C#AWS signatureV4对接Amazon接口

embedded/2025/2/21 2:09:44/

马上要放假了,需要抓紧时间测试对接一个三方接口,对方是使用Amazon服务的,国内不多见,能查的资(代)料(码),时间紧比较紧,也没有时间去啃Amazon的文档,主要我的英文水平也不行,于是粗略过了两遍文档后下载了Amazon的示例后填入AKSK进行测试,结果返回403 Forbidden,WTF,官网示例都不行?
然后找接口方要了一个示例,用JAVA写的很简单,直接调用了Amazon的sdk签名然后使用HttpClient进行请求,看起来很Easy啊,于是我也安装了AmazonSDK的nuget准备进行dotnet版本的开发。。。然后发现dotnet版本SDK是各种抽象类,而且方法名都差不多,跟Java版本的差很多,同名方法调用不了,在不啃文档花时间以我的能力直接用官方SDK还是太难了。之前不是下载了官方提供的示例吗,我这次把里面的签名算法拷贝了出来,自己调用自己写,仍旧报错。。。
没办法了,找到同事他用python写了一个,调用成功了,WTF?为啥啊
后来总结了一下,开始用的HttpClient,怕有什么问题,于是使用了RestSharp再次尝试,好了!!!
于是我又开始用了HttpClient,签名算法什么的一概不变,还是不行。。。
省略中间各种挣扎,最后使用抓包工具一点点比较两个请求,终于HttpClient成功了。
附上两版代码,另外还有一个坑,HttpClient在header中用Add添加Authorization会报错,需要用

 request.Headers.Authorization = new AuthenticationHeaderValue("AWS4-HMAC-SHA256", authorizationHeader);

RestSharp版本的

public class ApiClient
{private const string AccessKey = "AccessKey ";private const string SecretKey = "SecretKey ";private const string Region = "cn-northwest-1";private const string Service = "execute-api";private const string Url = "https://test.execute-api.cn-northwest-1.amazonaws.com.cn/api/test";private const string ApiKey = "ApiKey";public async Task CallApiAsync(){var client = new RestClient(Url);// 准备请求payload  var payload = new{key=value};var request = new RestRequest("", Method.Post);string jsonPayload = JsonSerializer.Serialize(payload);// 计算payload hash  string payloadHash;using (var sha256 = SHA256.Create()){var bytes = Encoding.UTF8.GetBytes(jsonPayload);var hash = sha256.ComputeHash(bytes);payloadHash = BitConverter.ToString(hash).Replace("-", "").ToLower();}// 获取当前UTC时间  var now = DateTime.UtcNow;var amzDate = now.ToString("yyyyMMddTHHmmssZ");// 设置请求头  request.AddStringBody(jsonPayload, DataFormat.Json);request.AddHeader("Content-Type", "application/json");request.AddHeader("Host", "test.execute-api.cn-northwest-1.amazonaws.com.cn");request.AddHeader("x-amz-content-sha256", payloadHash);request.AddHeader("x-amz-date", amzDate);  // 使用当前UTC时间  request.AddHeader("x-api-key", ApiKey);// 计算签名  var signer = new AWS4RequestSigner(AccessKey, SecretKey);await signer.Sign(request, Service, Region, payloadHash);try{var response = await client.ExecuteAsync(request);Console.WriteLine($"Status Code: {response.StatusCode}");Console.WriteLine($"Response: {response.Content}");}catch (Exception ex){Console.WriteLine($"Error: {ex.Message}");}}
}public class AWS4RequestSigner
{private readonly string _accessKey;private readonly string _secretKey;public AWS4RequestSigner(string accessKey, string secretKey){_accessKey = accessKey;_secretKey = secretKey;}public async Task Sign(RestRequest request, string service, string region, string payloadHash){var amzDate = request.Parameters.First(p => p.Name == "x-amz-date").Value.ToString();var dateStamp = amzDate.Substring(0, 8);// 准备签名所需的字符串  var credentialScope = $"{dateStamp}/{region}/{service}/aws4_request";// 计算签名  var stringToSign = CreateStringToSign(request, credentialScope, amzDate, payloadHash);var signingKey = GetSigningKey(dateStamp, region, service);var signature = CalculateSignature(signingKey, stringToSign);// 构造授权头  var authorizationHeader = $"AWS4-HMAC-SHA256 " +$"Credential={_accessKey}/{credentialScope}, " +$"SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-api-key, " +$"Signature={signature}";Console.WriteLine($"Authorization header: {authorizationHeader}");request.AddHeader("Authorization", authorizationHeader);}private string CreateStringToSign(RestRequest request, string credentialScope, string amzDate, string payloadHash){var canonicalRequest = CreateCanonicalRequest(request, payloadHash);return $"AWS4-HMAC-SHA256\n{amzDate}\n{credentialScope}\n" +CalculateHash(canonicalRequest);}private string CreateCanonicalRequest(RestRequest request, string payloadHash){var canonicalUrl = "/api/test";var canonicalQueryString = "";// 按照错误消息中的顺序构建规范头部  var contentType = request.Parameters.First(p => p.Name == "Content-Type").Value.ToString();var host = request.Parameters.First(p => p.Name == "Host").Value.ToString();var xAmzContentSha256 = request.Parameters.First(p => p.Name == "x-amz-content-sha256").Value.ToString();var xAmzDate = request.Parameters.First(p => p.Name == "x-amz-date").Value.ToString();var xApiKey = request.Parameters.First(p => p.Name == "x-api-key").Value.ToString();var canonicalHeaders =$"content-type:{contentType}\n" +$"host:{host}\n" +$"x-amz-content-sha256:{xAmzContentSha256}\n" +$"x-amz-date:{xAmzDate}\n" +$"x-api-key:{xApiKey}\n";var signedHeaders = "content-type;host;x-amz-content-sha256;x-amz-date;x-api-key";return $"POST\n{canonicalUrl}\n{canonicalQueryString}\n{canonicalHeaders}\n{signedHeaders}\n{payloadHash}";}private byte[] GetSigningKey(string dateStamp, string region, string service){var kSecret = Encoding.UTF8.GetBytes($"AWS4{_secretKey}");var kDate = Sign(dateStamp, kSecret);var kRegion = Sign(region, kDate);var kService = Sign(service, kRegion);return Sign("aws4_request", kService);}private byte[] Sign(string data, byte[] key){using (var hmac = new HMACSHA256(key)){return hmac.ComputeHash(Encoding.UTF8.GetBytes(data));}}private string CalculateSignature(byte[] signingKey, string stringToSign){using (var hmac = new HMACSHA256(signingKey)){var signature = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));return BitConverter.ToString(signature).Replace("-", "").ToLower();}}private string CalculateHash(string text){using (var sha256 = SHA256.Create()){var bytes = Encoding.UTF8.GetBytes(text);var hash = sha256.ComputeHash(bytes);return BitConverter.ToString(hash).Replace("-", "").ToLower();}}
}

以下是HttpClient的

public class ApiClientHttpClient
{private const string AccessKey = "AccessKey";private const string SecretKey = "SecretKey";private const string Region = "cn-northwest-1";private const string Service = "execute-api";private const string Url = "https://test.execute-api.cn-northwest-1.amazonaws.com.cn/api/test";private const string ApiKey = "ApiKey";public async Task CallApiAsync(){using (var client = new HttpClient()){// 准备请求payload  var payload = new{Key=value};string jsonPayload = JsonSerializer.Serialize(payload);// 计算payload hash  string payloadHash = CalculateSha256(jsonPayload);// 获取当前UTC时间  var now = DateTime.UtcNow;var amzDate = now.ToString("yyyyMMddTHHmmssZ");var request = new HttpRequestMessage(HttpMethod.Post, Url){Content = new StringContent(jsonPayload, Encoding.UTF8, "application/json") // 使用UTF8编码和"application/json"内容类型};// 移除默认添加的charset参数request.Content.Headers.ContentType.CharSet = null;//request.Headers.Accept.ParseAdd("application/json");//request.Headers.Accept.ParseAdd("text/json");//request.Headers.Accept.ParseAdd("text/x-json");//request.Headers.Accept.ParseAdd("text/javascript");//request.Headers.Accept.ParseAdd("application/xml");//request.Headers.Accept.ParseAdd("text/xml");//request.Headers.AcceptEncoding.ParseAdd("gzip");//request.Headers.AcceptEncoding.ParseAdd("deflate");//request.Headers.AcceptEncoding.ParseAdd("br");request.Headers.Host = "test.execute-api.cn-northwest-1.amazonaws.com.cn";request.Headers.Add("x-amz-content-sha256", payloadHash);request.Headers.Add("x-amz-date", amzDate);  // 使用当前UTC时间  request.Headers.Add("x-api-key", ApiKey);request.Headers.UserAgent.ParseAdd("test/1.0"); // 替换为你的应用名称和版本// 计算签名  var signer = new AWS4RequestSignerHttpClient(AccessKey, SecretKey);await signer.Sign(request, Service, Region, payloadHash, amzDate);try{var response = await client.SendAsync(request);Console.WriteLine($"Status Code: {response.StatusCode}");Console.WriteLine($"Response: {await response.Content.ReadAsStringAsync()}");}catch (Exception ex){Console.WriteLine($"Error: {ex.Message}");}}}private static string CalculateSha256(string input){using (SHA256 sha256 = SHA256.Create()){byte[] bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(input));return BitConverter.ToString(bytes).Replace("-", "").ToLower();}}
}public class AWS4RequestSignerHttpClient
{private readonly string _accessKey;private readonly string _secretKey;public AWS4RequestSignerHttpClient(string accessKey, string secretKey){_accessKey = accessKey;_secretKey = secretKey;}public async Task Sign(HttpRequestMessage request, string service, string region, string payloadHash, string amzDate){var dateStamp = amzDate.Substring(0, 8);var credentialScope = $"{dateStamp}/{region}/{service}/aws4_request";// 计算签名  var stringToSign = CreateStringToSign(request, credentialScope, amzDate, payloadHash);var signingKey = GetSigningKey(dateStamp, region, service);var signature = CalculateSignature(signingKey, stringToSign);// 构造授权头  var authorizationHeader = $"Credential={_accessKey}/{credentialScope}, " +$"SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-api-key, " +$"Signature={signature}";request.Headers.Authorization = new AuthenticationHeaderValue("AWS4-HMAC-SHA256", authorizationHeader);}private string CreateStringToSign(HttpRequestMessage request, string credentialScope, string amzDate, string payloadHash){var canonicalRequest = CreateCanonicalRequest(request, payloadHash);return $"AWS4-HMAC-SHA256\n{amzDate}\n{credentialScope}\n" + CalculateHash(canonicalRequest);}private string CreateCanonicalRequest(HttpRequestMessage request, string payloadHash){var canonicalUrl = "/api/test";var canonicalQueryString = "";// 按照错误消息中的顺序构建规范头部  var contentType = request.Content.Headers.ContentType?.ToString().Split(';').First();var host = request.Headers.Host;var xAmzContentSha256 = request.Headers.FirstOrDefault(h => h.Key == "x-amz-content-sha256").Value.First();var xAmzDate = request.Headers.FirstOrDefault(h => h.Key == "x-amz-date").Value.First();var xApiKey = request.Headers.FirstOrDefault(h => h.Key == "x-api-key").Value.First();var canonicalHeaders =$"content-type:{contentType}\n" +$"host:{host}\n" +$"x-amz-content-sha256:{xAmzContentSha256}\n" +$"x-amz-date:{xAmzDate}\n" +$"x-api-key:{xApiKey}\n";var signedHeaders = "content-type;host;x-amz-content-sha256;x-amz-date;x-api-key";return $"POST\n{canonicalUrl}\n{canonicalQueryString}\n{canonicalHeaders}\n{signedHeaders}\n{payloadHash}";}private byte[] GetSigningKey(string dateStamp, string region, string service){var kSecret = Encoding.UTF8.GetBytes($"AWS4{_secretKey}");var kDate = Sign(dateStamp, kSecret);var kRegion = Sign(region, kDate);var kService = Sign(service, kRegion);return Sign("aws4_request", kService);}private byte[] Sign(string data, byte[] key){using (var hmac = new HMACSHA256(key)){return hmac.ComputeHash(Encoding.UTF8.GetBytes(data));}}private string CalculateSignature(byte[] signingKey, string stringToSign){using (var hmac = new HMACSHA256(signingKey)){var signature = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));return BitConverter.ToString(signature).Replace("-", "").ToLower();}}private string CalculateHash(string text){using (var sha256 = SHA256.Create()){var bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(text));return BitConverter.ToString(bytes).Replace("-", "").ToLower();}}
}

主要的问题是Content-Type: application/json不要有charset=utf-8;第二个事需要一个User-Agent,其他的算法对了并且正确的添加到请求中就好了
另外,x-api-key只是我的接口要求字段

文章来源:https://blog.csdn.net/qinweiwen/article/details/145320557
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.ppmy.cn/embedded/158171.html

相关文章

「AI学习笔记」深度学习的起源与发展:从神经网络到大数据(二)

深度学习(DL)是现代人工智能(AI)的核心之一,但它并不是一夜之间出现的技术。从最初的理论提出到如今的广泛应用,深度学习经历了几乎一个世纪的不断探索与发展。今天,我们一起回顾深度学习的历史…

CentOS 7 搭建lsyncd实现文件实时同步 —— 筑梦之路

在 CentOS 7 上搭建 lsyncd(Live Syncing Daemon)以实现文件的实时同步,可以按照以下步骤进行操作。lsyncd 是一个基于 inotify 的轻量级实时同步工具,支持本地和远程同步。以下是详细的安装和配置步骤: 1. 系统准备 …

数据分析学习路线

阶段 1:数学与统计基础 1.1 数学基础 数据分析涉及大量的数学知识,尤其是统计学。虽然你不需要成为数学专家,但一些基本的数学概念对你理解数据分析非常重要。 线性代数: 矩阵运算:理解矩阵乘法、求逆等操作。特征值…

NLP深度学习 DAY4:Word2Vec详解:两种模式(CBOW与Skip-gram)

用稀疏向量表示文本,即所谓的词袋模型在 NLP 有着悠久的历史。正如上文中介绍的,早在 2001年就开始使用密集向量表示词或词嵌入。Mikolov等人在2013年提出的创新技术是通过去除隐藏层,逼近目标,进而使这些单词嵌入的训练更加高效。…

简易CPU设计入门:控制总线的剩余信号(四)

项目代码下载 请大家首先准备好本项目所用的源代码。如果已经下载了,那就不用重复下载了。如果还没有下载,那么,请大家点击下方链接,来了解下载本项目的CPU源代码的方法。 CSDN文章:下载本项目代码 上述链接为本项目…

STM32外设应用

1. 什么是STM32外设? STM32微控制器集成了多种外设,这些外设可以帮助我们实现各种功能,比如控制LED灯、读取传感器数据、与其他设备通信等。常见的外设有GPIO(通用输入输出)、ADC(模数转换器)、…

RAG是否被取代(缓存增强生成-CAG)吗?

引言: 本文深入研究一种名为缓存增强生成(CAG)的新技术如何工作并减少/消除检索增强生成(RAG)弱点和瓶颈。 LLMs 可以根据输入给他的信息给出对应的输出,但是这样的工作方式很快就不能满足应用的需要: 因…

预测不规则离散运动的下一个结构

有一个点在19*19的平面上运动,运动轨迹为 一共移动了90步,顺序为 y x y x y x 0 17 16 30 10 8 60 15 15 1 3 6 31 10 7 61 14 15 2 12 17 32 9 9 62 16 15 3 4 12 33 10 9 63 18 15 4 3 18 34 15 12 6…