All geek questions in one place

Python caption for S3 post

I think I read almost everything that needs to be read in a base-64 encoded signature for the browser, based on the form for S3: old documents and new documents. For instance:

http://doc.s3.amazonaws.com/proposals/post.html

And even found this:

http://s3.amazonaws.com/doc/s3-example-code/post/post_sample.html

Instead of using the above or more dynamic Amazon policy generator or a script with Boto, I try to create a simpler .py script that pulls the JSON policy from the plaintext file (policy.txt) and then generates the necessary base-64 encoded encoding to help me create an HTML form.

The signature itself (which depends on the encoded policy) is NOT encoded correctly ... maybe due to some kind of utf-8 or ascii problem or \ n (new line)?

script The following is the AWS private_key policy and private key from the AWS test case, which I use to see if this script works. A properly encoded signature - as indicated by Amazon - is included in the script below for reference.

Can someone tell me why the signature computed below does not match the reference signature provided by Amazon:

In other words:

Why is this encoded correctly:

 policy_encoded = base64.b64encode(policy)

But it is not:

 signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest())

PYTHON signature icon ...

 #!/usr/bin/env python # -*- coding: utf-8 -*- import base64, hmac, sha from sys import argv script, policy = argv private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o' input = open("..Desktop/policy.txt", "rb") policy = input.read() policy_encoded = base64.b64encode(policy) signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest()) print "Your policy base-64 encoded is %s." % (policy_encoded) print "Your signature base-64 encoded is %s." % (signature) print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA="

JSON policy (policy.txt - UTF-8)

 { "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "johnsmith"}, ["starts-with", "$key", "user/eric/"], {"acl": "public-read"}, {"success_action_redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html"}, ["starts-with", "$Content-Type", "image/"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""] ] }
+6
source share
1 answer

I think it depends on the contents of your policy.txt file.

I took the policy from the link ( http://doc.s3.amazonaws.com/proposals/post.html ) and saved it as policy.txt

 { "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "johnsmith" }, ["starts-with", "$key", "user/eric/"], {"acl": "public-read" }, {"redirect": "http://johnsmith.s3.amazonaws.com/successful_upload.html" }, ["starts-with", "$Content-Type", "image/"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""], ] }

To get the same signature, this file must have the same contents.

For reference, when I copied and pasted: MD5 (policy.txt) = 5bce89d9ff799e2064c136d76bc7fc7a

If I use the following script (the same as yours, just edit the file name and remove args )

 #!/usr/bin/env python # -*- coding: utf-8 -*- import base64, hmac, sha private_key = 'uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o' input = open("policy.txt", "rb") policy = input.read() policy_encoded = base64.b64encode(policy) signature = base64.b64encode(hmac.new(private_key, policy_encoded, sha).digest()) print "Your policy base-64 encoded is %s." % (policy_encoded) print "Your signature base-64 encoded is %s." % (signature) print "Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA="

Conclusion:

  Your policy base-64 encoded is
 eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjo
 gWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIiB9LAogICAgWyJzdGFydHMtd2l0aCIsICIka2V5Ii
 wgInVzZXIvZXJpYy8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LAogICAgeyJyZWRpcmVjd
 CI6ICJodHRwOi8vam9obnNtaXRoLnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRt
 bCIgfSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHs
 ieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIi
 R4LWFtei1tZXRhLXRhZyIsICIiXSwKICBdCn0K
 Your signature base-64 encoded is 2qCp0odXe7A9IYyUVqn0w2adtCA =
 Your signature encoded should be 2qCp0odXe7A9IYyUVqn0w2adtCA =

So your code works, I just think you are signing a slightly different policy (differences in spaces)

+5
source

Source: https://habr.com/ru/post/906940/

More articles:


All Articles