please delete my first post;-)

your App is running fine even under Flex 4.

My Problem was that the “Bugfix”
from
signature = encodeURI(encoder.toString());
to
encodeURIComponent(encoder.toString());
doesn’t work.

Sorry, Mihai!

The Signature after using encodeURIComponent is to short.

Thanks again for your great work, Brandon!

Grettings from cologne/germany

Uwe

Triggering the Amazonsearch.send() returns the errormessage: “HTTP request error”

The only thing I have changed is “upgrading” your source from Flex 3 to Flex 4. It doesn’t matter if i use <mx:httpservice and <mx:request or the spark equivalent. the error is the same.

The Signature-Part is working fine.

Bringing the elements with cut & paste and a little modification together: "http://&quot; + endpoint-url +"?" + request-values + &Signature returns after copying the url and executing it in a browser the expected result. That is great!!!!

Have I done something wrong when I make a flex 4 app out of your mxml-file? Changing <mx:httpService and <mx:request to spark makes no difference.

Is something in my crossdomain.xml wrong and do I need this file for this httpservice-connection?

Her comes my less modified version of your example.

Look at the alert-boxes. All values are correct!

{amazonDeveloperId}
EAN
9783934358058
ItemLookup
ItemAttributes,Images,Tracks,EditorialReview
Books
AWSECommerceService
{signature}
{timestamp}

<![CDATA[
import com.hurlant.crypto.hash.HMAC;
import com.hurlant.crypto.hash.SHA256;

import mx.collections.ArrayCollection;
import mx.collections.Sort;
import mx.collections.SortField;
import mx.controls.Alert;
import mx.formatters.DateFormatter;
import mx.rpc.events.ResultEvent;
import mx.rpc.http.HTTPService;
import mx.utils.Base64Encoder;

/*
//Changes:

url="http://ecs.amazonaws.de/onca/xml&quot;

...

url="http://webservices.amazon.com/onca/xml"
AWS_HOST:String = "webservices.amazon.com";

German Endpoint:
url="http://ecs.amazonaws.de/onca/xml"
AWS_HOST:String = "ecs.amazonaws.de";
*/

/*

Ablauf der Signatur aus : http://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html
Das folgende Beispiel wurde getestet. Es handelt sich um das Flash4 Buch von S. Wolter
String-To-Sign wird hier aus den Parametern aufgebaut:
Hinweis: Die Signatur ist noch nicht enthalten, das sie nun aus diesen Werten erzeugt wird!
GET
ecs.amazonaws.de
/onca/xml
AWSAccessKeyId=***MYKEY***&
AssociateTag=mytag-20&
IdType=ISBN&
ItemId=3924322112&
Operation=ItemLookup&
ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews%2CVariations&
SearchIndex=Books&
Service=AWSECommerceService&
Sort=salesrank&
Timestamp=2011-05-19T13%3A17%3A27.000Z&
Version=2009-01-01

daraus ergibt sich die Signed URL:

http://ecs.amazonaws.de/onca/xml?
AWSAccessKeyId=***MYKEY***&
AssociateTag=mytag-20&
IdType=ISBN&
ItemId=3924322112&
Operation=ItemLookup&
ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews%2CVariations&
SearchIndex=Books&
Service=AWSECommerceService&
Sort=salesrank&
Timestamp=2011-05-19T13%3A17%3A27.000Z&
Version=2009-01-01&
Signature=plM4oRhUyxSZumgQ7q7X6GsbGGWpvVjCch1eV5K%2B7ps%3D

---------------------------------------------------------------

mit diesem Programm wurde erzeugt:
Hinweis die Parameter weichen etwas von den App-Parametern ab
GET
ecs.amazonaws.de
/onca/xml
AWSAccessKeyId=***MYKEY***&
IdType=EAN&
ItemId=9783934358058&
Operation=ItemLookup&
ResponseGroup=ItemAttributes%2CImages%2CTracks%2CEditorialReview&
SearchIndex=Books&
Service=AWSECommerceService&
Timestamp=2011-05-19T14%3A45%3A41.000Z

Manuell zusammengestetzt funktioniert der REST-Request:

Es wurde "http://", das "?" hinter xml und "&Signature=f5km6UtycJVjUsxfpFbxZfcWVaS0CmziR7tBATHdCJE%3D" hinzugefuegt:
Bitte beachten: Die Signatur wurde OHNE diese Ergaenzungen erzeugt !!!
http://ecs.amazonaws.de/onca/xml?
AWSAccessKeyId=***MYKEY***&
IdType=EAN&ItemId=9783934358058&
Operation=ItemLookup&
ResponseGroup=ItemAttributes%2CImages%2CTracks%2CEditorialReview&
SearchIndex=Books&
Service=AWSECommerceService&
Timestamp=2011-05-19T14%3A58%3A15.000Z&
Signature=f5km6UtycJVjUsxfpFbxZfcWVaS0CmziR7tBATHdCJE%3D

*/

/**
* The Amazon host providing the Product API web service.
*/
//private const AWS_HOST:String = "ecs.amazonaws.de";
private const AWS_HOST:String = "webservices.amazon.com";

/**
* The HTTP method used to send the request.
*/
private const AWS_METHOD:String = "GET";

/**
* The path to the Product API web service on the Amazon host.
*/
private const AWS_PATH:String = "/onca/xml";

/**
* The AWS Access Key ID to use when querying Amazon.com.
*/
[Bindable]
private var amazonDeveloperId:String = “***MYKEY***”;

/**
* The AWS Secret Key to use when querying Amazon.com.
*/
[Bindable]
private var amazonSecretAccessKey:String = “***MYSECRETKEY***”;

/**
* The request signature string.
*/
[Bindable]
private var signature:String;

/**
* The request timestamp string, in UTC format (YYYY-MM-DDThh:mm:ssZ).
*/
[Bindable]
private var timestamp:String;

/**
* Calls all of the registered Javascript callback functions with
* the details on the barcodes that have been detected.
*/
private function init():void
{
// Generate request signature and perform the search.
generateSignature();

//mx.controls.Alert.show(“amazonDeveloperId:” + amazonDeveloperId);
mx.controls.Alert.show(“&signature=” + signature);
mx.controls.Alert.show(“&timestamp=” + timestamp);

var req:String = “”;

req += “AWSAccessKeyId =” + this.AmazonSearch.request.AWSAccessKeyId + “\n”;
req += “IdType =” + this.AmazonSearch.request.IdType+ “\n”;
req += “ItemId =” + this.AmazonSearch.request.ItemId+ “\n”;
req += “Operation =” + this.AmazonSearch.request.Operation+ “\n”;
req += “ResponseGroup =” + this.AmazonSearch.request.ResponseGroup+ “\n”;
req += “SearchIndex =” + this.AmazonSearch.request.SearchIndex+ “\n”;
req += “Service =” + this.AmazonSearch.request.Service+ “\n”;
req += “Signature =” + this.AmazonSearch.request.Signature+ “\n”;
req += “Timestamp =” + this.AmazonSearch.request.Timestamp+ “\n”;

Alert.show(“requstValues:\n” + req);

}

/**
* Displays the dialog box with the details retrieved from Amazon.
* This function is called by the AmazonSearch object’s ItemLookup
* operation. Note that scanning is paused while the dialog box
* is being displayed.
*
* @param res The results of the query to Amazon.com.
*/
private function showItemLookupResults(res:ResultEvent):void
{

var details:Object = res.result.ItemLookupResponse.Items.Item;

if (details != null)
{
// TODO: Do something with the result of the request.
Alert.show(“detailResults” + details);
}
}

/**
* Handles generating the signature for the AWS request. See the
* request authentication process details in the documentation for
* Amazon’s Product API, available at:
*
* http://docs.amazonwebservices.com/AWSECommerceService/2009-07-01/DG/HMACSignatures.html
*
* There are also examples of the necessary canonicalization at:
*
* http://docs.amazonwebservices.com/AWSECommerceService/2009-07-01/DG/rest-signature.html
*
* @return The base64-encoded Amazon request signature.
*/
private function generateSignature():void
{
var parameterArray:Array = new Array();
var parameterCollection:ArrayCollection = new ArrayCollection();
var parameterString:String = “”;
var sort:Sort = new Sort();
var hmac:HMAC = new HMAC(new SHA256());
var requestBytes:ByteArray = new ByteArray();
var keyBytes:ByteArray = new ByteArray();
var hmacBytes:ByteArray;
var encoder:Base64Encoder = new Base64Encoder();
var formatter:DateFormatter = new DateFormatter();
var now:Date = new Date();

// Set the request timestamp using the format: YYYY-MM-DDThh:mm:ss.000Z
// Note that we must convert to GMT.
//Version vor dem Bugfix: 1-24
//formatter.formatString = “YYYY-MM-DDTHH:NN:SS.000Z”;

//BUGFIX: Amazon is expecting JJ for 0-23
formatter.formatString = “YYYY-MM-DDTJJ:NN:SS.000Z”;

now.setTime(now.getTime() + (now.getTimezoneOffset() * 60 * 1000));
timestamp = formatter.format(now);

// Process the parameters.
for (var key:String in AmazonSearch.request )
{
// Ignore the “Signature” request parameter.
if (key != “Signature”)
{
var urlEncodedKey:String = encodeURIComponent(decodeURIComponent(key));
var parameterBytes:ByteArray = new ByteArray();
var valueBytes:ByteArray = new ByteArray();
var value:String = AmazonSearch.request[key];
var urlEncodedValue:String = encodeURIComponent(decodeURIComponent(value.replace(/\+/g, “%20″)));

// Use the byte values, not the string values.
parameterBytes.writeUTFBytes(urlEncodedKey);
valueBytes.writeUTFBytes(urlEncodedValue);
parameterCollection.addItem( { parameter : parameterBytes , value : valueBytes } );
}
}

// Sort the parameters and formulate the parameter string to be signed.
parameterCollection.sort = sort;
sort.fields = [ new SortField("parameter", true), new SortField("value", true) ];
parameterCollection.refresh();
parameterString = AWS_METHOD + “\n” + AWS_HOST + “\n” + AWS_PATH + “\n”;
for (var i:Number = 0; i < parameterCollection.length; i++)
{
var pair:Object = parameterCollection.getItemAt(i);

parameterString += pair.parameter + "=" + pair.value;

if (i

Someone brought to my attention a bug in the code above. There is 1 hour everyday when the script stops working and Amazon returns an “invalid date” error. It is UTC 24. The data format string uses the HH code for 1-24 while Amazon is expecting JJ for 0-23.

Fixed string:
formatter.formatString = “YYYY-MM-DDTJJ:NN:SS.000Z”;

–jason

I’ll post another version with a license bundle (probably MIT or BSD license) when I get the chance.

I tried using the corelib:

trace (HMAC.hash(key,data,SHA256));

But it doesnt work ;-(