node.js - NodeJS pre-signed URLs for Secure S3 Downloads - Help w/simple spec -

-



looking review of flow can pinpoint signing calculation going wrong.

the main issue in generating signing key , signature--the hashing of canonical request seems match reference here http://docs.aws.amazon.com/amazons3/latest/api/sigv4-query-string-auth.html

the sha256hmac , getsignature functions this:

function sha256hmac(key, string, encoding = 'hex') {   return crypto.createhmac('sha256', key).update(string, 'utf8').digest(encoding); };  function getsignature(stringtosign, signingdates) {    const datekey              = sha256hmac('aws4' + s3_secret_key, signingdates.shortdate);   const dateregionkey        = sha256hmac(datekey, s3_region);   const dateregionservicekey = sha256hmac(dateregionkey, s3_service);   const signingkey           = sha256hmac(dateregionservicekey, s3_request_type);    const signature = sha256hmac(signingkey, stringtosign);    return signature;  }

thanks looking!

the fix:

// remove default hex encoding function sha256hmac(key, string, encoding) {   return crypto.createhmac('sha256', key).update(string, 'utf8').digest(encoding); };  function getsignature(stringtosign, signingdates) {    // not supply encoding argument sha256hmac()   // each of these return buffer   const datekey              = sha256hmac('aws4' + s3_secret_key, signingdates.shortdate);   const dateregionkey        = sha256hmac(datekey, s3_region);   const dateregionservicekey = sha256hmac(dateregionkey, s3_service);   const signingkey           = sha256hmac(dateregionservicekey, s3_request_type);    // output hex encoding here   const signature = sha256hmac(signingkey, stringtosign, 'hex');    return signature;  }

did not grok https://nodejs.org/api/crypto.html#crypto_hmac_digest_encoding

calculates hmac digest of of data passed using hmac.update(). encoding can 'hex', 'latin1' or 'base64'. if encoding provided string returned; otherwise buffer returned;

the hmac object can not used again after hmac.digest() has been called. multiple calls hmac.digest() result in error being thrown.





wiki

Comments

Post a Comment

Popular posts from this blog

python - Read npy file directly from S3 StreamingBody -

-
i have many .npy (numpy) , .json files saved in s3, need download , load these files. for json files downloading files , loading dictionary using following code: obj = s3.object(bucket, key) response = obj.get() body = response['body'].read().decode('utf-8') data = json.loads(body) that way avoid writing .json file disk , reading it. now want same .npy files, equivalent? currently downloading file, saving temp file on disk , loading np.load avoid if possible. following https://stackoverflow.com/a/28196540/3509999 : obj = s3.object(bucket, key) io.bytesio(obj.get()["body"].read()) f: # rewind file f.seek(0) arr = np.load(f) wiki
Read more

kotlin - Out-projected type in generic interface prohibits the use of metod with generic parameter -

-
i start using kotlin , defined interface this: interface aadapter<vh : recyclerview.viewholder> { fun oncreateaviewholder(parent: viewgroup): vh fun onbindaviewholder(v: vh, position: int) } and when try use on code: class klasa ( private val adapter: aadapter<*> ) { fun dosth(){ //... val vh = this.adapter.oncreateaviewholder(parent) //on below line error adapter.onbindaviewholder(v, position) //... } } i error out-projected type 'aadapter<*>' prohibits use of 'public abstract fun onbindaviewholder(v: t, position: int): unit i tied add "in" or "out" definition i'm confused. how allow it. replace aadapter<*> aadapter<recyclerview.viewholder> . class klasa ( private val adapter: aadapter<recyclerview.viewholder> ) { // ... because have declared aadapter has type parameter vh type subclass of recyclerview....
Read more

Asterisk AGI Python Script to Dialplan does not work -

-
i'm stuck project have check database of sip extension incoming caller id , dial sip extension. below receive when run script on asterisk cli. -- registered sip '9125' @ 192.168.1.102:50142 > saved useragent "zoiper rv2.8.40" peer 9125 [2017-08-22 13:53:33] notice[5095]: chan_sip.c:24558 handle_response_peerpoke: peer '9125' reachable. (17ms / 2000ms) == using sip rtp tos bits 184 == using sip rtp cos mark 5 -- executing [0112617769@from-trunk:1] answer("sip/obitrunk1-0000000d", "") in new stack > 0x1ca50d0 -- probation passed - setting rtp source address 192.168.1.98:16834 -- executing [0112617769@from-trunk:2] agi("sip/obitrunk1-0000000d", "test.py") in new stack -- launched agi script /var/lib/asterisk/agi-bin/test.py args: ['/var/lib/asterisk/agi-bin/test.py'] env line: agi_request: test.py env line: agi_channel: sip/obitrunk1-0000000d env line: agi_language: en env line: a...
Read more