问题描述
当我从REST客户端调用API端点时,我通过签名来解决错误。
When I invoke API endpoints from REST client, I got error by concerning with Signature.
请求:
主机:
授权:AWS4-HMAC-SHA256凭据= {AWSKEY}
/ 20160314 / ap-southeast-1 / execute-api / aws4_request,SignedHeaders = host;范围; x-amz-date,签名= {签名}
Authorization: AWS4-HMAC-SHA256 Credential={AWSKEY}
/20160314/ap-southeast-1/execute-api/aws4_request,SignedHeaders=host;range;x-amz-date,Signature={signature}
X-Amz-Date :20160314T102915Z
X-Amz-Date: 20160314T102915Z
回复:
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. The Canonical String for this request should have been 'xxx' "
}
从Java代码开始,我遵循AWS参考如何生成签名。
From Java code, I followed AWS reference of how to generate Signature.
String secretKey = "{mysecretkey}";
String dateStamp = "20160314";
String regionName = "ap-southeast-1";
String serviceName = "execute-api";
byte[] signature = getSignatureKey(secretKey, dateStamp, regionName, serviceName);
System.out.println("Signature : " + Hex.encodeHexString(signature));
static byte[] HmacSHA256(String data, byte[] key) throws Exception {
String algorithm="HmacSHA256";
Mac mac = Mac.getInstance(algorithm);
mac.init(new SecretKeySpec(key, algorithm));
return mac.doFinal(data.getBytes("UTF8"));
}
static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception {
byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
我可以在生成签名时知道我的错误吗?
May I know what I was wrong while generating Signature?
参考如何生成签名:
推荐答案
您可以使用aws-java-sdk-core中的类:
You can use classes from aws-java-sdk-core: https://github.com/aws/aws-sdk-java/tree/master/aws-java-sdk-core
更具体地说,请求,Aws4Signer和其他一些:
More specifically, Request, Aws4Signer and a few other ones:
//Instantiate the request
Request<Void> request = new DefaultRequest<Void>("es"); //Request to ElasticSearch
request.setHttpMethod(HttpMethodName.GET);
request.setEndpoint(URI.create("http://..."));
//Sign it...
AWS4Signer signer = new AWS4Signer();
signer.setRegionName("...");
signer.setServiceName(request.getServiceName());
signer.sign(request, new AwsCredentialsFromSystem());
//Execute it and get the response...
Response<String> rsp = new AmazonHttpClient(new ClientConfiguration())
.requestExecutionBuilder()
.executionContext(new ExecutionContext(true))
.request(request)
.errorResponseHandler(new SimpleAwsErrorHandler())
.execute(new SimpleResponseHandler<String>());
如果你想要一个更干净的设计,你可以使用Decorator模式来组成一些优雅的类并隐藏一团糟。这方面的一个例子:
If you want a cleaner design, you can use the Decorator pattern to compose some elegant classes and hide the above mess. An example for that here: http://www.amihaiemil.com/2017/02/18/decorators-with-tunnels.html
这篇关于如何从Java生成AWS签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!