При попытке загрузить на Amazon S3 файл примерно следующими Objective-C кодом:
AFAmazonS3Manager *s3Manager = [[AFAmazonS3Manager alloc] initWithAccessKeyID:@"..." secret:@"..."]; s3manager.requestSerializer.region = AFAmazonS3USWest1Region; s3manager.requestSerializer.bucket = @"my-bucket-name"; NSString *destinationPath = @"/pathOnS3/to/file.txt"; [s3Manager postObjectWithFile:@"/path/to/file.txt" destinationPath:destinationPath parameters:nil progress:^(NSUInteger bytesWritten, long long totalBytesWritten, long long totalBytesExpectedToWrite) { NSLog(@"%f%% Uploaded", (totalBytesWritten / (totalBytesExpectedToWrite * 1.0f) * 100)); } success:^(AFAmazonS3ResponseObject *responseObject) { NSLog(@"Upload Complete: %@", responseObject.URL); } failure:^(NSError *error) { NSLog(@"Error: %@", error); }];
выдается ошибка: "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.".
Ниже приведен HTTP лог запроса (я не много изменил запросы в целях сокрытия приватных данных, так что не удивляйтесь, если хеши не будут совпадать с контентом):
Ниже приведен HTTP лог запроса (я не много изменил запросы в целях сокрытия приватных данных, так что не удивляйтесь, если хеши не будут совпадать с контентом):
POST /a/b/c/d/My+File.json HTTP/1.1
Host: s3.eu-central-1.amazonaws.com
User-Agent: MyCocoaApp/1.0 (Mac OS X Version 10.8.5 (Build 12F45))
Content-Length: 793
Accept: */*
Accept-Language: ru;q=1, en;q=0.9, ja;q=0.8, fr;q=0.7, de;q=0.6, es;q=0.5
Content-Type: multipart/form-data; boundary=Boundary+0C9D56BF907B51EC
x-amz-security-token: AQoDYXdzEFsawAMCfo1M0/nXljnupS0+Raxm7kv/qxPK1XRzFPJ0QlWYi09LZ1mas7ZXv6W9J/8zy1WJmia6OX0s8y9PvnHUzWUx4RpUloMsutfrsj+Kh7e0Jh+2WojvgJCFN02EKzmh1ZEYSXUY2O81n8G8uHL7g3J549Bg2V6JFjcL12yC/guT+3so/6wZaOSNgn3dHPa3YZMUL7tkXhmfeLA8f+yYM+eCHoWCXgQYKZLWFardMfMV7TqJB7WUDr12tg4vECNfG7vRf3hHgkKQ6y4ZabMvQmmXG8qHRx8gkenZmp1u1MzowmGdLnJ8/vQh+eCdjWDNwPStY5Ps3tzBK96oiBtvb7YbwEE6/waWcODgVyyIJimDGwUBXfKzX6GaWNTtIXLiG3h+pKIyq+lzpZT6XEWDAFvljx0CcAIb2jHmgSrhvDZz8ASrDUDyUpxTyxwFWSUez4cO+13ag+20u+sfKiN+nJZERHL1LIMtWabyvEDWkGY07uypf+auaBcai1BZ4UAX6EQJHTKM9uXNQUyz8ONSnGm+MEnwe51SxIM5CPBwH2N0kXW6vFcYKqe+xlFkw3/vIiI6cZJwXDxJAj3DJhu4SsDCIMz/4aYF
Authorization: AWS ASIAI3GPOMKXMIWL2KIQ:x9I3eV7zIUUa4EaFmY+xmqirOIg=
Date: Mon, 09 Feb 2015 09:37:16 GMT
Accept-Encoding: gzip, deflate
Connection: keep-alive
--Boundary+0C9D56BF907B51EC
Content-Disposition: form-data; name="key"
My File.json
--Boundary+0C9D56BF907B51EC
Content-Disposition: form-data; name="file"; filename="My File.json"
Content-Type: text/plain
{
"a" : {
"b" : 3,
"c" : "x",
"d" : "t",
"e" : {
"f" : "",
"g" : "u"
},
"h" : "2015-02-03 03:58:55",
"i" : "2",
"j" : "z",
"k" : {
},
"l" : "y",
"m" : {
},
"n" : 0,
"o" : "2015-02-03 03:58:17",
"p" : "v"
},
"q" : [
{
"r" : "w",
"s" : 1
}
]
}
--Boundary+0C9D56BF907B51EC--
HTTP/1.1 400 Bad Request
x-amz-request-id: B1556430141190BA
x-amz-id-2: Qo/VHhNQ16dAp9WXLjpXVthNxRg0zVOKdUM+MNmGo85XGj9sO88SwnzIHcqO+fWCbQ8usMSDfF8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Mon, 09 Feb 2015 09:37:16 GMT
Connection: close
Server: AmazonS3
144
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidRequest</Code><Message>The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.</Message><RequestId>B1556430141190BA</RequestId><HostId>Qo/VHhNQ16dAp9WXLjpXVthNxRg0zVOKdUM+MNmGo85XGj9sO88SwnzIHcqO+fWCbQ8usMSDfF8=</HostId></Error>
0
Дело в том, что Amazon S3 перешёл на протокол аутентификации Signature Version 4.
AWS4-HMAC-SHA256 также известен как "V4,".
Ниже приведен пример HTTP запроса по новому протоколу аутентификации. Запрос делается через aws-cli:
aws --endpoint-url http://s3.eu-central-1.amazonaws.com s3 cp ~/Documents/My\ File.json s3://example.com/a/b//My\ File.json
PUT /example.com/a/b//My%20File.json HTTP/1.1
Host: s3.eu-central-1.amazonaws.com
Accept-Encoding: identity
X-Amz-Content-SHA256: 70497183ca73f06f57f69428ec906b4e2bb72d6d5bdcb192bfb95eafe8e10213
Content-Length: 546
X-Amz-Date: 20150211T112606Z
User-Agent: aws-cli/1.7.4 Python/2.7.9 Darwin/12.6.0
Expect: 100-continue
X-Amz-Security-Token: AQoDYXdzEIz//////////wEawAMq+KF4G6aXp28QEEmKbwzX27nv6y96J4HDgY2GWpzQ2rWNJSbVjjHzP2Dg7eOxj5S8PPzX2499mVAC5+ON5C4BQBzL14k6Syc80cHjRYL+kK6hwd0TqkY8m8gDh42pAhgRBtR4GaBX/u7KDLGoxYBZkHuNJvy37n5O4mmNM+LcSxQuc4Fqcbsws7W3DMuhpp2y/3oZtfcdUlR13++BiNHfNbnj1SSzDRXPOjHwasb4Av4/QFpwmBJ7axESyu9W25uI4gjbRk0VWemgJBo8r7fMJdM7i5sGJ6CPIbFZVDJGRcaHIVeEowD5xe5Ftu2G03vjVajEasuRXLMSpSfLb0jrM2saTJ5aLgP8kTU3SAqE+QgKER1vhHdQAq1R7jYU/ZnFUH8mm0sMnakxMt7Gt3IFF07dcGWLNwFso8psZ3mNZYVHD60ISkhijDQt++9JPW9H7zyWXVSdPoJrGBOJ66/bV7f6ispDnPw6JQQHe4TcnXGiGveGTttdGu3vMEK1FeBFpUdZA+MUMgOS7TjQU7znxfhnnPNJyMQ7zWMoIp+UTMFTBYO/Gh7erAVLGyK930FZ8b8AUD/38apk9Ji2kpcPILbs7KYF
Authorization: AWS4-HMAC-SHA256 Credential=ASIAIRAJ3OGMA7RNKAEA/20150211/eu-central-1/s3/aws4_request, SignedHeaders=expect;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=88c87a18989284b2e040cc6902cd47fb8bbbe78259d8052be41407a68fb42c75
HTTP/1.1 100 Continue
{
"a" : {
"b" : 3,
"c" : "x",
"d" : "t",
"e" : {
"f" : "",
"g" : "u"
},
"h" : "2015-02-03 03:58:55",
"i" : "2",
"j" : "z",
"k" : {
},
"l" : "y",
"m" : {
},
"n" : 0,
"o" : "2015-02-03 03:58:17",
"p" : "v"
},
"q" : [
{
"r" : "w",
"s" : 1
}
]
}
HTTP/1.1 200 OK
x-amz-id-2: glALECqCJ+WmX1rlOCmlPK96deDhtUmt0YJ4qTGM/LZJ9E8+FQdt7iCBFPhai3BfX25SW2EGAQ4=
x-amz-request-id: 593B32725005D4DD
Date: Wed, 11 Feb 2015 11:26:07 GMT
ETag: "62363c1b964606aa19203af472cca5a4"
Content-Length: 0
Server: AmazonS3
Еще пример:
aws --endpoint-url http://s3.eu-central-1.amazonaws.com s3 ls s3://example.com/a/b/
GET /example.com?delimiter=%2F&prefix=a%2Fb%2F HTTP/1.1 Host: s3.eu-central-1.amazonaws.com Accept-Encoding: identity X-Amz-Content-SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Authorization: AWS4-HMAC-SHA256 Credential=ASIAIHRUDIHJCIBTRSBQ/20150209/eu-central-1/s3/aws4_request, SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=4fe9fe9b9de1db72c6486710687ab031c6068a0bf5e3e4aad65c172f020ced5a X-Amz-Security-Token: AQoDYXdzEFoawAMwl9XbwL3CCHGj7NFTuZAcxMrY10MYaFl94gTZxXZ10O6O36W4GleLIWNKyEcWAiIGKVjK8U8dw/7eIj4CoBfOFcQjfDfCQA/ybJMKFt/RkPlHw5W44c/QvxpuT1HqxNZPcveTwm06HQ2IyIXXwr19BI8VRvvk5S5qGGGnxBoaBohSNu5d9EJIyoQBD5la/gVU/5S8KhHnFWGHcQx/8gA9REBydOOMAYWvMHs5as26zoMRH9HW+4mYGuznjtoelxymx1qMEFaNr2M1GMT8DctbV63ovUyHQ1wPs8rf8VMmzJWgDq8ZUtJ5TeLfB86PkNBOsrajA2b+OQ5SVddyt+c/uaajLf50j/XiX9TpS9vAydNvTBLooBacOjztgxF2Gff/dLKIVXQ6J9zPGfjFd307GKiH0eCh0gYe2jNhndzcvMvlyPEW1rGKNdqDEM4lt4kXpl51cga7sV7dwkomMqclUYDRO6PZfYGCl2tKZ5UsA5j7GDDXzePoW81E0PPykyxHVMKl+boPxY3zfO9fw7GIxaL9AOmGcnwgkRYn4DRb2IOK/hMTpnApr84hi3qZ8EbGyikZ6+R3NhhAdCoC/EmnIOv34aYF X-Amz-Date: 20150209T092426Z User-Agent: aws-cli/1.7.4 Python/2.7.9 Darwin/12.6.0 HTTP/1.1 200 OK x-amz-id-2: sTN9CgSTy7tzKVdMTTrpn/rzwgdPTiYrljh63VBoRrrvDzAaQsfyWy5VeFW6N/mEQarTgZ32W7o= x-amz-request-id: BC547C82DA40A848 Date: Mon, 09 Feb 2015 09:24:28 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 107 <?xml version="1.0" encoding="UTF-8"?> <ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>example.com</Name><Prefix>a/b/</Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><Delimiter>/</Delimiter><IsTruncated>false</IsTruncated></ListBucketResult> 0
Протокол Signature Version 4 требует чтобы тело запроса было подписано для дополнительной безопасности. Сигнатура создается с помощью access keys (access key ID, secret access key). Если вы используете temporary security credentials, то также понадобится security token.
Для того чтобы избежать подделки запроса во время передачи, для вычисления сигнатуры также используются некоторые элементы запроса.
Есть два способа предоставить аутентификационную информацию:
- HTTP Authorization header
- Query string parameters
To be continued...
--
