我们计算出的请求签名与您提供的签名不匹配。检查您的 AWS 秘密访问密钥和签名方法

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method

我对 Amazon Web Service API 的测试请求返回时出现以下错误:

<ItemSearchErrorResponse xmlns="http://ecs.amazonaws.com/doc/2005-10-05/">
  <Error>
    <Code>SignatureDoesNotMatch</Code>
    <Message>
     The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    </Message>
  </Error>
  <RequestId>ebe90459-1abd-403e-bfec-6916ebe07e1f</RequestId>
</ItemSearchErrorResponse>

我是这样得出结论的:

<?php

$private_key = "XXXXXXXXXXXXXXXXXXXXXX";
$date = urlencode(date('Y-m-d\TH:i:s.Z\Z', time()));
$string_to_sign = "GET webservices.amazon.com /onca/xml/ AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXXXXXA&Keywords=Rocket&Operation=ItemSearch&SearchIndex=Toys&Service=AWSECommerceService&Timestamp=".$date."";
$signature = urlencode(base64_encode(hash_hmac("sha256",$string_to_sign, $private_key, True)));
$url = "http://webservices.amazon.com/onca/xml?AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXXXXXX&Keywords=Rocket&Operation=ItemSearch&SearchIndex=Toys&Service=AWSECommerceService&Timestamp=".$date."&Signature=".$signature."";

header("Location: ".$url."");

?>

我基本上想要直接在 url 中签名的 REST 请求(因此 header 函数)但让我陷入了错误。我仔细检查了我的访问 ID 和密钥,所以我知道它们不是导致问题的原因。这不是正确的签名方式吗?

您似乎在尝试使用 V2 签名来调用 AWS 的 REST API。 完整的请参考AWS REST API call documentation.

我敢打赌,问题是签名前的字符串中缺少 SignatureVersionSignatureMethodVersion。上面链接的文档的第五步显示了要签名的字符串的示例:

GET\n
elasticmapreduce.amazonaws.com\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-10-03T15%3A19%3A30&Version=2009-03-31

这是 AWS 演讲:“您的凭据不正确”。