stackoom
  简体   繁体   中英

AWS4 Signature in GoLang

 原文  2020-04-21 11:48:38       amazon-web-services/ go/ signature

Question

I started programming again recently and would need some help as I've been bashing my head against the keyboard for some days now but the code coming out doesn't seem to do the trick... The scope of my project is simple; send API requests to a server that uses AWS authentication I've implemented the below to create the signature:

    authString := "AWS4-HMAC-SHA256 Credential=**AWS Access**/"
    authString += time.Now().Format("20060102" /*T150405Z"*/) + "/"
    authString += "eu-west-1/"
    authString += "execute-api/"
    authString += "aws4_request,"
    authString += "SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date"

    awsSecret := "**tis a secret**"

    /*
        Pseudocode from documentation

           kSecret = your secret access key
           kDate = HMAC("AWS4" + kSecret, Date)
           kRegion = HMAC(kDate, Region)
           kService = HMAC(kRegion, Service)
           kSigning = HMAC(kService, "aws4_request")
    */

    hash := getHMAC([]byte("AWS4"+awsSecret), []byte(time.Now().Format("20060102")))
    hash = getHMAC(hash, []byte("eu-west-1"))
    hash = getHMAC(hash, []byte("execute-api"))
    hash = getHMAC(hash, []byte("aws4_request"))

    authString += ", Signature=" + hex.EncodeToString(hash)

    return authString
}

func getHMAC(key []byte, data []byte) []byte {
    hash := hmac.New(sha256.New, key)
    hash.Write(data)
    return hash.Sum(nil)
}

Signature string

AWS4-HMAC-SHA256 Credential=**AWS Access**/20200421/eu-west-1/execute-api/aws4_request,SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=7b0fe4780c1c5ba39d0dee1774135d81c0bcca85f5e83325299c245eba1b0e5e

Response

{"message":"The request signature we calculated does not match the signature you provided. Check your 
AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/prd/config/\n\ncontent-type:application/json\nhost:1294t77jvc.execute-api.eu-west-1.amazonaws.com\nx-amz-content-sha256:\nx-amz-date:2020-04-21T10:33:36+01:00\n\ncontent-type;host;x-amz-content-sha256;x-amz-date\n3cffc0f4da0132a4156d5c1a6506b4b163368ee9b131dce71e8316bd2220650b'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20200421T093336Z\n20200421/eu-west-1/execute-api/aws4_request\n3e40376452b02b8ba7f2826971e0438fd6891ccbf4c94e553dd91a2cc6f68560'\n"}

Bear in mind the response is with some bogus data, but it's pretty much the same as if it had the real AWS Access and secret keys. Feel free to criticise anything you see up there, as I'm trying to get good practices as well

Regards,

1 answers

solution1
 0  2022-05-26 01:56:57

I somehow manage to successfully solved it based on your scripts. You're missing the string_to_sign with this pattern

stringToSign:= algorithm + "\n" + amzDate + "\n" + credentialScope + "\n" + hash(canonicalRequest)

and it should be included in the signature. So you have to like

signatureWithStringToSign := GetHMAC(hash, []byte(stringToSign))  
authString += ", Signature=" + hex.EncodeToString(signatureWithStringToSign)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Orderhive AWS4 Signature not match AWS4 Signature key - is this tutorial wrong? Why AWS4 Signature Does Not Match? AWS4 signature in Node.js How to sign a signature for AWS4 (python) AWS4 Signing request signature does not match…even though it seems to Using AWS4 Signature via Postman for CRUD Elastic operations Meteor AWS4 + Appstream Having trouble with AWS4 Signature tutorial, hash doesn't match example authenticate to aws with axios and aws4
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM