Aws簽名版本4策略不匹配示例

Question

我正在嘗試生成AWS4簽名以直接從客戶端瀏覽器上傳到S3存儲桶。我使用的例子在這裏生成C＃簽名：

AWS - Deriving the Signing Key with .NET (C#)

以驗證所產生的政策和簽名是正確的，我用從這裏的例子訪問密鑰和策略：

AWS - Examples: Browser-Based Upload using HTTP POST (Using AWS Signature Version 4)

我試過幾種方法來生成策略，但它不匹配。我甚至從示例中複製並粘貼了確切的策略字符串。那麼，爲什麼不這項工作：

var policy = "{ \"expiration\": \"2015-12-30T12:00:00.000Z\"," + 
        "\"conditions\": [" + 
        "{\"bucket\": \"sigv4examplebucket\"}," + 
        "[\"starts-with\", \"$key\", \"user/user1/\"]," + 
        "{\"acl\": \"public-read\"}," + 
        "{\"success_action_redirect\": \"http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html\"}," + 
        "[\"starts-with\", \"$Content-Type\", \"image/\"]," + 
        "{\"x-amz-meta-uuid\": \"14365123651274\"}," + 
        "{\"x-amz-server-side-encryption\": \"AES256\"}," + 
        "[\"starts-with\", \"$x-amz-meta-tag\", \"\"]," + 
        "{\"x-amz-credential\": \"AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request\"}," + 
        "{\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"}," + 
        "{\"x-amz-date\": \"20151229T000000Z\" }]}"; 

// hash the Base64 version of the policy document and pass this to the signer as the body hash 
var policyStringBytes = Encoding.UTF8.GetBytes(policy); 
return Convert.ToBase64String(policyStringBytes); 

的例子說，該政策字符串應該是：

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLA0KICAiY29uZGl0aW9ucyI6IFsNCiAgICB7ImJ1Y2tldCI6ICJzaWd2NGV4YW1wbGVidWNrZXQifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci91c2VyMS8iXSwNCiAgICB7ImFjbCI6ICJwdWJsaWMtcmVhZCJ9LA0KICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL3NpZ3Y0ZXhhbXBsZWJ1Y2tldC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwNCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiaW1hZ2UvIl0sDQogICAgeyJ4LWFtei1tZXRhLXV1aWQiOiAiMTQzNjUxMjM2NTEyNzQifSwNCiAgICB7IngtYW16LXNlcnZlci1zaWRlLWVuY3 J5cHRpb24iOiAiQUVTMjU2In0sDQogICAgWyJzdGFydHMtd2l0aCIsICIkeC1hbXotbWV0YS10YWciLCAiIl0sDQoNCiAgICB7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LA0KICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwNCiAgICB7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfQ0KICBdDQp9

但上述返回方法：

eyAiZXhwaXJhdGlvbiI6ICIyMDE1LTEyLTMwVDEyOjAwOjAwLjAwMFoiLCJjb25kaXRpb25zIjogW3siYnVja2V0IjogInNpZ3Y0ZXhhbXBsZWJ1Y2tldCJ9LFsic3RhcnRzLXdpdGgiLCAiJGtleSIsICJ1c2VyL3VzZXIxLyJdLHsiYWNsIjogInB1YmxpYy1yZWFkIn0seyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vc2lndjRleGFtcGxlYnVja2V0Ln MzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSx7IngtYW16LW1ldGEtdXVpZCI6ICIxNDM2NTEyMzY1MTI3NCJ9LHsieC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbiI6ICJBRVMyNTYifSxbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXSx7IngtYW16LWNyZWRlbnRpYWwiOiAiQUtJQUlPU0ZPRE5ON0VYQU1QTEUvMjAxNTEyMjkvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJ9LHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSx7IngtYW16LWRhdGUiOiAiMjAxNTEyMjlUMDAwMDAwWiIgfV19

如果我不能連得政策的字符串相匹配，那麼在生成匹配的簽名沒有希望。

Answer 1

基本上這是你需要做的。 基於文檔頁面的輸出，將base64代碼複製並粘貼到https://www.base64decode.org/ 中，然後單擊解碼。 這將顯示解碼的json內容。

我做到了這一點，並將其與您的json內容進行了比較。 - 由@ hjpotter92提到的，你需要有新的線路 \ n - 你需要看空間

的例子顯示

<space>"conditions": [ 和 <space><space><space><space>{"bucket": "sigv4examplebucket"},

，但你的代碼所示

"conditions": [ 和 {"bucket": "sigv4examplebucket"},

希望這有助於。