AWS4 - FineUploader S3 上传简单文件 - 请求签名不匹配错误 - 指导

AWS4 - FineUploader S3 uploading simple file - Request signature not matching error - guidance

我正在使用 fineUploader 5.16.2 并尝试将文件从浏览器简单上传到 S3,该文件正在服务器上签名。

我收到“我们计算的请求签名与您提供的签名不匹配。”上传错误。

我已经 运行 通过服务器策略签名代码并根据此处的预期值对其进行了测试: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html 并且它产生了正确的结果,所以我认为签名本身没问题。

我还检查了 IAM 策略/存储桶策略并使它们对测试没有限制,所以我不认为是这样。 我创建了新密钥/用户。

我不确定接下来要采取什么步骤来确定问题所在 - 以前经历过此问题的人的任何见解都会很棒,我已经走到了死胡同,不确定如何继续解决问题。

请求如下:

上传请求:

Request URL: https://s3.amazonaws.com/bucket_xyz
Request Method: POST
Status Code: 403 Forbidden
Remote Address: 52.216.165.93:443
Referrer Policy: no-referrer-when-downgrade

--------------------
Request 
------------------
Content-Type: multipart/form-data; boundary=---- 
WebKitFormBoundary0GCEvRBzhQOryykT
Origin: http://localhost:49797
Referer: http://localhost:49797/?section=3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

FormData:

key: 87d384ae-9038-4e26-aff4-70846b1decb9.jpg
Content-Type: image/jpeg
success_action_status: 200
acl: private
x-amz-meta-qqfilename: mel5.jpg
x-amz-algorithm: AWS4-HMAC-SHA256
x-amz-credential: ACCESSKEY/20181003/us-east-1/s3/aws4_request
x-amz-date: 20181003T163015Z

policy:eyJleHBpcmF0aW9uIjoiMjAxOC0xMC0wM1QxNjozNToxNS4yMzVaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHJpdmF0ZSJ9LHsiYnVja2V0Ijoic2R2YXVsdHMtdGVzdCJ9LHsiQ29udGVudC1UeXBlIjoiaW1hZ2UvanBlZyJ9LHsic3VjY2Vzc19hY3Rpb25fc3RhdHVzIjoiMjAwIn0seyJ4LWFtei1hbGdvcml0aG0iOiJBV1M0LUhNQUMtU0hBMjU2In0seyJrZXkiOiI4N2QzODRhZS05MDM4LTRlMjYtYWZmNC03MDg0NmIxZGVjYjkuanBnIn0seyJ4LWFtei1jcmVkZW50aWFsIjoiQUtJQUlNUFpWMktISUozM0JFUkEvMjAxODEwMDMvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotZGF0ZSI6IjIwMTgxMDAzVDE2MzAxNVoifSx7IngtYW16LW1ldGEtcXFmaWxlbmFtZSI6Im1lbDUuanBnIn1dfQ==

x-amz-signature: AA16D553ADD17986087A7418525BC4985F05E4BFD392DA30D0B39F1C933C2041

file: (binary)

回复:

Access-Control-Allow-Methods: POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Access-Control-Max-Age: 3000
Connection: close
Content-Type: application/xml
Date: Wed, 03 Oct 2018 16:30:15 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2:jws69+sNEZTky7EsMEpUHCdp62x1HurB2schStsp+inwMoBBxL7OPImi2xUmMiZLj2g+FsbAiiE=
x-amz-request-id: 3B58255BDCCA8F5F

错误正文

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we 
calculated does not match the signature you provided. Check your key and 
signing method.</Message> 
<AWSAccessKeyId>AKIAIMPZV2KHIJ33BERA</AWSAccessKeyId> 

<StringToSign>eyJleHBpcmF0aW9uIjoiMjAxOC0xMC0wM1QxNjozNToxNS4yMzVaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHJpdmF0ZSJ9LHsiYnVja2V0Ijoic2R2YXVsdHMtdGVzdCJ9LHsiQ29udGVudC1UeXBlIjoiaW1hZ2UvanBlZyJ9LHsic3VjY2Vzc19hY3Rpb25fc3RhdHVzIjoiMjAwIn0seyJ4LWFtei1hbGdvcml0aG0iOiJBV1M0LUhNQUMtU0hBMjU2In0seyJrZXkiOiI4N2QzODRhZS05MDM4LTRlMjYtYWZmNC03MDg0NmIxZGVjYjkuanBnIn0seyJ4LWFtei1jcmVkZW50aWFsIjoiQUtJQUlNUFpWMktISUozM0JFUkEvMjAxODEwMDMvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotZGF0ZSI6IjIwMTgxMDAzVDE2MzAxNVoifSx7IngtYW16LW1ldGEtcXFmaWxlbmFtZSI6Im1lbDUuanBnIn1dfQ==</StringToSign> <SignatureProvided>AA16D553ADD17986087A7418525BC4985F05E4BFD392DA30D0B39F1C933C2041</SignatureProvided> <StringToSignBytes>65 79 4a 6c 65 48 42 70 63 6d 46 30 61 57 39 75 49 6a 6f 69 4d 6a 41 78 4f 43 30 78 4d 43 30 77 4d 31 51 78 4e 6a 6f 7a 4e 54 6f 78 4e 53 34 79 4d 7a 56 61 49 69 77 69 59 32 39 75 5a 47 6c 30 61 57 39 75 63 79 49 36 57 33 73 69 59 57 4e 73 49 6a 6f 69 63 48 4a 70 64 6d 46 30 5a 53 4a 39 4c 48 73 69 59 6e 56 6a 61 32 56 30 49 6a 6f 69 63 32 52 32 59 58 56 73 64 48 4d 74 64 47 56 7a 64 43 4a 39 4c 48 73 69 51 32 39 75 64 47 56 75 64 43 31 55 65 58 42 6c 49 6a 6f 69 61 57 31 68 5a 32 55 76 61 6e 42 6c 5a 79 4a 39 4c 48 73 69 63 33 56 6a 59 32 56 7a 63 31 39 68 59 33 52 70 62 32 35 66 63 33 52 68 64 48 56 7a 49 6a 6f 69 4d 6a 41 77 49 6e 30 73 65 79 4a 34 4c 57 46 74 65 69 31 68 62 47 64 76 63 6d 6c 30 61 47 30 69 4f 69 4a 42 56 31 4d 30 4c 55 68 4e 51 55 4d 74 55 30 68 42 4d 6a 55 32 49 6e 30 73 65 79 4a 72 5a 58 6b 69 4f 69 49 34 4e 32 51 7a 4f 44 52 68 5a 53 30 35 4d 44 4d 34 4c 54 52 6c 4d 6a 59 74 59 57 5a 6d 4e 43 30 33 4d 44 67 30 4e 6d 49 78 5a 47 56 6a 59 6a 6b 75 61 6e 42 6e 49 6e 30 73 65 79 4a 34 4c 57 46 74 65 69 31 6a 63 6d 56 6b 5a 57 35 30 61 57 46 73 49 6a 6f 69 51 55 74 4a 51 55 6c 4e 55 46 70 57 4d 6b 74 49 53 55 6f 7a 4d 30 4a 46 55 6b 45 76 4d 6a 41 78 4f 44 45 77 4d 44 4d 76 64 58 4d 74 5a 57 46 7a 64 43 30 78 4c 33 4d 7a 4c 32 46 33 63 7a 52 66 63 6d 56 78 64 57 56 7a 64 43 4a 39 4c 48 73 69 65 43 31 68 62 58 6f 74 5a 47 46 30 5a 53 49 36 49 6a 49 77 4d 54 67 78 4d 44 41 7a 56 44 45 32 4d 7a 41 78 4e 56 6f 69 66 53 78 37 49 6e 67 74 59 57 31 36 4c 57 31 6c 64 47 45 74 63 58 46 6d 61 57 78 6c 62 6d 46 74 5a 53 49 36 49 6d 31 6c 62 44 55 75 61 6e 42 6e 49 6e 31 64 66 51 3d 3d</StringToSignBytes> <RequestId>3B58255BDCCA8F5F</RequestId> <HostId>jws69+sNEZTky7EsMEpUHCdp62x1HurB2schStsp+inwMoBBxL7OPImi2xUmMiZLj2g+FsbAiiE=</HostId></Error>

更多信息:

在 post 到 S3 之前,这里是 request/response 到服务器端点以获取签名。

POST handler.ashx?op=getSignature&v4=true

请求

Pragma  : no-cache
Origin  : http://localhost:49797
Accept-Encoding ; gzip, deflate, br
Host; localhost:49797
Accept-Language:    en-US,en;q=0.9
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/69.0.3497.100
 Safari/537.36
Content-Type : application/json; charset=UTF-8
Accept:  application/json
Cache-Control : no-cache
X-Requested-With : XMLHttpRequest
Cookie  :
Connection : keep-alive
Referer  : http://localhost:12455/?section=3
Content-Length  : 403

{"expiration":"2018-10-03T16:35:15.235Z","conditions":[{"acl":"private"}, 
{"bucket":"xyz"},
{"Content-Type":"image/jpeg"},{"success_action_status":"200"},{"x-amz-algorithm":"AWS4-HMAC-SHA256"},{"key":"87d384ae-9038-4e26-aff4-70846b1decb9.jpg"},{"x-amz-credential":"ACCESSKEY/20181003/us-east-1/s3/aws4_request"},{"x-amz-date":"20181003T163015Z"},{"x-amz-meta-qqfilename":"mel5.jpg"}]

}

回应

{"policy":"eyJleHBpcmF0aW9uIjoiMjAxOC0xMC0wM1QxNjozNToxNS4yMzVaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHJpd mF0ZSJ9LHsiYnVja2V0Ijoic2R2YXVsdHMtdGVzdCJ9LHsiQ29udGVudC1UeXBlIjoiaW1hZ2UvanBlZyJ9LHsic3VjY2Vzc19hY 3Rpb25fc3RhdHVzIjoiMjAwIn0seyJ4LWFtei1hbGdvcml0aG0iOiJBV1M0LUhNQUMtU0hBMjU2In0seyJrZXkiOiI4N2QzODRhZ S05MDM4LTRlMjYtYWZmNC03MDg0NmIxZGVjYjkuanBnIn0seyJ4LWFtei1jcmVkZW50aWFsIjoiQUtJQUlNUFpWMktISUozM0JFU kEvMjAxODEwMDMvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotZGF0ZSI6IjIwMTgxMDAzVDE2MzAxNVoifSx7IngtYW16LW1ldGEtcXFmaWxlbmFtZSI6Im1lbDUuanBnIn1dfQ ==","signature": "AA16D553ADD17986087A7418525BC4985F05E4BFD392DA30D0B39F1C933C2041"}

Javascript:

uploader = (<any>$(container)).fineUploaderS3({
                button: null,
                debug: true, 
                retry: {
                    enableAuto: false 
                },
                signature: {
                    endpoint: signatureEndPoint,
                    version: 4
                },
                uploadSuccess: {
                    endpoint: successEndPoint,
                    params: {

                    }
                },
                chunking: {
                    enabled: false
                },
                resume: {
                    enabled: false
                },
                deleteFile: {
                    enabled: false
                    endpoint: deleteFileEndPoint
                },
                autoUpload: false,
                maxConnections: 1,
                text: {
                    cancelButton: 'Remove file from the Queue'
                },
                request: {
                    endpoint: https://s3.amazonaws.com/"+bucket,
                    accessKey: accessKey
                },
                dragAndDrop: {
                    disableDefaultDropzone: true,
                    hideDropzones: false
                },
                editFilename: {
                    enabled: true
                },
                objectProperties: {
                    key: "uuid"
                }
            }).on('validateBatch', function () {

            }).on('submitted', function () {


            }).on('progress', function () {

            }).on('cancel', function () {

            });

如果这对其他人有帮助 - 我发现我的代码存在问题 - AWS4 需要小写签名字符串 - 一旦将生成的十六进制字符串转换为小写,问题就解决了。