Last active
February 20, 2016 00:09
-
-
Save ttwd80/a9554e73ee7575584978 to your computer and use it in GitHub Desktop.
s3 post signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html | |
| calculating a signature. | |
| it has a few componenets. | |
| a. security policy | |
| b. secret access key | |
| c. YYYMMMDDD | |
| d. region | |
| e. service | |
| -- | |
| create a function that accepts 5 parameters | |
| if input is 'alpha', 'beta', 'charlie', 'delta', 'echo' | |
| you will get | |
| step 1: YWxwaGE= | |
| 'alpha' in base64 | |
| step 2: 41575334627261766f | |
| "AWS4" + 'beta' in hex | |
| step 3: 00ce876cf352b93ed17012f318cf978432b658a3f6462e76bc918be51a8ea4b0 | |
| HmacSHA256('charlie', byte content of step 2) | |
| step 4: 13673e0e290302747f9a14e8eee353a21f936965a1871ccd78bf5f206028606a | |
| HmacSHA256('delta', byte content of step 3) | |
| step 5: a773894f2252dd5815e525a83bad7dd5c17df6b7415838f0662948eaccb97f29 | |
| HmacSHA256('echo', byte content of step 4) | |
| step 6: 3f9baa134ef279b39da4ab7ff8835662a70b1ac67d88da71540d437cb5488493 | |
| HmacSHA256('aws4_request', byte content of step 5) | |
| step 7: 7b9d11447e7bba48ef0d530f49d82de8adfd7b7ae064b144e6ac60d82166e4a6 | |
| HmacSHA256(step1, byte content of step 6) | |
| result is 7b9d11447e7bba48ef0d530f49d82de8adfd7b7ae064b144e6ac60d82166e4a6 | |
| ==== | |
| another example | |
| "fish", "green", "20160301", "ap-southeast-2", "s3" | |
| step 1:ZmlzaA== | |
| 'fish' in base64 | |
| step 2:41575334677265656e | |
| 'AWS4' + 'green' in hex | |
| step 3:d0dcd115158409d74ea070f20ad61c4651cb86d1a609f74f4964300c258b6dc6 | |
| HmacSHA256('20160301', byte content of step 2) | |
| step 4:5e77c91a5ef8c14d73969c21befdf24c3d6e5ee23d6a2c191500e4ce2321553f | |
| HmacSHA256('ap-southeast-2', byte content of step 3) | |
| step 5:6440c57d0604a90857936d8ab2eea85982060e9a213c86ba1140598e7eb08468 | |
| HmacSHA256('s3', byte content of step 4) | |
| step 6:9f9cce4e141ea8ef162fdef0b904e5260ac826036662cba94edc715690e01f8a | |
| HmacSHA256('aws4_request', byte content of step 5) | |
| step 7:8f32d6d8524397196512e02b6ed9a885d821de49f02d9922a1dd0a718c3150b1 | |
| HmacSHA256('ZmlzaA==', byte content of step 6) | |
| result is 8f32d6d8524397196512e02b6ed9a885d821de49f02d9922a1dd0a718c3150b1 | |
| == | |
| var CryptoJS = require("crypto-js"); | |
| var policy = 'fish'; | |
| var secretKey = 'green'; | |
| var dateStamp = '20160301'; | |
| var regionName = 'ap-southeast-2'; | |
| var serviceName = 's3'; | |
| var policyInBase64 = new Buffer(policy).toString('base64'); | |
| function create_signature(policyInBase64, secretKey, dateStamp, regionName, serviceName) { | |
| var step1 = policyInBase64; | |
| console.log('step 1: ' + step1); | |
| var step2 = "AWS4" + secretKey; | |
| console.log('step 2: ' + new Buffer(step2).toString('hex')); | |
| var step3 = CryptoJS.HmacSHA256(dateStamp, step2); | |
| console.log('step 3: ' + step3.toString(CryptoJS.enc.Hex)) | |
| var step4 = CryptoJS.HmacSHA256(regionName, step3); | |
| console.log('step 4: ' + step4.toString(CryptoJS.enc.Hex)) | |
| var step5 = CryptoJS.HmacSHA256(serviceName, step4); | |
| console.log('step 5: ' + step5.toString(CryptoJS.enc.Hex)) | |
| var step6 = CryptoJS.HmacSHA256('aws4_request', step5); | |
| console.log('step 6: ' + step6.toString(CryptoJS.enc.Hex)) | |
| var step7 = CryptoJS.HmacSHA256(step1, step6); | |
| console.log('result : ' + step7.toString(CryptoJS.enc.Hex)) | |
| } | |
| create_signature(policyInBase64, secretKey, dateStamp, regionName, serviceName); | |
| $ node hash.js | |
| step 1: ZmlzaA== | |
| step 2: 41575334677265656e | |
| step 3: d0dcd115158409d74ea070f20ad61c4651cb86d1a609f74f4964300c258b6dc6 | |
| step 4: 5e77c91a5ef8c14d73969c21befdf24c3d6e5ee23d6a2c191500e4ce2321553f | |
| step 5: 6440c57d0604a90857936d8ab2eea85982060e9a213c86ba1140598e7eb08468 | |
| step 6: 9f9cce4e141ea8ef162fdef0b904e5260ac826036662cba94edc715690e01f8a | |
| result : 8f32d6d8524397196512e02b6ed9a885d821de49f02d9922a1dd0a718c3150b1 | |
| === | |
| minimal policy | |
| {"expiration": "2016-02-19T23:04:44.515Z","conditions": [{"bucket": "titi-wangsa-bucket-1"},{"x-amz-credential": "AKIAI6HWQ3FQQY2DDMPQ/20160219/ap-southeast-2/s3/aws4_request"},{"x-amz-date": "20160219T225944Z"},{"x-amz-algorithm": "AWS4-HMAC-SHA256"},["starts-with", "$key", ""]]} | |
| == | |
| private void populatePost(final HttpPost httpPost) { | |
| final MultipartEntityBuilder builder = MultipartEntityBuilder.create(); | |
| builder.addTextBody("key", "${filename}"); | |
| builder.addTextBody("policy", policyBase64); | |
| builder.addTextBody("x-amz-signature", signature); | |
| builder.addTextBody("x-amz-credential", credential); | |
| builder.addTextBody("x-amz-date", date4); | |
| builder.addTextBody("x-amz-algorithm", "AWS4-HMAC-SHA256"); | |
| final File file = new File("./blank.jpg"); | |
| builder.addBinaryBody("file", file); | |
| final HttpEntity entity = builder.build(); | |
| httpPost.setEntity(entity); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment