我知道在SO上已经提到了大约8个类似标题的问题,但是没有一个问题能帮我解决问题.
所以,我想在这里发表我的问题:
我不断得到这个众所周知的SignatureDoesNotMatch错误,看起来非常简单明了,但我无法解决它,所以请帮忙.
这是我的Java代码抛出此异常:
public static void main(String[] args) {
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider("default").getCredentials();
} catch (Exception e) {
throw new AmazonClientException("Cannot load the credentials from the credential profiles file. "
+ "Please make sure that your credentials file is at the correct "
+ "location (/Users/USERNAME/.aws/credentials), and is in valid format.", e);
}
AmazonElastiCacheClient client = new AmazonElastiCacheClient(credentials);
client.setRegion(Region.getRegion(Regions.AP_NORTHEAST_2));
DescribeCacheClustersRequest dccRequest = new DescribeCacheClustersRequest();
dccRequest.setShowCacheNodeInfo(true);
DescribeCacheClustersResult clusterResult = client.describeCacheClusters(dccRequest);
上面代码段中的最后一行继续抛出以下堆栈跟踪:
Exception in thread "main" com.amazonaws.services.elasticache.model.AmazonElastiCacheException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/
amz-sdk-invocation-id:84ad8256-0ff0-343d-2f8d-6794d303d9c3
amz-sdk-retry:3/246/485
host:elasticache.ap-northeast-2.amazonaws.com
user-agent:aws-sdk-java/1.11.75 Mac_OS_X/10.11.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.102-b14/1.8.0_102
x-amz-date:20161231T043533Z
amz-sdk-invocation-id;amz-sdk-retry;host;user-agent;x-amz-date
2747a03a915959eb5776c08ca15deccb190033381677a3b9dbaf8fc42fa54a0c'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20161231T043533Z
20161231/ap-northeast-2/elasticache/aws4_request
3e08746ee0b6cb44c7dcbbef810682adade54dbcc143688a47890a7baa90577a' (Service: AmazonElastiCache; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: 910c6c16-cf12-11e6-bf57-4b2610895ff0)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1586)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1254)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:747)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:721)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:704)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:672)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:654)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:518)
at com.amazonaws.services.elasticache.AmazonElastiCacheClient.doInvoke(AmazonElastiCacheClient.java:2725)
at com.amazonaws.services.elasticache.AmazonElastiCacheClient.invoke(AmazonElastiCacheClient.java:2701)
at com.amazonaws.services.elasticache.AmazonElastiCacheClient.describeCacheClusters(AmazonElastiCacheClient.java:1431)
at sporadic.AmazonElastiCacheClientExample.main(AmazonElastiCacheClientExample.java:44)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
我的规格:
aws-java-sdk是1.11.75(最新版本是2016年12月30日).
java:1.8.0_102
此外,我在/.aws/credentials使用相同的凭据从Chrome登录AWS控制台,我能够很好地查看我的Elasticache实例.
所以我认为我的证书没有任何问题.
请帮忙.
我还在Github上发布了我的问题:https://github.com/aws/aws-sdk-java/issues/967
最佳答案 我使用AWS Java SDK 1.11.75针对各种Java 7和8运行时测试了您的代码,并且代码在所有情况下都运行良好.所以,我认为代码很好.
但是,我能够通过故意使用坏密钥访问密钥来重现问题.您的访问密钥ID和秘密访问密钥是否都正确?