1

这是我的表格

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  </head>
  <body>

  <form action="http://mybucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
    Key to upload: <input type="input" name="key" value="user/eric/" /><br />
    <input type="hidden" name="acl" value="public-read" />



    <input type="hidden" name="AWSAccessKeyId" value="myAWSId" />
    <input type="hidden" name="Policy" value="Base64EncodingOfPolicy"/>
    <input type="hidden" name="Signature" value="Signature Calculated as urlencode(base64(HMAC-SHA1(secret, policy base64 encoded string same as utf-8 encoded)))" />
    File: <input type="file" name="file" /> <br />
    <!-- The elements after this will be ignored -->
    <input type="submit" name="submit" value="Upload to Amazon S3" />
  </form>

</html>

这是我的政策

{ "expiration": "2014-12-01T12:00:00.000Z",

  "conditions": [

    {"acl": "public-read" },

    {"bucket": "mybucket" },

    ["starts-with", "$key", "user/eric/"],

  ]

}

这是 base64 编码的策略

eyAiZXhwaXJhdGlvbiI6ICIyMDE0LTEyLTAxVDEyOjAwOjAwLjAwMFoiLA0KDQogICJjb25kaXRp
b25zIjogWw0KDQogICAgeyJhY2wiOiAicHVibGljLXJlYWQiIH0sDQoNCiAgICB7ImJ1Y2tldCI6
ICJoYWJpdHN1c2VybWVkaWEiIH0sDQoNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNl
ci9lcmljLyJdLA0KDQogIF0NCg0KfQ==

我尝试过使用带和不带换行符的 base64 编码字符串。在使用上述编码和换行符时,我应该记住一些具体的事情吗?

SignatureDoesNotMatch即使在多次尝试考虑所有可能的排列之后,我仍然会收到错误消息。

我还使用了签名验证工具并检查了 AWS 接受的内容并与之匹配。http://aws.amazon.com/code/199

我该如何调试呢?如果您已使用 REST API 成功发布到 S3,您可以分享该片段吗?

4

1 回答 1

2

好的,一段时间后我能够解决这个问题。

这是我生成签名的python代码

import base64
import hmac
from hashlib import sha1
import urllib


input = open("policy.txt", "rb")
policy = input.read()
policy_encoded = base64.b64encode(policy).encode("UTF-8")
secret = "<my_aws_secret>"

print 'Encoded Policy  %s' %(policy_encoded)

hashed = hmac.new(secret,policy_encoded, sha1)


#This is the required value
signature = base64.b64encode(hashed.digest())

#This is not required for a HTTP POST form based request, only when it has to be passed in urlencoded format
signature_urlencoded = urllib.quote_plus(base64.b64encode(hashed.digest()))

print 'Signature urlencoded  %s' %(signature)

我的 policy.txt 是

{ "expiration": "2014-12-01T12:00:00.000Z",

"conditions": [

        {"acl": "public-read" },

        {"bucket": "<mybucket>" },

        {"success_action_status" : "201"},

        ["starts-with", "$key", "uploads/"],
        ]

}

我的表格看起来像

<form action="http://habitsusermedia.s3.amazonaws.com/" method="post" enctype="multipart/form-data">

                <input type="hidden" name="acl" value="public-read" />
                <input type="input" name="key" value="uploads/${filename}" />
                <input type="hidden" name="success_action_status" value="201" />

                <input type="hidden" name="AWSAccessKeyId" value="<aws_access_key>" />

                <input type="hidden" name="Policy" value="<policy_encoded_as_base64>"/>

                <input type="hidden" name="Signature" value="<signature>" />

                File: <input type="file" name="file" /> <br />

                <!-- The elements after this will be ignored -->
                <input type="submit" name="submit" value="Upload to Amazon S3" />
                </form>

确保您的 AWS 存储桶配置为接受来自任何域的 POST、PUT。为此使用策略生成工具。

有一篇有用的文章解释了AWS上的这些概念

于 2013-03-15T16:29:25.017 回答