
Assert.AreEqual("Nace%2BU3Az4OhN7tISqgs1vdLBHBEijWcBeCqL5xN9xg%3D", encoded);

实际结果是:

M%2fy0%2bEAFFGaUAp4bWv%2fWEuXYah99pVsxvqtAuC8YN7I%3d

有没有其他人在 WinRT 上成功创建了 HMAC?或者你能看到我做错了什么吗?

4

2 回答 2

0

亚马逊文档不正确/过时 - 使用ecs.amazonaws.com而不是webservices.amazon.com

所以签这个:

GET\necs.amazonaws.com\n/onca/xml\nAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z06&Version=2009-01-

对不起,这是一个非常快速的回复!

于 2012-05-27T07:36:42.873 回答
0

amazon 中的键是 Base64 字符串,因此您需要将此字符串转换为 IBuffer 对象,但从已公开为 Base 64 字符串的二进制内容开始。您正在将普通字符串转换为二进制,但情况并非如此。尝试这个

var algorithmProvider = MacAlgorithmProvider.OpenAlgorithm(algorithmName);

var binaryKeyMaterial = CryptographicBuffer.DecodeFromBase64String(key);
var hmacKey = algorithmProvider.CreateKey(binaryKeyMaterial );

在这篇博客文章中,我写了关于如何从 WinRT 创建签名的内容是西班牙语,但代码是通用的,您可以通过 bing 翻译器或其他一些工具对其进行翻译。

于 2012-12-12T01:20:53.390 回答