Ok, this is driving me nuts.
好吧,这让我疯了。
I'm trying to create a simple AWS S3 client that would allow for basic interaction with S3, but it seems I'm doing something wrong and can't figure out what it is. It might be blatently obvious, but I'm not seeing it.
我正在尝试创建一个简单的AWS S3客户端,它允许与S3进行基本交互,但似乎我做错了什么并且无法弄清楚它是什么。它可能很明显,但我没有看到它。
My keys are correct and have been tested - no trailing whitespace etc.
我的密钥是正确的并且已经过测试 - 没有尾随空格等。
The issue seems to be with the signature, it keeps getting the 'the request signature we calculated does not match the signature you provided. Check your key and signing method' error from Amazon's REST API. I've create various categories that add the base64, HMAC SHA1 generation functionality and I've also looked through various online examples, but no success so far.
问题似乎与签名有关,它不断得到'我们计算的请求签名与您提供的签名不匹配。从Amazon的REST API检查您的密钥和签名方法错误。我创建了各种类别,添加了base64,HMAC SHA1生成功能,我还查看了各种在线示例,但到目前为止还没有成功。
The reason for not using the library provided by Amazon is because it's aimed at Cocoa Touch and I don't want to hack around to make it work on Cocoa.
不使用亚马逊提供的库的原因是因为它针对的是Cocoa Touch,我不想破解它以使其适用于Cocoa。
You can grab a copy of all the files/code here: https://www.dropbox.com/s/8ts9q71dz3uopxp/S3Lite.zip
您可以在此处获取所有文件/代码的副本:https://www.dropbox.com/s/8ts9q71dz3uopxp/S3Lite.zip
I am however following Amazon's documentation around authentication and to my simple mind, everything is being done correctly.
然而,我正在关注亚马逊关于身份验证的文档,而且简单地说,一切都正确完成。
Here's how I'm generating the signature:
这是我如何生成签名:
-(NSString *)signRequest:(NSURLRequest *)request {
NSMutableString *sig = [[NSMutableString alloc] init];
// Request Method
[sig appendFormat:@"%@\n", [request HTTPMethod]];
// Content MD5
[sig appendFormat:@"%@\n", [[request HTTPBody] MD5String]];
// Content Type
[sig appendFormat:@"%@\n", [request valueForHTTPHeaderField:@"Content-Type"]];
// Date
[sig appendFormat:@"%@\n", [request valueForHTTPHeaderField:@"Date"]];
// Canonicalized Headers
[sig appendFormat:@"%@\n", @""]; // Empty for now
// Canonicalized Resource
[sig appendFormat:@"%@", [NSString stringWithFormat:@"/%@%@", _bucket, request.URL.path]];
NSString *encodedString = [[[sig dataUsingEncoding:NSUTF8StringEncoding] hmacSHA1SignatureWithKey:_secretKey] base64String];
return [[NSString alloc] initWithFormat:@"AWS %@:%@", _accessKey, encodedString];
}
Here's how you go about working with it to attempt to perform a simple PUT request.
以下是您如何使用它来尝试执行简单的PUT请求。
#import "S3Lite.h"
S3Lite *aws = [[S3Lite alloc] initWithAccessKey:@"<access key>"
secretKey:@"<secret key>"
bucketName:@"<bucket name>"
region:kAmazonS3EUWest1Region
useSSL:NO];
NSData *file = [[NSData alloc] initWithContentsOfFile:@"<path to a file>"];
[aws putObjectWithData:file inPath:@"aRandomFile.png" withContentType:nil];
Any help in the right direction would be greatly appreciated.
任何正确方向的帮助将不胜感激。
S
小号
3 个解决方案
#1
8
Even if you aren't able to use the AWS SDK for iOS directly, it is open source, and you might get some ideas from examining the request signing code here:
即使您无法直接使用AWS SDK for iOS,它也是开源的,您可能会从检查请求签名代码中获得一些想法:
https://github.com/aws/aws-sdk-ios/blob/master/AWSCore/Authentication/AWSSignature.m
https://github.com/aws/aws-sdk-ios/blob/master/AWSCore/Authentication/AWSSignature.m
#2
1
You need to make sure you include empty values in that string when the corresponding header is missing from the request (e.g. Content-MD5 is optional for PUT requests and meaningless for GET requests - you should only include its value in the string you're signing if your request includes that header in the API call to S3).
当请求中缺少相应的标头时,您需要确保在该字符串中包含空值(例如,对于PUT请求,Content-MD5是可选的,对于GET请求,它是无意义的 - 您只应将其值包含在您要签名的字符串中如果您的请求在对S3的API调用中包含该标头)。
#3
1
At the moment I am developing a S3 Client Framework based on AFNetworking 1.0 (due to compatibility with older operating systems). The framework itself is still in development but all the request signing methods for AWS4-HMAC-SHA256 are already implemented and working. You can find the framework on github: https://github.com/StudioIstanbul/SIAFAWSClient
目前我正在开发基于AFNetworking 1.0的S3客户端框架(由于与旧操作系统的兼容性)。框架本身仍处于开发阶段,但AWS4-HMAC-SHA256的所有请求签名方法已经实现并正在运行。您可以在github上找到该框架:https://github.com/StudioIstanbul/SIAFAWSClient
Feel free to fork it and implement your functions so we can work on it together. Currently all basic S3 requests are implemented.
随意分叉并实现您的功能,以便我们可以一起工作。目前,所有基本的S3请求都已实现。
Of course you can also just copy my -(NSString*)AuthorizationHeaderStringForRequest:(NSMutableURLRequest*)request function to your own code. The AWS documentation on this is not very good at the moment as it lacks some steps in creating the signing keys.
当然,您也可以将我的 - (NSString *)AuthorizationHeaderStringForRequest:(NSMutableURLRequest *)请求函数复制到您自己的代码中。目前关于此的AWS文档并不是很好,因为它缺少创建签名密钥的一些步骤。
#1
8
Even if you aren't able to use the AWS SDK for iOS directly, it is open source, and you might get some ideas from examining the request signing code here:
即使您无法直接使用AWS SDK for iOS,它也是开源的,您可能会从检查请求签名代码中获得一些想法:
https://github.com/aws/aws-sdk-ios/blob/master/AWSCore/Authentication/AWSSignature.m
https://github.com/aws/aws-sdk-ios/blob/master/AWSCore/Authentication/AWSSignature.m
#2
1
You need to make sure you include empty values in that string when the corresponding header is missing from the request (e.g. Content-MD5 is optional for PUT requests and meaningless for GET requests - you should only include its value in the string you're signing if your request includes that header in the API call to S3).
当请求中缺少相应的标头时,您需要确保在该字符串中包含空值(例如,对于PUT请求,Content-MD5是可选的,对于GET请求,它是无意义的 - 您只应将其值包含在您要签名的字符串中如果您的请求在对S3的API调用中包含该标头)。
#3
1
At the moment I am developing a S3 Client Framework based on AFNetworking 1.0 (due to compatibility with older operating systems). The framework itself is still in development but all the request signing methods for AWS4-HMAC-SHA256 are already implemented and working. You can find the framework on github: https://github.com/StudioIstanbul/SIAFAWSClient
目前我正在开发基于AFNetworking 1.0的S3客户端框架(由于与旧操作系统的兼容性)。框架本身仍处于开发阶段,但AWS4-HMAC-SHA256的所有请求签名方法已经实现并正在运行。您可以在github上找到该框架:https://github.com/StudioIstanbul/SIAFAWSClient
Feel free to fork it and implement your functions so we can work on it together. Currently all basic S3 requests are implemented.
随意分叉并实现您的功能,以便我们可以一起工作。目前,所有基本的S3请求都已实现。
Of course you can also just copy my -(NSString*)AuthorizationHeaderStringForRequest:(NSMutableURLRequest*)request function to your own code. The AWS documentation on this is not very good at the moment as it lacks some steps in creating the signing keys.
当然,您也可以将我的 - (NSString *)AuthorizationHeaderStringForRequest:(NSMutableURLRequest *)请求函数复制到您自己的代码中。目前关于此的AWS文档并不是很好,因为它缺少创建签名密钥的一些步骤。