错误:InvalidAction上DescribeRegions API调用(亚马逊AWS / EC2 API)亚马逊、错误、InvalidAction、API

由网友(孤傲残雪)分享简介:我正在写一个应用程序来与亚马逊EC2 API互动,因为我以前从来没有这样做,我决定先从一些简单的像DescribeRegions。我在做这在C所以有没有好用的库外面的这个,所以我不得不用的libcurl和libcrypto破解它在一起。全面披露,这是我第一次与AWS / EC2 API交互编程所以这可​​能是一个愚蠢的...

我正在写一个应用程序来与亚马逊EC2 API互动,因为我以前从来没有这样做,我决定先从一些简单的像DescribeRegions。

我在做这在C所以有没有好用的库外面的这个,所以我不得不用的libcurl和libcrypto破解它在一起。全面披露,这是我第一次与AWS / EC2 API交互编程所以这可​​能是一个愚蠢的新手的错误。

我通过计算器读取;这是不一样的question那里的人试图从发送bash的请求,也没有引用字符串。我通过 curl_easy_perform发送请求()





  GET ñ
ec2.amazonaws.com ñ
/ ñ






 < XML版本=1.0编码=UTF-8&GT?;

我正在使用的签名机制是一个简单的hmac_sha256;我也试过在维基百科的文章并可供参考的hmac_sha256库< A HREF =htt​​p://www.ouah.org/ogay/hmac/相对=nofollow>从这里下载。





...添加查询串组件(名称 - 值对,不包括   最初的问号(?)作为它的URL UTF-8字符   EN $ C $根据RFC 3986 CD(十六进制字符必须大写)和   排序使用词典字节顺序。辞书字节序   是区分大小写的。


任何帮助将是最AP preciated。它是否有助于如果我贴完整的源$ C ​​$ C在这里?








动作%3DDescribeRegions%26AWSAccessKeyId%AAAAAAAAAAAA ...

等待。你只urlen code(退出)键和值,而不是分离,建立这个字符串的时候。它应该看起来更像是这样的:

 行动= DescribeRegions和放大器; AWSAccessKeyId = ...

中的例子说明,唯一的逃避,你看到的是像在戳,其中发现:变成%3A = &功放;在查询字符串都没有逃过。你需要构建字符串,而不是前后逃脱键和值。

I'm writing an app to interact with the Amazon EC2 API and since I've never done this before, I decided to start with something easy like DescribeRegions.

I'm doing this in C so there are no easy to use libraries out there for this so I'm having to hack it together with libcurl and libcrypto. Full disclosure, this is the first time I'm interacting with AWS/EC2 API programmatically so this may well be a stupid newbie mistake.

I did read through stackoverflow; this is not the same as the question where the person was trying to send the request from bash and hadn't quoted the string. I'm sending the request through curl_easy_perform()

After reading all the documentation I could find (and for this example, let me replace AAAAAAAAA for my AWS Access Key and BBBBBBB for my secret key.

I construct the parameter part of the signing request as described here which reads:


and proceed to escape that and generate a signing request of


which I then proceed to construct a signature on (let's call it CCCCCCCC)

and come up with a request that reads:


When I send this along, I get the following error.

<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message></Error></Errors><RequestID>585f8932-d27b-42b3-b20e-453d8c7ee1ef</RequestID></Response>

The signing mechanism I'm using is a simple hmac_sha256; I also tried the hmac_sha256 library referenced in the wikipedia article and available for download here.

I've verified that my signing algorithm is correct, now I have to only assume that the string that I'm signing is incorrect.

The documentation (AWS Documentation) is unfortunately less than adequate in this regard.

For example, it reads:

Add the query string components (the name-value pairs, not including the initial question mark (?) as UTF-8 characters which are URL encoded per RFC 3986 (hexadecimal characters must be uppercased) and sorted using lexicographic byte ordering. Lexicographic byte ordering is case sensitive.

What exactly are they asking me to sort here?

Any help would be most appreciated. Would it help if I posted complete source code here?


What exactly are they asking me to sort here?

The keys in a set of key/value pairs have no defined sort order, but since there can only be one correct output of the signing algorithm, there can by definition be only one correct input... and the correct input is a string that is constructed by appending the key/value pairs with the keys sorted.

You sort the keys (names) in the query string when building the string to sign. For example, "AWSAccessKeyId" goes before "SignatureMethod" which goes before "Timestamp," etc. You build the string with the keys sorted.

But I think the other issue you have is this:

proceed to escape that and generate a signing request of

Action%3DDescribeRegions%26AWSAccessKeyId%AAAAAAAAAAAA ...

Wait. You only urlencode (escape) the keys and the values, not the separators, when building this string. It should look more like this:

Action=DescribeRegions&AWSAccessKeyId= ...

Notice in the examples, the only escaping you see are like those found in the timestamp, where : becomes %3A but the = an & in the query string are not escaped. You'll need to escape the keys and values before building the string, not after.


