Google云端存储-JAVA REST API-获取SignatureDoesNotMatch [英] Google Cloud Storage - JAVA REST API - Getting SignatureDoesNotMatch

问题描述

我正在使用jersey-client进行REST Call.我在响应中收到SignatureDoesNotMatch错误. 我试图使用GET Service列出存储桶名称，还尝试使用GET Bucket方法列出存储桶对象. 这是我的示例代码.

I am using jersey-client to make REST Call . I am getting SignatureDoesNotMatch error in response. I was trying to List down Bucket names using GET Service , also tried to list Bucket object using GET Bucket method. here is my sample code.

任何提示或解决方案吗?

Any hint or solution ?

public class restSample {

    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
    private static final String PROJECT_ID = "10XXXXXXXX478";

    public static String Base64Encoding()
            throws java.security.SignatureException, UnsupportedEncodingException {

          String access_id = "GOOGBAXXXXXXXXXXBI";
          String secret_key = URLEncoder.encode("pWTXXXXXXXXXXXXXXXRo85T+XXXXXXXXX3O","UTF-8");
          String bucket = "bucket_name";

          String version_header = "x-goog-api-version:1";
          String project_header = "x-goog-project-id:"+PROJECT_ID;
          String canonicalizedResources = "/"+bucket+"/";

          Calendar calendar = Calendar.getInstance();
          calendar.add(Calendar.MINUTE, 30);
          long expiration = calendar.getTimeInMillis();

         String stringToSign = URLEncoder.encode("GET\n\n\n"+expiration+"\n"+version_header+"\n"+project_header+"\n"+canonicalizedResources,"UTF-8");
         //String stringToSign = URLEncoder.encode("GET\n\n\n"+getdate()+"\n"+version_header+"\n"+project_header+"\n"+canonicalizedResources,"UTF-8");
         String authSignature="";
        try {

            SecretKeySpec signingKey = new SecretKeySpec(secret_key.getBytes(),HMAC_SHA1_ALGORITHM);

            Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
            mac.init(signingKey);

            // compute the hmac on input data bytes
            byte[] rawHmac = mac.doFinal(stringToSign.getBytes("UTF-8"));

            // base64-encode the hmac
            authSignature = new String(Base64.encode(rawHmac));

        } catch (Exception e) {
            throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
        }
        authSignature = (access_id +":"+ authSignature);
        return  authSignature;
    }

    public static void main(String[] args) {

        ClientConfig config = new DefaultClientConfig();
        Client client = Client.create(config);

        String authSignature = null;
        try {
            authSignature = "GOOG1 "+ Base64Encoding();
        } catch (SignatureException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }

        WebResource service = client.resource(getBaseURI());
        ClientResponse response = service.accept(MediaType.APPLICATION_XML)
                .header("Authorization",authSignature)
                .header("Date", getdate())
                .header("Content-Length", "0")
                .header("x-goog-api-version", "1")
                .header("x-goog-project-id", PROJECT_ID)
                .get(ClientResponse.class);

        System.out.println(response.getClientResponseStatus().getFamily());
        System.out.println("response1 :: " + response.getEntity(String.class));

    }

    private static URI getBaseURI() {
        String url = "https://bucket_name.storage.googleapis.com";
        return UriBuilder.fromUri(url).build();
    }
    private static String getdate(){
        SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z ", new Locale("US"));
         Calendar cal = Calendar.getInstance(new SimpleTimeZone(0, "GMT"));

         format.setCalendar(cal);
         return format.format(new Date());
    }
}

谢谢！

推荐答案

确保您要签名的字符串与要签名的预期字符串匹配.如果身份验证失败，Google云存储将返回预期的字符串以登录HTTP响应.

Make sure the string you are signing matches the expected string to sign. Google cloud storage returns the expected string to sign in the HTTP response if authentication fails.

在您的特定示例中，看起来您正在将version_header和project_header都添加到要签名的字符串中.这些不在CanonicalHeaders或CanonicalExtensionHeaders的列表中，因此您要签名与服务器不同的字符串.

In your particular example it looks like you are adding both the version_header and project_header into the string to sign. These are not in the list of CanonicalHeaders nor CanonicalExtensionHeaders, so you are signing a different string than the server.

您可以在此处查看列表: https://developers .google.com/storage/docs/reference/v1/developer-guidev1#authentication

You can review the list here: https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication

这篇关于Google云端存储-JAVA REST API-获取SignatureDoesNotMatch的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！