我正在尝试使用 ColdFusion 使用他们当前称为签名版本 4 的身份验证方法访问 Amazon Web Services (AWS)。我查阅了他们的文档,其中包含几种编程语言的代码示例,以及其他语言的伪代码。他们提供了一些测试输入值以传递给我的脚本的签名函数,以及一些预期的结果。
以下是测试输入:
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
以下是预期结果:
kSecret = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'
“kSigning”的正确值应该是这样的:
f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d
但是,对于“kSigning”,我的代码会生成:
31A84DCE0538A8B15ED68CCFBD803F17947E41BF625EFFD1AD6A67FC821F9BE2
我正在使用 Railo 4.2。有人可以帮我解决这个问题,以便预期值与转储值匹配吗?这是我的 ColdFusion 标记:
<cfsilent>
<!--- HMACSHA256 --->
<cffunction name="sign" returntype="binary" access="private" output="false" hint="Sign with NSA SHA-256 Algorithm">
<cfargument name="signMessage" type="string" required="true" />
<cfargument name="signKey" type="string" required="true" />
<cfset var jMsg = JavaCast("string",arguments.signMessage).getBytes("utf-8") />
<cfset var jKey = JavaCast("string",arguments.signKey).getBytes("utf-8") />
<cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec") />
<cfset var mac = createObject("java","javax.crypto.Mac") />
<cfset key = key.init(jKey,"HmacSHA256") />
<cfset mac = mac.getInstance(key.getAlgorithm()) />
<cfset mac.init(key) />
<cfreturn mac.doFinal(jMsg) />
</cffunction>
<!--- Get Signature Key --->
<cffunction name="getSignatureKey" returntype="binary" access="private" output="false" hint="Derive the sign-in key">
<cfargument name="key" type="string" required="true" />
<cfargument name="dateStamp" type="string" required="true" />
<cfargument name="regionName" type="string" required="true" />
<cfargument name="serviceName" type="string" required="true" />
<cfset var kSecret = "AWS4" & arguments.key />
<cfset var kDate = sign( arguments.dateStamp, kSecret ) />
<cfset var kRegion = sign( arguments.regionName, kDate ) />
<cfset var kService = sign( arguments.serviceName, kRegion ) />
<cfset var kSigning = sign( arguments.serviceName, kService ) />
<cfreturn kSigning />
</cffunction>
</cfsilent><!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>AWS Test</title>
</head>
<body>
<cfset kSecret = getSignatureKey(
'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY',
'20120215',
'us-east-1',
'iam'
) />
<cfdump var="#BinaryEncode(kSecret, 'hex')#" label="kSecret" />
</body>
</html>