Discussion :

[vin21207]

Bonjour,
Je suis entrain de développer une application. A l'interieur se celle-ci, je souhaite effectuer des echanger avec un cloud (ici AWS), je n'utilise pas la SDK car c'est une usine à gaz pour ce que je souhaite réaliser. Or, pendant l'utilisation et a la suite de plusieurs test, un message d'erreur persiste "SignatureDoesNotMatch" après vérification, avec mes différentes clef, j'arrive bien a telecharger et upload sur mon bucket. Je ne comprend vraiment pas d'ou ca vien... J'ai essayer d'utiliser un programme python, ca ne marche pas, j'ai essayer d'inserer la signateur après calcul, dans mon programme en c et pas mieux...

Si vous avez des idée de solution, je suis preuneur.
l'erreur apparait avec une méthode GET et le service s3 (avec d'autre service ca fonctionne bien)

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
# Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# <a href="http://aws.amazon.com/apache2.0/" target="_blank">http://aws.amazon.com/apache2.0/</a>
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
#
# ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference 
# Signing AWS API Requests top available at
# <a href="https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html" target="_blank">https://docs.aws.amazon.com/general/...-examples.html</a>
#
 
# AWS Version 4 signing example
 
# IAM API (CreateUser)
 
# See: <a href="http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html" target="_blank">http://docs.aws.amazon.com/general/l...4_signing.html</a>
# This version makes a GET request and passes request parameters
# and authorization information in the query string
import sys, os, base64, datetime, hashlib, hmac, urllib
import requests # pip install requests
 
# ************* REQUEST VALUES *************
method = 'GET'
service = 's3'
host = 's3.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://s3.amazonaws.com'
 
# Key derivation functions. See:
# <a href="http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python" target="_blank">http://docs.aws.amazon.com/general/l...xamples-python</a>
def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
 
def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning
 
# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = '<Access key>'
secret_key = '<secret key>'
if access_key is None or secret_key is None:
    print('No access key is available.')
    sys.exit()
 
# Create a date for headers and the credential string
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ') # Format date as YYYYMMDD'T'HHMMSS'Z'
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope
 
 
# ************* TASK 1: CREATE A CANONICAL REQUEST *************
# <a href="http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html" target="_blank">http://docs.aws.amazon.com/general/l...l-request.html</a>
 
# Because almost all information is being passed in the query string,
# the order of these steps is slightly different than examples that
# use an authorization header.
 
# Step 1: Define the verb (GET, POST, etc.)--already done.
 
# Step 2: Create canonical URI--the part of the URI from domain to query 
# string (use '/' if no path)
canonical_uri = '/' 
 
# Step 3: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note trailing \n in canonical_headers.
# signed_headers is the list of headers that are being included
# as part of the signing process. For requests that use query strings,
# only "host" is included in the signed headers.
canonical_headers = 'host:' + host + '\n'
signed_headers = 'host'
 
# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
 
# Step 4: Create the canonical query string. In this example, request
# parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
# use urllib.parse.quote_plus() if using Python 3
canonical_querystring = 'Action=CreateUser&UserName=NewUser&Version=2010-05-08'
canonical_querystring += '&X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring += '&X-Amz-Credential=' + urllib.parse.quote_plus(access_key + '/' + credential_scope)
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-Expires=30'
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers
 
# Step 5: Create payload hash. For GET requests, the payload is an
# empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()
 
# Step 6: Combine elements to create canonical request
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
 
 
# ************* TASK 2: CREATE THE STRING TO SIGN*************
string_to_sign = algorithm + '\n' +  amz_date + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
 
# ************* TASK 3: CALCULATE THE SIGNATURE *************
# Create the signing key
signing_key = getSignatureKey(secret_key, datestamp, region, service)
 
# Sign the string_to_sign using the signing_key
signature = hmac.new(signing_key, (string_to_sign).encode("utf-8"), hashlib.sha256).hexdigest()
 
 
# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************
# The auth information can be either in a query string
# value or in a header named Authorization. This code shows how to put
# everything into a query string.
canonical_querystring += '&X-Amz-Signature=' + signature
 
 
# ************* SEND THE REQUEST *************
# The 'host' header is added automatically by the Python 'request' lib. But it
# must exist as a header in the request.
request_url = endpoint + "?" + canonical_querystring
 
print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = requests.get(request_url)
 
print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print(r.text)

(source AWS)

[EDIT] problème résolue avec un autre scripte python qui permet de calculer correctement la signature ainsi que le charge.

[awawawa]

Bonsoir,

Je pense être confronté au même problème.

Pouvez vous nous donner plus de détails sur la solution SVP?