1. 技术文章
  2. Can't get a file from amazon s3 storage using curl with query string requestauthentication

Can't get a file from amazon s3 storage using curl with query string requestauthentication

℡╲_俬逩灬. 提交于 2019-12-13 07:15:40

问题


I'm trying to download a file from my s3 storage using simple bash script that I found on Internet.

#!/bash/sh

bucket='my_bucket_name'
file_path='path_to_my_file'
resource="/${bucket}/${file_path}"
# set url time to expire

expires=$(date +%s -d '4000 seconds')
stringtoSign="GET\n\n\n${expires}\n${resource}"
s3Key='s3Key_here'
s3Secret='s3SecretKey_here'

signature=`echo -en ${stringtoSign} | openssl sha1 -hmac ${s3Key} -binary | base64`


curl -G https://${bucket}.s3.amazonaws.com/${file_path} \
    --data AWSAccessKeyId=${s3Key} \
    --data Expires=${expires}\
    --data-urlencode Signature=${signature}

As you can see nothing special here. I want to use variant with a query string request.

But it always sends me back '403 Forbidden' error with additional message - "The request signature we calculated does not match the signature you provided. Check your key and signing method." Googling that error message didn't help me too.

I checked credentials with a help of boto python library,

import boto

from boto.s3.key import Key


KEY_ID = 'key_id'
SECRET_KEY_ID = 'secret_key'
SOURCE_FILE_NAME = 'path_to_file'
DEST_FILE_NAME = 'file'
BUCKET_NAME = 'my_bucket_name'

boto.set_stream_logger('boto')
conn = boto.connect_s3(KEY_ID, SECRET_KEY_ID)
bucket = conn.get_bucket(BUCKET_NAME)

# Get the Key object of the given key, in the bucket
k = Key(bucket, SOURCE_FILE_NAME)

# Get the contents of the key into a file
k.get_contents_to_filename(DEST_FILE_NAME)

just entered two secret keys I got, bucket name and path to file and it worked for me. But this is not what I'm looking for.

Of course, I read this docs and tried to follow it. My 'stringtoSing' variable is formed in right way. I just can't imagine where mistake is hidding.


回答1:


The problem is this:

openssl sha1 -hmac ${s3Key}

You don't sign with your key -- you sign with your secret.

openssl sha1 -hmac ${s3Secret}



回答2:


I set all variables names in right places and updated openssl to OpenSSL 1.0.2g 1 Mar 2016. Now it works.



来源:https://stackoverflow.com/questions/39921825/cant-get-a-file-from-amazon-s3-storage-using-curl-with-query-string-requestauth

标签
bash
amazon-web-services
curl
amazon-s3
boto
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!