snaka/s3upload_signature_v4.rb

## s3upload_signature_v4.rb
#
# POST with signature v4
#
require "base64"
require "openssl"
require "digest/sha1"
require "time"

aws_access_key_id = ENV["AWS_ACCESS_KEY_ID"]
aws_secret_key = ENV["AWS_SECRET_ACCESS_KEY"]

acl = "public-read"
s3_bucket = "mybucket"
current_time = Time.now
date = current_time.strftime("%Y%m%d")
region = "ap-northeast-1"
target_file = "test.txt"

timestamp = current_time.utc.iso8601.delete("-:")

# policy document
policy_document = <<EOS
{"expiration": "#{(current_time + 60 * 60).utc.iso8601}",
  "conditions": [
    {"acl": "#{acl}"},
    {"bucket": "#{s3_bucket}"},
    ["starts-with", "$key", ""],
    {"x-amz-algorithm": "AWS4-HMAC-SHA256"},
    {"x-amz-credential": "#{aws_access_key_id}/#{date}/#{region}/s3/aws4_request"},
    {"x-amz-date": "#{timestamp}"},
    {"x-amz-server-side-encryption": "AES256"}
  ]
}
EOS
policy = Base64.encode64(policy_document).delete("\n")

# calc signature(v4)
sha256 = OpenSSL::Digest::SHA256.new
date_key = OpenSSL::HMAC.digest(sha256, "AWS4#{aws_secret_key}", date)
date_region_key = OpenSSL::HMAC.digest(sha256, date_key, region)
date_region_service_key = OpenSSL::HMAC.digest(sha256, date_region_key, "s3")
signing_key = OpenSSL::HMAC.digest(sha256, date_region_service_key, "aws4_request")
signature = OpenSSL::HMAC.hexdigest(sha256, signing_key, policy)

# upload
cmd = <<__CURL_COMMAND__
curl -v -X POST \\
     -F acl="#{acl}" \\
     -F key="#{target_file}" \\
     -F policy="#{policy}" \\
     -F x-amz-algorithm="AWS4-HMAC-SHA256" \\
     -F x-amz-credential="#{aws_access_key_id}/#{date}/#{region}/s3/aws4_request" \\
     -F x-amz-date="#{timestamp}" \\
     -F x-amz-signature="#{signature}" \\
     -F x-amz-server-side-encryption="AES256" \\
     -F "file=@#{target_file}" \\
     https://#{s3_bucket}.s3.amazonaws.com/
__CURL_COMMAND__
puts cmd
puts `#{cmd}`
	#
	# POST with signature v4
	#
	require "base64"
	require "openssl"
	require "digest/sha1"
	require "time"

	aws_access_key_id = ENV["AWS_ACCESS_KEY_ID"]
	aws_secret_key = ENV["AWS_SECRET_ACCESS_KEY"]

	acl = "public-read"
	s3_bucket = "mybucket"
	current_time = Time.now
	date = current_time.strftime("%Y%m%d")
	region = "ap-northeast-1"
	target_file = "test.txt"

	timestamp = current_time.utc.iso8601.delete("-:")

	# policy document
	policy_document = <<EOS
	{"expiration": "#{(current_time + 60 * 60).utc.iso8601}",
	"conditions": [
	{"acl": "#{acl}"},
	{"bucket": "#{s3_bucket}"},
	["starts-with", "$key", ""],
	{"x-amz-algorithm": "AWS4-HMAC-SHA256"},
	{"x-amz-credential": "#{aws_access_key_id}/#{date}/#{region}/s3/aws4_request"},
	{"x-amz-date": "#{timestamp}"},
	{"x-amz-server-side-encryption": "AES256"}
	]
	}
	EOS
	policy = Base64.encode64(policy_document).delete("\n")

	# calc signature(v4)
	sha256 = OpenSSL::Digest::SHA256.new
	date_key = OpenSSL::HMAC.digest(sha256, "AWS4#{aws_secret_key}", date)
	date_region_key = OpenSSL::HMAC.digest(sha256, date_key, region)
	date_region_service_key = OpenSSL::HMAC.digest(sha256, date_region_key, "s3")
	signing_key = OpenSSL::HMAC.digest(sha256, date_region_service_key, "aws4_request")
	signature = OpenSSL::HMAC.hexdigest(sha256, signing_key, policy)

	# upload
	cmd = <<__CURL_COMMAND__
	curl -v -X POST \\
	-F acl="#{acl}" \\
	-F key="#{target_file}" \\
	-F policy="#{policy}" \\
	-F x-amz-algorithm="AWS4-HMAC-SHA256" \\
	-F x-amz-credential="#{aws_access_key_id}/#{date}/#{region}/s3/aws4_request" \\
	-F x-amz-date="#{timestamp}" \\
	-F x-amz-signature="#{signature}" \\
	-F x-amz-server-side-encryption="AES256" \\
	-F "file=@#{target_file}" \\
	https://#{s3_bucket}.s3.amazonaws.com/
	__CURL_COMMAND__
	puts cmd
	puts `#{cmd}`