stackoom
  简体   繁体   中英

Generate AWS Signature in MarkLogic XQuery - can't reproduce example hash

 原文  2023-01-12 17:48:01       xquery/ marklogic/ hmacsha256

Question

I need to send a GET request to AWS from MarkLogic and sign the URL. I was using the AWS documentation to understand how the signature gets created but what I get and what I expect to get aren't the same.

Sample data is from this page .

let $canonicalRequest :=
'GET
/test.txt
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host
host:examplebucket.s3.amazonaws.com

host
UNSIGNED-PAYLOAD'

(: the value of this is correct, this is the same as the example, 3bfa292879f6447bbcda7001decf97f4a54dc650c8942174ae0a9121cf58ad04 :)
let $canonicalRequestHash := xdmp:sha256($canonicalRequest) 

let $stringToSign :=
'AWS4-HMAC-SHA256
20130524T000000Z
20130524/us-east-1/s3/aws4_request
' ||
$canonicalRequestHash

let $signingKey := xdmp:hmac-sha256(xdmp:hmac-sha256(xdmp:hmac-sha256(xdmp:hmac-sha256("AWS4wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY","20130524"),"us-east-1"),"s3"),"aws4_request")

return xdmp:hmac-sha256($signingKey,$stringToSign)

I get

ec43271c228d0d408e25dd8ec1e3b71ed7c1dbfe5c76bd7f272d3bff665e1f16

I would like to get

aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404

1 answers

solution1
 0 ACCPTED  2023-01-12 20:40:58

The secretKey parameter should be a binary node for the region, service, and signing keys. This should work:

xquery version "1.0-ml";

let $canonicalRequest :=
'GET
/test.txt
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host
host:examplebucket.s3.amazonaws.com

host
UNSIGNED-PAYLOAD'

(: the value of this is correct, this is the same as the example, 3bfa292879f6447bbcda7001decf97f4a54dc650c8942174ae0a9121cf58ad04 :)
let $canonicalRequestHash := xdmp:sha256($canonicalRequest) 

let $stringToSign :=
'AWS4-HMAC-SHA256
20130524T000000Z
20130524/us-east-1/s3/aws4_request
' ||
$canonicalRequestHash

let $dateKey := xdmp:hmac-sha256("AWS4wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "20130524")
let $regionKey := xdmp:hmac-sha256(binary { xs:hexBinary($dateKey) }, "us-east-1")
let $serviceKey := xdmp:hmac-sha256(binary { xs:hexBinary($regionKey) }, "s3")
let $signingKey := xdmp:hmac-sha256(binary { xs:hexBinary($serviceKey) }, "aws4_request")

return xdmp:hmac-sha256(binary { xs:hexBinary($signingKey) }, $stringToSign)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Marklogic Json Xquery can't query Marklogic, Xquery Generate non-repeating random number using timestamp in Marklogic (XQuery)? How can I import multiple xsd files to validate in xQuery Marklogic Timeout for a loop in XQuery MarkLogic Marklogic collate sequence in XQuery Marklogic XQuery to Javascript Does MarkLogic have built-in XQuery crypto functions to create XML signature and verify signed XML? How can I use emacs to run xquery code on a Marklogic database? Can I declare a global variable in xquery in Marklogic Server?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM