Classic ASP amazon s3 rest authorisation

前端 未结 3 2154
夕颜
夕颜 2021-02-07 20:33

I am confused on what I am doing wrong here...



        
相关标签:
3条回答
  • 2021-02-07 20:50

    Thank you so much for this question, it has been such a great help to start my WSH/VBScript for my S3 backup service ;-)

    I do not have much time, so I will not go through the details of the things I have changed from Chris' code, but please find below my little prototype script which works perfectly ;-)

    This is just a WSH/VBScript, so you do not need IIS to run it, you just need to paste the content in a file with the ".vbs" extension, and you can then directly execute it ;-)

    Option Explicit
    '-- Amazon Web Services > My Account > Access Credentials > Access Keys --'
    Dim strAccessKeyID: strAccessKeyID = "..."
    Dim strSecretAccessKey: strSecretAccessKey = "..."
    '-- Parameters: --'
    Dim strLocalFile: strLocalFile = "..."
    Dim strRemoteFile: strRemoteFile = "..."
    Dim strBucket: strBucket = "..."
    '-- Authentication: --'
    Dim strNowInGMT: strNowInGMT = NowInGMT()
    Dim strStringToSign: strStringToSign = _
      "PUT" & vbLf & _
      "" & vbLf & _
      "text/xml" & vbLf & _
      strNowInGMT & vbLf & _
      "/" & strBucket + "/" & strRemoteFile
    Dim strSignature: strSignature = ConvertBytesToBase64(HMACSHA1(strSecretAccessKey, strStringToSign))
    Dim strAuthorization: strAuthorization = "AWS " & strAccessKeyID & ":" & strSignature
    '-- Upload: --'
    Dim xhttp: Set xhttp = CreateObject("MSXML2.ServerXMLHTTP")
    xhttp.open "PUT", "http://" & strBucket & ".s3.amazonaws.com/" & strRemoteFile, False
    xhttp.setRequestHeader "Content-Type", "text/xml"
    xhttp.setRequestHeader "Date", strNowInGMT 'Yes, this line is mandatory ;-) --'
    xhttp.setRequestHeader "Authorization", strAuthorization
    xhttp.send GetBytesFromFile(strLocalFile)
    If xhttp.status = "200" Then
      WScript.Echo "The file has been successfully uploaded ;-)"
    Else
      WScript.Echo "There was an error :-(" & vbCrLf & vbCrLf & _
      xhttp.responseText
    End If
    Set xhttp = Nothing
    '-- NowInGMT ------------------------------------------------------------------'
    Function NowInGMT()
      'This is probably not the best implementation, but it works ;-) --'
      Dim sh: Set sh = WScript.CreateObject("WScript.Shell")
      Dim iOffset: iOffset = sh.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias")
      Dim dtNowGMT: dtNowGMT = DateAdd("n", iOffset, Now())
      Dim strDay: strDay = "NA"
      Select Case Weekday(dtNowGMT)
        Case 1 strDay = "Sun"
        Case 2 strDay = "Mon"
        Case 3 strDay = "Tue"
        Case 4 strDay = "Wed"
        Case 5 strDay = "Thu"
        Case 6 strDay = "Fri"
        Case 7 strDay = "Sat"
        Case Else strDay = "Error"
      End Select
      Dim strMonth: strMonth = "NA"
      Select Case Month(dtNowGMT)
        Case 1 strMonth = "Jan"
        Case 2 strMonth = "Feb"
        Case 3 strMonth = "Mar"
        Case 4 strMonth = "Apr"
        Case 5 strMonth = "May"
        Case 6 strMonth = "Jun"
        Case 7 strMonth = "Jul"
        Case 8 strMonth = "Aug"
        Case 9 strMonth = "Sep"
        Case 10 strMonth = "Oct"
        Case 11 strMonth = "Nov"
        Case 12 strMonth = "Dec"
        Case Else strMonth = "Error"
      End Select
      Dim strHour: strHour = CStr(Hour(dtNowGMT))
      If Len(strHour) = 1 Then strHour = "0" & strHour End If
      Dim strMinute: strMinute = CStr(Minute(dtNowGMT))
      If Len(strMinute) = 1 Then strMinute = "0" & strMinute End If
      Dim strSecond: strSecond = CStr(Second(dtNowGMT))
      If Len(strSecond) = 1 Then strSecond = "0" & strSecond End If
      Dim strNowInGMT: strNowInGMT = _
        strDay & _
        ", " & _
        Day(dtNowGMT) & _
        " " & _
        strMonth & _
        " " & _
        Year(dtNowGMT) & _
        " " & _
        strHour & _
        ":" & _
        strMinute & _
        ":" & _
        strSecond & _
        " +0000"
      NowInGMT = strNowInGMT
    End Function
    '-- GetBytesFromString --------------------------------------------------------'
    Function GetBytesFromString(strValue)
      Dim stm: Set stm = CreateObject("ADODB.Stream")
      stm.Open
      stm.Type = 2
      stm.Charset = "ascii"
      stm.WriteText strValue
      stm.Position = 0
      stm.Type = 1
      GetBytesFromString = stm.Read
      Set stm = Nothing
    End Function
    '-- HMACSHA1 ------------------------------------------------------------------'
    Function HMACSHA1(strKey, strValue)
      Dim sha1: Set sha1 = CreateObject("System.Security.Cryptography.HMACSHA1")
      sha1.key = GetBytesFromString(strKey)
      HMACSHA1 = sha1.ComputeHash_2(GetBytesFromString(strValue))
      Set sha1 = Nothing
    End Function
    '-- ConvertBytesToBase64 ------------------------------------------------------'
    Function ConvertBytesToBase64(byteValue)
      Dim dom: Set dom = CreateObject("MSXML2.DomDocument")
      Dim elm: Set elm = dom.CreateElement("b64")
      elm.dataType = "bin.base64"
      elm.nodeTypedValue = byteValue
      ConvertBytesToBase64 = elm.Text
      Set elm = Nothing
      Set dom = Nothing
    End Function
    '-- GetBytesFromFile ----------------------------------------------------------'
    Function GetBytesFromFile(strFileName)
      Dim stm: Set stm = CreateObject("ADODB.Stream")
      stm.Type = 1 'adTypeBinary --'
      stm.Open
      stm.LoadFromFile strFileName
      stm.Position = 0
      GetBytesFromFile = stm.Read
      stm.Close
      Set stm = Nothing
    End Function
    

    Dear stone-edge-technology-VBScript-mates (*), let me know if it is working for you as well ;-)

    (*) This is a reference to the comment from Spudley, see above ;-)

    0 讨论(0)
  • 2021-02-07 21:07

    I'd like to explain how S3 Rest Api works as far as I know.
    First, you need to learn what should be the string to sign Amazon accepts.

    Format :

    StringToSign = HTTP-Verb + "\n" +
        Content-MD5 + "\n" +
        Content-Type + "\n" +
        Date + "\n" +
        CanonicalizedAmzHeaders +
        CanonicalizedResource;
    

    Generating signed string :

    Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
    

    Passing authorization header:

    Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
    

    Unfortunately you'll play byte to byte since there is no any SDK released for classic asp. So, should understand by reading the entire page http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html

    For string to sign as you can see above in format, there are three native headers are reserved by the API. Content-Type, Content-MD5 and Date. These headers must be exists in the string to sign even your request hasn't them as empty without header name, just its value. There is an exception, Date header must be empty in string to sign if x-amz-date header is already exists in the request. Then, If request has canonical amazon headers, you should add them as key-value pairs like x-amz-headername:value. But, there is another exception need to be considered for multiple headers. Multiple headers should combine to one header with values comma separated.

    Correct

    x-amz-headername:value1,value2

    Wrong

    x-amz-headername:value1\n
    x-amz-headername:value2

    Most importantly, headers must be ascending order by its group in the string to sign. First, reserved headers with ascending order, then canonical headers with ascending order.

    I'd recommend using DomDocument functionality to generate Base64 encoded strings. Additionally instead of a Windows Scripting Component (.wsc files), you could use .Net's interops such as System.Security.Cryptography to generating keyed hashes more effectively with power of System.Text. All of these interoperabilities are available in today's IIS web servers.
    So, as an example I wrote the below script just sends a file to bucket you specified. Consider and test it.
    Assumed local file name is myimage.jpg and will be uploaded with same name to root of the bucket.

    <script language="javascript" runat="server">
    function GMTNow(){return new Date().toGMTString()}
    </script>
    
    <%
    Const AWS_BUCKETNAME = "uk-bucketname"
    Const AWS_ACCESSKEY = "GOES HERE"
    Const AWS_SECRETKEY = "SECRET"
    
    LocalFile = Server.Mappath("/test.jpg")
    
    Dim sRemoteFilePath
        sRemoteFilePath = "/files/test.jpg" 'Remote Path, note that AWS paths (in fact they aren't real paths) are strictly case sensitive
    
    Dim strNow
        strNow = GMTNow() ' GMT Date String
    
    Dim StringToSign
        StringToSign = Replace("PUT\n\nimage/jpeg\n\nx-amz-date:" & strNow & "\n/"& AWS_BUCKETNAME & sRemoteFilePath, "\n", vbLf)
    
    Dim Signature
        Signature = BytesToBase64(HMACSHA1(AWS_SECRETKEY, StringToSign))
    
    Dim Authorization
        Authorization = "AWS " & AWS_ACCESSKEY & ":" & Signature
    
    Dim AWSBucketUrl
        AWSBucketUrl = "https://" & AWS_BUCKETNAME & ".s3.amazonaws.com"
    
    With Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
        .open "PUT", AWSBucketUrl & sRemoteFilePath, False
        .setRequestHeader "Authorization", Authorization
        .setRequestHeader "Content-Type", "image/jpeg"
        .setRequestHeader "Host", AWS_BUCKETNAME & ".s3.amazonaws.com"  
        .setRequestHeader "x-amz-date", strNow
        .send GetBytes(LocalFile) 'Get bytes of local file and send
        If .status = 200 Then ' successful
            Response.Write "<a href="& AWSBucketUrl & sRemoteFilePath &" target=_blank>Uploaded File</a>"
        Else ' an error ocurred, consider xml string of error details
            Response.ContentType = "text/xml"
            Response.Write .responseText
        End If
    End With
    
    Function GetBytes(sPath)
        With Server.CreateObject("Adodb.Stream")
            .Type = 1 ' adTypeBinary
            .Open
            .LoadFromFile sPath
            .Position = 0
            GetBytes = .Read
            .Close
        End With
    End Function
    
    Function BytesToBase64(varBytes)
        With Server.CreateObject("MSXML2.DomDocument").CreateElement("b64")
            .dataType = "bin.base64"
            .nodeTypedValue = varBytes
            BytesToBase64 = .Text
        End With
    End Function
    
    Function HMACSHA1(varKey, varValue)
        With Server.CreateObject("System.Security.Cryptography.HMACSHA1")
            .Key = UTF8Bytes(varKey)
            HMACSHA1 = .ComputeHash_2(UTF8Bytes(varValue))
        End With
    End Function
    
    Function UTF8Bytes(varStr)
        With Server.CreateObject("System.Text.UTF8Encoding")
            UTF8Bytes = .GetBytes_4(varStr)
        End With
    End Function
    %>
    


    0 讨论(0)
  • 2021-02-07 21:08

    The Amazon Signature must be url encoded in a slightly different way to what VBSCript encodes. The following function will encode the result correctly:

    JScript Version:

    function amazonEncode(s)
    {
        return Server.UrlEncode(s).replace(/\+/g,"%20").replace(/\%2E/g,".").replace(/\%2D/g,"-").replace(/\%7E/g,"~").replace(/\%5F/g,"_");
    }
    

    VBScript Version:

    function amazonEncode(s)
        dim retval
        retval = Server.UrlEncode(s)
        retval = replace(retval,"+","%20")
        retval = replace(retval,"%2E",".")
        retval = replace(retval,"%2D","-")
        retval = replace(retval,"%7E","~")
        retval = replace(retval,"%5F","_")
        amazonEncode = retval
    end function
    

    As for base64, I used .NET's already built functionality for it. I had to create a DLL to wrap it, so that I could use it from JScript (or VBScript).

    Here's how to create that dll:

    Download the free C# 2010 Express and install it.
    You also need to use two other tools that you won’t have a path to, so you will need to add the path to your PATH environment variable, so at a cmd prompt search for regasm.exe, guidgen.exe and sn.exe (you might find several versions – select the one with the latest date).
    •   cd\
    •   dir/s regasm.exe
    •   dir/s sn.exe
    •   dir/s guidgen.exe
    
    
    So as an example, a COM object that has just one method which just returns “Hello”:
    Our eventual aim is to use it like this:
    <%@Language=JScript%>
    <%
    var x = Server.CreateObject("blah.whatever");
    Response.Write(x.someMethod());
    %>
    
    or 
    
    <%@Language=VBScript%>
    <%
    dim x
    set x = Server.CreateObject("blah.whatever")
    Response.Write x.someMethod()
    %>
    
    •   Start C# and create a new project
    •   Select “Empty Project”
    •   Give it a name – this becomes the namespace by default (the blah in the sample above)
    •   Next save the project (so you know where to go for the next bit).  This will create a folder structure like so:
    o   blah    this contains your solution files that the editor needs (blah.sln etc)
       blah    this contains your source code and project files
    •   bin
    o   Debug           the compiled output ends up here
    •   Next, using the cmd console, navigate to the root blah folder and create a key pair file:
       sn –k key.snk
    •   Next you need a unique guid (enter guidgen at the cmd prompt)
    o   Select registry format
    o   Click “New Guid”
    o   Click “Copy”
    •   Back to C# editor – from the menu, select Project – Add Class
    •   Give it a name – this is the whatever in the sample above
    •   After the opening brace just after the namespace line type:
       [GuidAttribute(“paste your guid here”)]
       remove the curly brackets from your pasted guid
    •   You will need to add another “using” at the top
      using System.Runtime.InteropServices;
    •   Finally you need to create someMethod
    
    The final C# code looks like this (the bits in red may be different in your version):
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Runtime.InteropServices;
    
    namespace blah
    {
        [GuidAttribute("AEF4F27F-9E97-4189-9AD5-64386A1699A7")]
        public class whatever
        {
            public string someMethod()
            {
                return "Hello";
            }
        }
    }
    
    •   Next, from the menu, select Project – Properties
    o   On the left, select Application and, for the Output type dropdown, select “Class Library”
    o   On the left, select Signing and tick the “Sign the assembly” box, then browse to the key.snk file you made earlier
    o   Save the properties (CTRL-S)
    •   Next build the dll (Press F6) – This will create a dll in the Debug folder
    •   Open a cmd window as administrator (right click cmd.exe and select “Run as Administrator”)
    •   Navigate to the Debug folder and enter the following to register the assembly:
      regasm blah.dll /tlb:blah.tlb /codebase blah
    
    That’s it – the above is a genuine COM component and will work in other applications, the example below allows for event handling and only really works in ASP due to the default property mechanism of ASP:
    

    The code for the base64 stuff would be:

        // returns a base 64 encoded string that has been encrypted with SHA256
        // parameters:
        //  s   string to encrypt
        //  k   key to use during encryption
        public string getBase64SHA256(string s, string k)
        {
            HMACSHA256 sha = new HMACSHA256();
            System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
            sha.Key = encoding.GetBytes(k);
            byte[] hashBytes = sha.ComputeHash(encoding.GetBytes(s));
            return System.Convert.ToBase64String(hashBytes);
        }
    
        // returns a base 64 encoded string that has been encrypted with SHA1
        // parameters:
        //  s   string to encrypt
        //  k   key to use during encryption
        public string getBase64SHA1(string s, string k)
        {
            HMACSHA1 sha = new HMACSHA1();
            System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
            sha.Key = encoding.GetBytes(k);
            byte[] hashBytes = sha.ComputeHash(encoding.GetBytes(s));
            return System.Convert.ToBase64String(hashBytes);
        }
    

    You would need the relevant usings:

    using System.Security.Cryptography;
    

    The signature in full must have all the query string name-value pairs in alphabetical order before computing the SHA and base64. Here is my version of the signature creator function:

    function buildAmazonSignature(host,req,qstring)
    {
        var str="", i, arr = String(qstring).split("&");
    
        for (i=0; i<arr.length; i++)
            arr[i] = arr[i].split("=");
        arr.sort(amazonSortFunc);
    
        for (i=0; i<arr.length; i++)
        {
            if (str != "")
                str += "&";
    
            str += arr[i][0] + "=" + arr[i][1];
        }
    
        str = "GET\n"+host+"\n"+req+"\n"+str;
    
        var utils = Server.CreateObject("FMAG.Utils");
        var b64 = utils.getBase64SHA256(str, "xxxxxxxxxx");
        utils = null;
    
        return amazonEncode(b64);
    }
    
    function amazonSortFunc(a,b)
    {
        return (a[0]<b[0])?-1:((a[0]>b[0])?1:0);
    }
    

    VBScript doesn't have a very good array sort facility, so you'll have to work that one out yourself - sorry

    Also I have the timestamp in this format:

    YYYY-MM-DDTHH:MM:SSZ

    Also the stuff in the query string included the following:

    AWSAccessKeyId
    SignatureMethod
    SignatureVersion
    Version
    Expires
    Action
    

    Hope that helps

    0 讨论(0)
提交回复
热议问题