PHP/Authentication的共享访问签名功能失败 [英] Shared Access Signatures function for PHP / AuthenticationFailed
问题描述
如
As noticed here, the shared access signature is not supported in the Azure SDK for PHP. So I developed my own function to generate the signed-url using the Miscrosoft Azure documentation (here) and the PHPAzure Codeplex project and source code (here)
我想生成一个签名的URL,可以使用开发的软件客户端直接在Web浏览器中调用它.
I want to generate an signed-url that may be called directly in a web browser vithout using a developed software client.
我生成的签名URL始终返回"AuthenticationFailed",其详细信息为签名不匹配.签名不匹配.要使用的签名字符串为r 2013-11-03 2013-11-05/ntgstblog/netgemvno netgemvno_default_policy"
My generated signed-url always returns an "AuthenticationFailed" with the detail "Signature did not match. Signature did not match. String to sign used was r 2013-11-03 2013-11-05 /ntgstblog/netgemvno netgemvno_default_policy"
这是我的源代码,用于生成共享访问签名和我的签名URL.你能帮我调试吗?
Here my source code to generate a shared access signature and my signed url. Can you help me to debug it ?
$config = array(
'blob_account' => <mystroage_accountname>,
'blob_key' => <mystroage_accesskey>,
'blob_protocol' => 'http'
);
$_id = 'netgemvno_default_policy';
...
/* Define the policy of the container */
$_data = array(
'SignedIdentifier' => array (
'Id' => $_id,
'AccessPolicy' => array(
'Start' => date("Y-m-d", strtotime('-1 years')),
'Expiry' => date("Y-m-d", strtotime('+1 year')),
'Permission' => 'r'
)
)
);
$_containerAcl = ContainerAcl::create(PublicAccessType::NONE, $_data);
$rest->blob_service->setContainerAcl($oem, $_containerAcl);
...
/* get shared access url to my private blob */
$_start = date('Y-m-d', strtotime('-1 day'));
//$_start = '';
$_expiry = date('Y-m-d', strtotime('+1 day'));
//$_expiry = '';
$_permission = 'r';
$_container = 'netgemvno';
$_blob = strtolower(
"netgemvno/backup/2013/10/29/20131029_ack.log"
);
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $_permission;
$_arraysign[] = $_start;
$_arraysign[] = $_expiry;
$_arraysign[] = '/' . $config['blob_account'] . '/' . $_container;
$_arraysign[] = $_id;
$_str2sign = implode("\n", $_arraysign);
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($_start))?'st=' . urlencode($_start):'';
$_parts[] = (!empty($_expiry))?'se=' . urlencode($_expiry):'';
$_parts[] = (!empty($_permission))?'sp=' . $_permission:'';
$_parts[] = 'sr=' . 'c';
$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
/* Create the signed blob URL */
$_url = $config['blob_protocol'] . '://'
. $config['blob_account'] . '.blob.core.windows.net/'
. $_blob . '?'
. implode('&', $_parts);
return $_url;
- 生成签名时出了什么问题?
- 是否有任何信息丢失或无效?
- 我是否需要使用我的存储密钥进行哈希处理?
推荐答案
假定您将帐户密钥存储为base64编码(类似于AmSacgtnBFBvyqPHTNfpThcBCFWqzE3PIl09Pr1IQBGNjln1a8fZeUTs0+fehSmGt6ujf/7DQ51ef+DEXEZziA==
),请尝试更改以下代码行:
Assuming you're storing your account key as base64 encoded (something like AmSacgtnBFBvyqPHTNfpThcBCFWqzE3PIl09Pr1IQBGNjln1a8fZeUTs0+fehSmGt6ujf/7DQ51ef+DEXEZziA==
), try changing the following line of code:
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
收件人
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, base64_decode($config['blob_key']), true)
);
这篇关于PHP/Authentication的共享访问签名功能失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!