GoLang 中的 AWS4 签名
[英]AWS4 Signature in GoLang
问题描述
I started programming again recently and would need some help as I've been bashing my head against the keyboard for some days now but the code coming out doesn't seem to do the trick... The scope of my project is simple;
我最近再次开始编程,需要一些帮助,因为我已经用键盘敲打了几天,但出来的代码似乎并没有解决问题......我项目的 scope 很简单; send API requests to a server that uses AWS authentication I've implemented the below to create the signature:将 API 请求发送到使用 AWS 身份验证的服务器我已经实现了以下创建签名:
authString := "AWS4-HMAC-SHA256 Credential=**AWS Access**/"
authString += time.Now().Format("20060102" /*T150405Z"*/) + "/"
authString += "eu-west-1/"
authString += "execute-api/"
authString += "aws4_request,"
authString += "SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date"
awsSecret := "**tis a secret**"
/*
Pseudocode from documentation
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
*/
hash := getHMAC([]byte("AWS4"+awsSecret), []byte(time.Now().Format("20060102")))
hash = getHMAC(hash, []byte("eu-west-1"))
hash = getHMAC(hash, []byte("execute-api"))
hash = getHMAC(hash, []byte("aws4_request"))
authString += ", Signature=" + hex.EncodeToString(hash)
return authString
}
func getHMAC(key []byte, data []byte) []byte {
hash := hmac.New(sha256.New, key)
hash.Write(data)
return hash.Sum(nil)
}
Signature string签名字符串
AWS4-HMAC-SHA256 Credential=**AWS Access**/20200421/eu-west-1/execute-api/aws4_request,SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=7b0fe4780c1c5ba39d0dee1774135d81c0bcca85f5e83325299c245eba1b0e5e
Response回复
{"message":"The request signature we calculated does not match the signature you provided. Check your
AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/prd/config/\n\ncontent-type:application/json\nhost:1294t77jvc.execute-api.eu-west-1.amazonaws.com\nx-amz-content-sha256:\nx-amz-date:2020-04-21T10:33:36+01:00\n\ncontent-type;host;x-amz-content-sha256;x-amz-date\n3cffc0f4da0132a4156d5c1a6506b4b163368ee9b131dce71e8316bd2220650b'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20200421T093336Z\n20200421/eu-west-1/execute-api/aws4_request\n3e40376452b02b8ba7f2826971e0438fd6891ccbf4c94e553dd91a2cc6f68560'\n"}
Bear in mind the response is with some bogus data, but it's pretty much the same as if it had the real AWS Access and secret keys.请记住,响应是带有一些虚假数据,但它与具有真正的 AWS 访问和密钥几乎相同。 Feel free to criticise anything you see up there, as I'm trying to get good practices as well随意批评你在那里看到的任何东西,因为我也在努力获得好的做法
Regards,问候,
1 个解决方案
解决方案1
0 2022-05-26 01:56:57
I somehow manage to successfully solved it based on your scripts.我以某种方式设法根据您的脚本成功解决了它。 You're missing the string_to_sign with this pattern您缺少此模式的 string_to_sign
stringToSign:= algorithm + "\n" + amzDate + "\n" + credentialScope + "\n" + hash(canonicalRequest)
and it should be included in the signature.它应该包含在签名中。 So you have to like所以你必须喜欢
signatureWithStringToSign := GetHMAC(hash, []byte(stringToSign))
authString += ", Signature=" + hex.EncodeToString(signatureWithStringToSign)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.