我想我读过几乎一切有阅读上签字的基础-64编码的浏览器,基于表单的职位,S3:旧文档和新文档。例如:
http://doc.s3.amazonaws.com/proposals/post.html
和甚至发现这一点:
http://s3.amazonaws.com /doc/s3-example-$c$c/post/post_sample.html
而不是使用上述或亚马逊的新政策发生器,或反复折腾博托,我试图起草一个简单的.py脚本,拉动政策JSON从一个纯文本文件(policy.txt中),然后生成必要的基础-64连接codeD签名帮我起草的HTML表单。
签名本身(这是依赖于连接codeD政策)没有被连接codeD正确...也许是由于某种UTF-8与ASCII或\ N(新行)发行?
我正在使用的脚本如下,政策和AWS秘密密钥 PRIVATE_KEY
是从AWS测试用例我使用,看看这个脚本作品。在正确连接codeD签名 - 引述亚马逊 - 包括在下面的脚本,以供参考。
谁能告诉我,为什么下面计算的签名不匹配由亚马逊提供的参考签名:
在换句话说:
为什么这是正确的连接codeD:
policy_en codeD = base64.b64en code(政策)
不过这个人是不是:
签名= base64.b64en code(hmac.new(PRIVATE_KEY,policy_en codeD,SHA).digest())
蟒蛇签名计算器...
#!的/ usr /斌/包膜蟒蛇
# - * - 编码:UTF-8 - * -
进口的base64,HMAC,SHA
从SYS进口的argv
脚本,政策= ARGV
PRIVATE_KEY ='uV3F3YluFJax1cknvbcGwgjvx4QpvB + leU8dUj2o
输入=打开(..桌面/ policy.txt中,RB)
政策= input.read()
policy_en codeD = base64.b64en code(政策)
签名= base64.b64en code(hmac.new(PRIVATE_KEY,policy_en codeD,SHA).digest())
打印您的保单基础-64连接codeD为%s。 %(policy_en codeD)
打印您的签名基地-64连接codeD为%s。 % (签名)
打印您的签名恩codeD应该是2qCp0odXe7A9IYyUVqn0w2adtCA =
JSON政策(policy.txt中 - UTF-8)
{过期:2007-12-01T12:00:00.000Z
条件:
{斗:johnsmith},
[开始,以,$关键,用户/埃里克/],
{以acl:大众阅读的},
{success_action_redirect:http://johnsmith.s3.amazonaws.com/successful_upload.html},
[开始,以,$内容类型,图像/],
{的x AMZ-元的uuid:14365123651274},
[开始 - 用,$的x AMZ-meta标记,]
]
}
解决方案
我觉得这是到你的policy.txt中文件的内容。
我把政策从引用链接( HTTP://doc.s3.amazonaws .COM /建议/ post.html ),并保存为policy.txt中
{过期:2007-12-01T12:00:00.000Z
条件:
{斗:johnsmith},
[开始,以,$关键,用户/埃里克/],
{以acl:大众阅读的},
{重定向:http://johnsmith.s3.amazonaws.com/successful_upload.html},
[开始,以,$内容类型,图像/],
{的x AMZ-元的uuid:14365123651274},
[开始 - 用,$的x AMZ-meta标记,],
]
}
为了得到确切的相同的签名,这个文件必须具有完全相同的内容。
有关的参考,当我复制和粘贴: MD5(policy.txt中)= 5bce89d9ff799e2064c136d76bc7fc7a
如果我用下面的脚本(你一样,只是调整的文件名,并删除的args
)
#!的/ usr /斌/包膜蟒蛇
# - * - 编码:UTF-8 - * -
进口的base64,HMAC,SHA
PRIVATE_KEY ='uV3F3YluFJax1cknvbcGwgjvx4QpvB + leU8dUj2o
输入=打开(policy.txt中,RB)
政策= input.read()
policy_en codeD = base64.b64en code(政策)
签名= base64.b64en code(hmac.new(PRIVATE_KEY,policy_en codeD,SHA).digest())
打印您的保单基础-64连接codeD为%s。 %(policy_en codeD)
打印您的签名基地-64连接codeD为%s。 % (签名)
打印您的签名恩codeD应该是2qCp0odXe7A9IYyUVqn0w2adtCA =
输出我得到的:
你的政策基础-64连接$ C $光盘 eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjo gWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIiB9LAogICAgWyJzdGFydHMtd2l0aCIsICIka2V5Ii wgInVzZXIvZXJpYy8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LAogICAgeyJyZWRpcmVjd CI6ICJodHRwOi8vam9obnNtaXRoLnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRt bCIgfSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHs ieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIi R4LWFtei1tZXRhLXRhZyIsICIiXSwKICBdCn0K 您的签名基地-64连接codeD是2qCp0odXe7A9IYyUVqn0w2adtCA = 您的签名EN codeD应2qCp0odXe7A9IYyUVqn0w2adtCA =
那么,你的code的作品,我只是觉得你签署一个稍微不同的策略(空白差异)
I think I've read nearly everything there is to read on base-64 encoding of a signature for in-browser, form-based post to S3: old docs and new docs. For instance:
http://doc.s3.amazonaws.com/proposals/post.html
And even found this:
http://s3.amazonaws.com/doc/s3-example-code/post/post_sample.html
Rather than using the above or Amazon's newer policy generator, or fiddle around with Boto, I'm trying to draft a simpler .py script that pulls the policy JSON from a plaintext file (policy.txt), and then generates the necessary base-64 encoded signature to help me draft the HTML form.
The signature itself (which is reliant on the encoded policy) is NOT being encoded correctly...maybe due to some sort of utf-8 vs. ascii or \n (newline) issue?
The script I'm working with is below, the policy and the AWS Secret Key private_key
are from an AWS test case I'm using to see if this script works. The correctly encoded signature--as quoted by Amazon--is included in the script below for reference.
Can anyone tell me why the signature as calculated below does not match the reference signature provided by Amazon?:
In other words:
Why this is correctly encoded:
policy_encoded = base64.b64encode(policy)
but this one is NOT:
signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest())
PYTHON signature calculator...
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import base64, hmac, sha
from sys import argv
script, policy = argv
private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o'
input = open("..Desktop/policy.txt", "rb")
policy = input.read()
policy_encoded = base64.b64encode(policy)
signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest())
print "Your policy base-64 encoded is %s." % (policy_encoded)
print "Your signature base-64 encoded is %s." % (signature)
print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA="
JSON Policy (policy.txt--UTF-8)
{ "expiration": "2007-12-01T12:00:00.000Z",
"conditions": [
{"bucket": "johnsmith"},
["starts-with", "$key", "user/eric/"],
{"acl": "public-read"},
{"success_action_redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html"},
["starts-with", "$Content-Type", "image/"],
{"x-amz-meta-uuid": "14365123651274"},
["starts-with", "$x-amz-meta-tag", ""]
]
}
解决方案
I think this is down to the contents of your policy.txt file.
I took the policy from the referenced link (http://doc.s3.amazonaws.com/proposals/post.html) and saved it as policy.txt
{ "expiration": "2007-12-01T12:00:00.000Z",
"conditions": [
{"bucket": "johnsmith" },
["starts-with", "$key", "user/eric/"],
{"acl": "public-read" },
{"redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html" },
["starts-with", "$Content-Type", "image/"],
{"x-amz-meta-uuid": "14365123651274"},
["starts-with", "$x-amz-meta-tag", ""],
]
}
In order to get the exact same signature, this file must have the exact same contents.
For reference, when I copied and pasted: MD5 (policy.txt) = 5bce89d9ff799e2064c136d76bc7fc7a
If I use the following script (same as yours, just adjust filename and remove args
)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import base64, hmac, sha
private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o'
input = open("policy.txt", "rb")
policy = input.read()
policy_encoded = base64.b64encode(policy)
signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest())
print "Your policy base-64 encoded is %s." % (policy_encoded)
print "Your signature base-64 encoded is %s." % (signature)
print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA="
Output I get:
Your policy base-64 encoded is eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjo gWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIiB9LAogICAgWyJzdGFydHMtd2l0aCIsICIka2V5Ii wgInVzZXIvZXJpYy8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LAogICAgeyJyZWRpcmVjd CI6ICJodHRwOi8vam9obnNtaXRoLnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRt bCIgfSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHs ieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIi R4LWFtei1tZXRhLXRhZyIsICIiXSwKICBdCn0K Your signature base-64 encoded is 2qCp0odXe7A9IYyUVqn0w2adtCA= Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA=
So, your code works, I just think you're signing a slightly different policy (whitespace differences)