Google云端存储-JAVA REST API-获取SignatureDoesNotMatch [英] Google Cloud Storage - JAVA REST API - Getting SignatureDoesNotMatch
问题描述
我正在使用jersey-client进行REST Call.我在响应中收到SignatureDoesNotMatch错误. 我试图使用GET Service列出存储桶名称,还尝试使用GET Bucket方法列出存储桶对象. 这是我的示例代码.
I am using jersey-client to make REST Call . I am getting SignatureDoesNotMatch error in response. I was trying to List down Bucket names using GET Service , also tried to list Bucket object using GET Bucket method. here is my sample code.
任何提示或解决方案吗?
Any hint or solution ?
public class restSample {
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
private static final String PROJECT_ID = "10XXXXXXXX478";
public static String Base64Encoding()
throws java.security.SignatureException, UnsupportedEncodingException {
String access_id = "GOOGBAXXXXXXXXXXBI";
String secret_key = URLEncoder.encode("pWTXXXXXXXXXXXXXXXRo85T+XXXXXXXXX3O","UTF-8");
String bucket = "bucket_name";
String version_header = "x-goog-api-version:1";
String project_header = "x-goog-project-id:"+PROJECT_ID;
String canonicalizedResources = "/"+bucket+"/";
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.MINUTE, 30);
long expiration = calendar.getTimeInMillis();
String stringToSign = URLEncoder.encode("GET\n\n\n"+expiration+"\n"+version_header+"\n"+project_header+"\n"+canonicalizedResources,"UTF-8");
//String stringToSign = URLEncoder.encode("GET\n\n\n"+getdate()+"\n"+version_header+"\n"+project_header+"\n"+canonicalizedResources,"UTF-8");
String authSignature="";
try {
SecretKeySpec signingKey = new SecretKeySpec(secret_key.getBytes(),HMAC_SHA1_ALGORITHM);
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(stringToSign.getBytes("UTF-8"));
// base64-encode the hmac
authSignature = new String(Base64.encode(rawHmac));
} catch (Exception e) {
throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
}
authSignature = (access_id +":"+ authSignature);
return authSignature;
}
public static void main(String[] args) {
ClientConfig config = new DefaultClientConfig();
Client client = Client.create(config);
String authSignature = null;
try {
authSignature = "GOOG1 "+ Base64Encoding();
} catch (SignatureException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
WebResource service = client.resource(getBaseURI());
ClientResponse response = service.accept(MediaType.APPLICATION_XML)
.header("Authorization",authSignature)
.header("Date", getdate())
.header("Content-Length", "0")
.header("x-goog-api-version", "1")
.header("x-goog-project-id", PROJECT_ID)
.get(ClientResponse.class);
System.out.println(response.getClientResponseStatus().getFamily());
System.out.println("response1 :: " + response.getEntity(String.class));
}
private static URI getBaseURI() {
String url = "https://bucket_name.storage.googleapis.com";
return UriBuilder.fromUri(url).build();
}
private static String getdate(){
SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss z ", new Locale("US"));
Calendar cal = Calendar.getInstance(new SimpleTimeZone(0, "GMT"));
format.setCalendar(cal);
return format.format(new Date());
}
}
谢谢!
推荐答案
确保您要签名的字符串与要签名的预期字符串匹配.如果身份验证失败,Google云存储将返回预期的字符串以登录HTTP响应.
Make sure the string you are signing matches the expected string to sign. Google cloud storage returns the expected string to sign in the HTTP response if authentication fails.
在您的特定示例中,看起来您正在将version_header
和project_header
都添加到要签名的字符串中.这些不在CanonicalHeaders
或CanonicalExtensionHeaders
的列表中,因此您要签名与服务器不同的字符串.
In your particular example it looks like you are adding both the version_header
and project_header
into the string to sign. These are not in the list of CanonicalHeaders
nor CanonicalExtensionHeaders
, so you are signing a different string than the server.
您可以在此处查看列表: https://developers .google.com/storage/docs/reference/v1/developer-guidev1#authentication
You can review the list here: https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication
这篇关于Google云端存储-JAVA REST API-获取SignatureDoesNotMatch的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!