我想使用AWS API来创建一个堆在AWS CloudFormation，但他们返回错误说：我们计算了不，你所提供的签名相匹配的签名

Fllowing是我使用产生siganture的code

  $ PRIVATE_KEY =XXXXXXXXXXXXX;
$ PARAMS =阵列（）;
$方法=POST;
$主机=cloudformation.eu-west-1.amazonaws.com;
$ URI =/ onca / xml的;

//其他参数
$ PARAMS [服务] =AWSCloudFormation;
$ PARAMS [操作] =DeleteStack;
$ PARAMS [AWSAccessKeyId] =XXXXXXXXXXXXXX;
// GMT时间戳
$ PARAMS [时间戳] = gmdate（Y-M-D \ TH：我：■\ Z）;
// API版本
$ PARAMS [版本] =2010-05-15;

//参数排序
//创建规范化查询
$ canonicalized_query =阵列（）;
的foreach（$ PARAMS为$参数=＆GT; $值）{
    $参数= str_replace函数（％7E，〜，rawurlen code（$参数））;
    $值= str_replace函数（％7E，〜，rawurlen code（$值））;
    $ canonicalized_query [] = $参数。 =。 $价值;
}
$ canonicalized_query =破灭（与＆amp;，$ canonicalized_query）;

//创建串签
$ string_to_sign = $方法。 \ N。 $主机。 \ N。 $ URI。 \ N。 $ canonicalized_query;

//计算HMAC与SHA256和的base64编码
$签字= base64_en code（hash_hmac（SHA256，$ string_to_sign，$ PRIVATE_KEY，真））;

// EN code的请求签名
$签字= str_replace函数（％7E，〜，rawurlen code（$签字））;

我使用的网址是

https://cloudformation.us-east-1.amazonaws.com/
？行动= DeleteStack
＆功放; StackName = MyStack
＆功放;版本= 2010-05-15
＆功放; SignatureVersion = 2
＆功放;时间戳= 2012-09-05T06：32：19Z
＆功放; AWSAccessKeyId = [AccessKeyId]
＆功放;签名= [签名]
＆放大器; =是SignatureMethod HmacSHA256'
 

解决方案

我证实弗雷德里克的答案。哈希它之前，你必须ksort阵列。

I am trying to use AWS API to create a stack in AWS CloudFormation, but they return error saying "signature we calculated does not match the signature you provided"

Fllowing is the code that I am using to generate the siganture

$private_key = "xxxxxxxxxxxxx";
$params = array();
$method = "POST";
$host = "cloudformation.eu-west-1.amazonaws.com";
$uri = "/onca/xml";

// additional parameters
$params["Service"] = "AWSCloudFormation";
$params["Operation"] = "DeleteStack";
$params["AWSAccessKeyId"] = "xxxxxxxxxxxxxx";
// GMT timestamp
$params["Timestamp"] = gmdate("Y-m-d\TH:i:s\Z");
// API version
$params["Version"] = "2010-05-15";

// sort the parameters
// create the canonicalized query
$canonicalized_query = array();
foreach ($params as $param => $value) {
    $param = str_replace("%7E", "~", rawurlencode($param));
    $value = str_replace("%7E", "~", rawurlencode($value));
    $canonicalized_query[] = $param . "=" . $value;
}
$canonicalized_query = implode("&", $canonicalized_query);

// create the string to sign
$string_to_sign = $method . "\n" . $host . "\n" . $uri . "\n" . $canonicalized_query;

// calculate HMAC with SHA256 and base64-encoding
$signature = base64_encode(hash_hmac("sha256", $string_to_sign, $private_key, True));

// encode the signature for the request
$signature = str_replace("%7E", "~", rawurlencode($signature));

the url I am using is 

'https://cloudformation.us-east-1.amazonaws.com/
?Action=DeleteStack
&StackName=MyStack
&Version=2010-05-15
&SignatureVersion=2
&Timestamp=2012-09-05T06:32:19Z
&AWSAccessKeyId=[AccessKeyId]
&Signature=[Signature]
&SignatureMethod=HmacSHA256'

I confirmed Frederick's answer. You must ksort the array before hashing it.