AWS创建POST策略base64编码+签名 [英] AWS Creating POST policy base64 encoded + signature
问题描述
我正在尝试使用PHP生成带签名的AWS POST策略,该策略将被发送到客户端,以允许通过javascript AJAX在浏览器中上传.
I am trying to generate an AWS POST policy w/ signature in PHP, which will be sent to the client to allow uploading in the browser via javascript AJAX.
我已将示例复制到http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
我有2个问题:
-
我无法从策略中生成正确编码的base64字符串.
I cannot generate a correctly encoded base64 string from the policy.
$policy = '{ "expiration": "2013-08-06T12:00:00.000Z", "conditions": [{"bucket": "examplebucket"}, ["starts-with", "$key", "user/user1/"], {"acl": "public-read"}, {"success_action_redirect": "http://acl6.s3.amazonaws.com/successful_upload.html"}, ["starts-with", "$Content-Type", "image/"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""], {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20130806/us-east-1/s3/aws4_request"}, {"x-amz-algorithm": "AWS4-HMAC-SHA256"}, {"x-amz-date": "20130806T000000Z"}]}';
$base64 = base64_encode($policy);
//Result
//eyAiZXhwaXJhdGlvbiI6ICIyMDEzLTA4LTA2VDEyOjAwOjAwLjAwMFoiLCAiY29uZGl0aW9ucyI6IFt7ImJ1Y2tldCI6ICJleGFtcGxlYnVja2V0In0sIFsic3RhcnRzLXdpdGgiLCAiJGtleSIsICJ1c2VyL3VzZXIxLyJdLCB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LCB7InN1Y2Nlc3NfYWN0aW9uX3JlZGlyZWN0IjogImh0dHA6Ly9hY2w2LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LCBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sIFsic3RhcnRzLXdpdGgiLCAiJHgtYW16LW1ldGEtdGFnIiwgIiJdLCB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxMzA4MDYvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LCB7IngtYW16LWFsZ29yaXRobSI6ICJBV1M0LUhNQUMtU0hBMjU2In0sIHsieC1hbXotZGF0ZSI6ICIyMDEzMDgwNlQwMDAwMDBaIn1dfQ==
这是我的utf8_encode()策略.当我尝试对base64进行编码时,它与示例base64策略不同.无论我做什么,似乎都无法匹配它.我确实注意到,将日期更改为2013-08-07T12:00:00.000Z使其与编码字符串的该部分匹配.
this is my utf8_encode() policy. when I try to base64 encode it it is different than the examples base64 policy. Can't seem to get it to match no matter what I do. I did notice that changing the date to 2013-08-07T12:00:00.000Z makes it match for that part of the encoded string.
- 我无法使用正确编码的base64策略通过sha256生成正确的签名.
根据示例的base64编码策略创建签名:
Creating the Signature from the example's base64 encoded policy:
//Using this example secret key:
$secret = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY';
$policy = 'eyAiZXhwaXJhdGlvbiI6ICIyMDEzLTA4LTA3VDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJleGFtcGxlYnVja2V0In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIka2V5IiwgInVzZXIvdXNlcjEvIl0sDQogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwNCiAgICB7InN1Y2Nlc3NfYWN0aW9uX3JlZGlyZWN0IjogImh0dHA6Ly9leGFtcGxlYnVja2V0LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LA0KICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwNCiAgICB7IngtYW16LW1ldGEtdXVpZCI6ICIxNDM2NTEyMzY1MTI3NCJ9LA0KICAgIFsic3RhcnRzLXdpdGgiLCAiJHgtYW16LW1ldGEtdGFnIiwgIiJdLA0KDQogICAgeyJ4LWFtei1jcmVkZW50aWFsIjogIkFLSUFJT1NGT0ROTjdFWEFNUExFLzIwMTMwODA2L3VzLWVhc3QtMS9zMy9hd3M0X3JlcXVlc3QifSwNCiAgICB7IngtYW16LWFsZ29yaXRobSI6ICJBV1M0LUhNQUMtU0hBMjU2In0sDQogICAgeyJ4LWFtei1kYXRlIjogIjIwMTMwODA2VDAwMDAwMFoiIH0NCiAgXQ0KfQ==';
<?= hash_hmac('sha256', $policy, $secret); ?>
//Resulting Signature
d8ddc156c5d681b42c40a4224c07cdd64b938def8e8c34d616806175cb3c7119
//Signature in Example
21496b44de44ccb73d545f1a995c68214c9cb0d41c45a17a5daeec0b1a6db047
不确定我在这里想念的是什么.我也有PHP SDK,但无法找到提取策略/签名的方法,因此无法将其发送到浏览器中的javascript.有没有一种方法可以从PHP SDK生成具有我指定条件的策略?我在网上以及在SDK本身中四处查看,结果空白...
Not sure what I am missing here. I also have the PHP SDK, but I was unable to find a way to extract the Policy / Signature so I can send that to the javascript in the browser. Is there a way to generate a policy with my specified conditions from the PHP SDK? I have looked around on the web and in the SDK itself and came up empty...
推荐答案
我用
$policydoc = <<<EOT
{"expiration": "2016-01-01T00:00:00Z",
"conditions": [
{"bucket": "{$bucket}"},
["starts-with", "\$key", "uploads/"],
{"acl": "private"},
{"success_action_redirect": "$success_action_redirect"},
["content-length-range", 0, 1048576]
]
}
EOT;
$policydoc = base64_encode($policydoc);
$signature = base64_encode(hash_hmac('sha1', $policydoc, $provider->getSecretKey(), true));
我认为" sha1 "缺少您的一部分.
i think 'sha1' is missing part in yours.
这篇关于AWS创建POST策略base64编码+签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
