SimpleDB HMAC signing
Question
I'm writing a basic client to access the Amazon SimpleDB service and I'm having some trouble understanding the logic behind the signing of the request.
Here is an example request:
https://sdb.amazonaws.com/?Action=PutAttributes
&DomainName=MyDomain
&ItemName=Item123
&Attribute.1.Name=Color&Attribute.1.Value=Blue
&Attribute.2.Name=Size&Attribute.2.Value=Med
&Attribute.3.Name=Price&Attribute.3.Value=0014.99
&Version=2009-04-15
&Timestamp=2010-01-25T15%3A01%3A28-07%3A00
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&AWSAccessKeyId=<Your AWS Access Key ID>
Following is the string to sign.
The message to sign:
GET\n
sdb.amazonaws.com\n
/\n
AWSAccessKeyId=<Your AWS Access Key ID>
&Action=PutAttributes
&Attribute.1.Name=Color
&Attribute.1.Value=Blue
&Attribute.2.Name=Size
&Attribute.2.Value=Med
&Attribute.3.Name=Price
&Attribute.3.Value=0014.99
&DomainName=MyDomain
&ItemName=Item123
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2010-01-25T15%3A01%3A28-07%3A00
&Version=2009-04-15
Following is the signed request.
https://sdb.amazonaws.com/?Action=PutAttributes
&DomainName=MyDomain
&ItemName=Item123
&Attribute.1.Name=Color&Attribute.1.Value=Blue
&Attribute.2.Name=Size&Attribute.2.Value=Med
&Attribute.3.Name=Price&Attribute.3.Value=0014.99
&Version=2009-04-15
&Timestamp=2010-01-25T15%3A01%3A28-07%3A00
&Signature=<URLEncode(Base64Encode(Signature))>
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&AWSAccessKeyId=<Your AWS Access Key ID>
What I don't get is the message to sign. Why don't I get it? well, the parameter order is all changed around between the request and the message to sign. It appears in the example that maybe the parameters are ordered alphabetically.
Has anyone played around with SimpleDB to be able to tell me what the logic is behind the message to sign, ie parameter order etc. The documentation is not being very specific here.
2 answers
solution1
4 ACCPTED 2010-11-29 03:01:29
To answer my own question.
The answer is buried in the documentation. I was right, I'm to sort the parameters first.
solution2
1 2010-11-29 16:03:36
For those reading this question later, below is a quote of the relevant section from the docs. This section seems to have disappeared from the SimpleDB docs but is still present in the SQS docs. It still applies directly to SimpleDB.
A key issue is that you have to properly URL encode all of the HTTP parameter values.
Do not URL encode any of the unreserved characters that RFC 3986
defines.These unreserved characters are AZ, az, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
Percent encode all other characters with %XY, where X and Y are hex characters 0-9 and uppercase AF.
Percent encode extended UTF-8 characters in the form %XY%ZA
Percent encode the space character as %20 (and not +, as common encoding schemes do).
A common error involves failure to encode the asterisk character (*) which can appear in both data values and in SelectExpressions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.