I started programming again recently and would need some help as I've been bashing my head against the keyboard for some days now but the code coming out doesn't seem to do the trick... The scope of my project is simple; send API requests to a server that uses AWS authentication I've implemented the below to create the signature:
authString := "AWS4-HMAC-SHA256 Credential=**AWS Access**/"
authString += time.Now().Format("20060102" /*T150405Z"*/) + "/"
authString += "eu-west-1/"
authString += "execute-api/"
authString += "aws4_request,"
authString += "SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date"
awsSecret := "**tis a secret**"
/*
Pseudocode from documentation
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
*/
hash := getHMAC([]byte("AWS4"+awsSecret), []byte(time.Now().Format("20060102")))
hash = getHMAC(hash, []byte("eu-west-1"))
hash = getHMAC(hash, []byte("execute-api"))
hash = getHMAC(hash, []byte("aws4_request"))
authString += ", Signature=" + hex.EncodeToString(hash)
return authString
}
func getHMAC(key []byte, data []byte) []byte {
hash := hmac.New(sha256.New, key)
hash.Write(data)
return hash.Sum(nil)
}
Signature string
AWS4-HMAC-SHA256 Credential=**AWS Access**/20200421/eu-west-1/execute-api/aws4_request,SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=7b0fe4780c1c5ba39d0dee1774135d81c0bcca85f5e83325299c245eba1b0e5e
Response
{"message":"The request signature we calculated does not match the signature you provided. Check your
AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/prd/config/\n\ncontent-type:application/json\nhost:1294t77jvc.execute-api.eu-west-1.amazonaws.com\nx-amz-content-sha256:\nx-amz-date:2020-04-21T10:33:36+01:00\n\ncontent-type;host;x-amz-content-sha256;x-amz-date\n3cffc0f4da0132a4156d5c1a6506b4b163368ee9b131dce71e8316bd2220650b'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20200421T093336Z\n20200421/eu-west-1/execute-api/aws4_request\n3e40376452b02b8ba7f2826971e0438fd6891ccbf4c94e553dd91a2cc6f68560'\n"}
Bear in mind the response is with some bogus data, but it's pretty much the same as if it had the real AWS Access and secret keys. Feel free to criticise anything you see up there, as I'm trying to get good practices as well
Regards,
I somehow manage to successfully solved it based on your scripts. You're missing the string_to_sign with this pattern
stringToSign:= algorithm + "\n" + amzDate + "\n" + credentialScope + "\n" + hash(canonicalRequest)
and it should be included in the signature. So you have to like
signatureWithStringToSign := GetHMAC(hash, []byte(stringToSign))
authString += ", Signature=" + hex.EncodeToString(signatureWithStringToSign)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.