调用AWS API-Signature，Authentication Header-在Android中使用OkHTTP

2022-03-11 00:00:00 android aws-api-gateway java

我正在尝试使用OkHTTP对Android中的AWS API的HTTP请求进行签名。我使用了这个Question中的代码。AWS的文档一点帮助都没有。我很困惑。这是我到目前为止找到的唯一易于理解和实现的代码。但它也不能解决我的问题。我没有使用API传递任何数据，它只是我必须调用并接收消息的简单API。

我的代码

AWSCredentials credentials =  new BasicAWSCredentials(access_key_id.trim(), secret_access_key.trim());
String API_GATEWAY_SERVICE_NAME = "execute-api";

Request requestAws = new DefaultRequest(API_GATEWAY_SERVICE_NAME);
URI uri = URI.create(url);
requestAws.setEndpoint(uri);
requestAws.setResourcePath(url);
requestAws.setHttpMethod(HttpMethodName.POST);

AWS4Signer signer = new AWS4Signer();
signer.setServiceName(API_GATEWAY_SERVICE_NAME);
signer.setRegionName("us-east-2");
signer.sign(requestAws, credentials);

OkHttpClient httpClient = new OkHttpClient();
Map<String, String> headers = requestAws.getHeaders();
List<String> key = new ArrayList<String>();
List<String> value = new ArrayList<String>();

for (Map.Entry<String, String> entry : headers.entrySet()) {
   key.add(entry.getKey());
   value.add(entry.getValue());
}

okhttp3.Request request = new okhttp3.Request.Builder()
.url(url)
.addHeader(key.get(0), value.get(0))
.addHeader(key.get(1), value.get(1))
.addHeader(key.get(2), value.get(2))
.build();

Response response = httpClient.newCall(request).execute();

收到错误

{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'GET
/**2nd last part of url ***/**last part of url ***/

host:***.execute-api.us-east-2.amazonaws.com
x-amz-date:20210306T082609Z

host;x-amz-date***signature***'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20210306T082609Z
20210306/us-east-2/execute-api/aws4_request
***signature***'
"}

这是一个简单的代码，但我找不到任何问题。服务器错误也没有帮助。

在服务器端，我没有使用任何内容类型，这就是为什么我没有在头中传递它的原因。这会是个问题吗？我还认为我的requesAws有问题。

这批货可能有问题。我不知道这到底是什么意思，所以我在其中传递了与引用代码中相同的API url。

requestAws.setResourcePath(url);

解决方案

我不推荐编写您自己的SigV4签名器。相反，请尝试将其中一个作为库依赖项拉入。

尝试babbel's OkHttp signer：

dependencies {
    implementation 'com.github.babbel:okhttp-aws-signer:1.0.1'
}

val signer = OkHttpAwsV4Signer("us-east-1", "execute-api")

val client = OkHttpClient.Builder()
    .addInterceptor { chain ->
        val original = chain.request()
        val signed = signer.sign(original, accessKeyId, accessKey)
        chain.proceed(signed)
    }
    .build()

或Ghedeon's：

repositories {
    maven {
        url "http://dl.bintray.com/ghedeon/maven"
    }
}

...

dependencies {
    implementation 'com.ghedeon:aws-interceptor:0.6'
}

val interceptor = AwsInterceptor(credentialsProvider, serviceName, region)
 
val okHttpClient = new OkHttpClient.Builder()
    .addInterceptor(interceptor)
    .build()

后者uses the AWS Android SDK under the hood。如果您使用的是Amazon Cognito，则可以为credentialsProvider参数提供AWSMobileClient.getInstance()。

val okHttpClient = new OkHttpClient.Builder()
    .addInterceptor(AwsInterceptor(
        AWSMobileClient.getInstance(), "execute-api", "us-east-1"
    ))
    .build()

相关文章