问题描述
这是我目前所拥有的:
function sha256(stringToSign, secretKey) {
return CryptoJS.HmacSHA256(stringToSign, secretKey);
}
function getAmazonItemInfo(barcode) {
var parameters =
"Service=AWSECommerceService&"
+ "AWSAccessKeyId=" + appSettings.amazon.accessKey + "&"
+ "Operation=ItemLookup&"
+ "ItemId=" + barcode
+ "&Timestamp=" + Date.now().toString();
var stringToSign =
"GET
"
+ "webservices.amazon.com
"
+ "/onca/xml
"
+ parameters;
var signature = "&Signature=" + encodeURIComponent(sha256(stringToSign, appSettings.amazon.secretKey));
var amazonUrl =
"http://webservices.amazon.com/onca/xml?"
+ parameters
+ signature;
// perform a GET request with amazonUrl and do other stuff
}
当作为 HTTP GET 请求执行时,上述代码中 amazonUrl 的值会导致来自亚马逊的以下响应:
When executed as an HTTP GET request, the value of amazonUrl in the above code results in the following response from Amazon:
<?xml version="1.0"?>
<ItemLookupErrorResponse xmlns="http://ecs.amazonaws.com/doc/2005-10-05/">
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service
documentation for details.
</Message>
</Error>
<RequestId>[REMOVED]</RequestId>
</ItemLookupErrorResponse>
有用的链接:
推荐答案
我使用了你的代码并且我让它工作了.
I hacked around with your code and I got it working.
function sha256(stringToSign, secretKey) {
var hex = CryptoJS.HmacSHA256(stringToSign, secretKey);
return hex.toString(CryptoJS.enc.Base64);
}
function timestamp() {
var date = new Date();
var y = date.getUTCFullYear().toString();
var m = (date.getUTCMonth() + 1).toString();
var d = date.getUTCDate().toString();
var h = date.getUTCHours().toString();
var min = date.getUTCMinutes().toString();
var s = date.getUTCSeconds().toString();
if(m.length < 2) { m = "0" + m; }
if(d.length < 2) { d = "0" + d; }
if(h.length < 2) { h = "0" + h; }
if(min.length < 2) { min = "0" + min; }
if(s.length < 2) { s = "0" + s}
var date = y + "-" + m + "-" + d;
var time = h + ":" + min + ":" + s;
return date + "T" + time + "Z";
}
function getAmazonItemInfo(barcode) {
var PrivateKey = "";
var PublicKey = "";
var AssociateTag = "";
var parameters = [];
parameters.push("AWSAccessKeyId=" + PublicKey);
parameters.push("ItemId=" + barcode);
parameters.push("Operation=ItemLookup");
parameters.push("Service=AWSECommerceService");
parameters.push("Timestamp=" + encodeURIComponent(timestamp()));
parameters.push("Version=2011-08-01");
parameters.push("AssociateTag=" + AssociateTag);
parameters.sort();
var paramString = parameters.join('&');
var signingKey = "GET
" + "webservices.amazon.com
" + "/onca/xml
" + paramString
var signature = sha256(signingKey,PrivateKey);
signature = encodeURIComponent(signature);
var amazonUrl = "http://webservices.amazon.com/onca/xml?" + paramString + "&Signature=" + signature;
console.log(amazonUrl);
}
我用来参考的 Javascript 的 Header.
The Header of the Javascript I used for some reference.
<script src="hmac-sha256.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/components/enc-base64-min.js"></script>
<script src="amazon.js"></script>
您将需要修改其中的一部分,因为我更改了一些参数并且没有引用您的应用程序"对象.
You will need to modify parts of it because I changed some parameters around and don't reference your "app" object.
我做了什么来修复它(根据我的记忆).
For what I did to fix it (from what I can recall).
参数必须按字母顺序排列.我把它们放在一个数组中,然后对它们进行排序.我通过与符号的连接来跟进.
The parameters have to be alphabetical. I placed them in an array and then sort them. I follow this up by a join with the ampersand.
我修改了 sha256 函数以返回 RAW sha256 的 base64.在它以小写形式返回十六进制之前,这是不正确的.
I modified the sha256 function to return the base64 of the RAW sha256. Before it was returning the hexbits in lowercase, which isn't correct.
我打算在编码之前添加一个 base64,但 sha256 现在处理所有签名.
I was going to add a base64 before encoding, but the sha256 now handles all of the signing.
日期格式不正确.它返回一个纪元时间戳而不是字符串时间戳.我编写了一个简单的时间戳选项.
The date format was incorrect. It was returning a epoch timestamp instead of a string timestamp. I hacked together a simple timestamp option.
此代码要求您还包含用于 CryptoJS 的 Base64 库.
This code requires you to include the Base64 Library for CryptoJS also.
这篇关于如何仅使用客户端 JavaScript 正确签署对亚马逊 ItemLookup 的 GET 请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!