上传使用pre-标识的URL与卷曲S3（获得403） [英] Upload to s3 with curl using pre-signed URL (getting 403)

问题描述

我使用卷曲打电话到Java REST API来检索URL。 Java的然后用我的S3凭据S3上传生成pre-标识的URL，并返回，在剩下的答复。卷曲需要的网址，并使用该上传到S3，但S3返回403我们计算请求签名不您提供的签名相匹配。请检查您的密钥和签名方法。

下面是code我使用生成pre-签署网址：

 公共类S3Util {
    静态最终AmazonS3 S3 =新AmazonS3Client（新AWSCredentials（）{
        @覆盖
        公共字符串getAWSAccessKeyId（）{
            返回XXXXXXX;
        }
        @覆盖
        公共字符串getAWSSecretKey（）{
            返回XXXXXXXXXXXXXX;
        }
    }）;
    静态最后弦乐桶=XXXXXXXXXXXXXXXXXXXXXXXXXXX;

    静态公共URL getMediaChunkURL（MediaChunk MC，HttpMethod法）{
        字符串键= ...
        //在未来（测试）的方式...
        日期过期=新的日期（System.currentTimeMillis的（）+ CalendarUtil.ONE_MINUTE_IN_MILLISECONDS * 60 * 1000）;

        生成presignedUrlRequest REQ =新生成presignedUrlRequest（斗，重点，方法）;
        req.setExpiration（到期）;
        req.addRequestParameter（内容类型，应用程序/八位字节流）;

        //这个被传​​递给最终用户：
        返回s3.generate presignedUrl（REQ）;
    }
}
 

和卷曲，从庆典上运行，我执行此：

 回声会尝试块上传至$ {位置}
卷曲-i -X​​ POST \
        -F内容类型=应用程序/八位字节流\
        -F文件= @ $ {文件名}\
        $ {位置} || （回声上传块失败;出口1）
 

除其他事项外，我已经尝试PUT和我曾尝试内容型（小写字母T）。我知道我失去了一些东西（或出头）明显，但读取相应的文档，谷歌搜索和寻找许多类似的问题后，我不知道那是什么。我看到很多有关所需标题提示的，但我想辞职的URL应该消除这些需求。也许不是？

TIA！

更新：

只是要清楚，我已经测试的下载，并且运行良好。

Java的样子：

 生成presignedUrlRequest REQ =新生成presignedUrlRequest（斗，钥匙，HttpMethod.GET）;
req.setExpiration（到期）;
 

和卷曲很简单：

 卷曲-i $ {位置}
 

解决方案

我已经通过的curl~~V 预期。鉴于我的测试中，我怀疑你是真的不使用的卷曲的正确 - 我已经能够上传文件，如下所示：

 卷曲-v --upload文件$ {文件名} $ {位置}
 

参数 -v 的调试和说明目的转储请求和响应头（以及SSL握手）：

 ＆GT; PUT [...] HTTP / 1.1
＆GT;用户代理：卷曲/ 7.21.0 [...]
＆GT;主办： [...]
＆GT;接受： */*
＆GT;内容长度：12
＆GT;期望：100-继续
 

请注意， - 上传文件（或 -T ）有利于 PUT 如预期，但增加了更多的头酌情产生的回报恰当的反应：

 ＆LT; HTTP / 1.1 100继续
＆LT; HTTP / 1.1 200 OK
＆LT;的X AMZ-ID-2：[...]
＆LT;的X AMZ-请求ID：[...]
＆LT;日期：星期二，2012 18时34分56秒格林尼治标准​​时间1月31日
＆LT; ETag的：253801c0d260f076b0d5db5b62c54824
＆LT;内容长度：0
＆LT;服务器：AmazonS3
 

I'm using curl to call into a Java ReST API to retrieve a URL. Java then generates a pre-signed URL for S3 upload using my S3 credentials, and returns that in the ReST reply. Curl takes the URL and uses that for upload to S3, but S3 returns 403 "The request signature we calculated does not match the signature you provided. Check your key and signing method."

Here is the code I'm using to generate the pre-signed URL:

public class S3Util {
    static final AmazonS3 s3 = new AmazonS3Client( new AWSCredentials() {
        @Override
        public String getAWSAccessKeyId() {
            return "XXXXXXX";
        }
        @Override
        public String getAWSSecretKey() {
            return "XXXXXXXXXXXXXX";
        }
    });
    static final String BUCKET = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";

    static public URL getMediaChunkURL( MediaChunk mc, HttpMethod method ) {
        String key = ...
        //way in the future (for testing)...
        Date expiration = new Date( System.currentTimeMillis() + CalendarUtil.ONE_MINUTE_IN_MILLISECONDS*60*1000 );

        GeneratePresignedUrlRequest req = new GeneratePresignedUrlRequest(BUCKET, key, method);
        req.setExpiration(expiration);
        req.addRequestParameter("Content-Type", "application/octet-stream");

        //this gets passed to the end user:
        return s3.generatePresignedUrl(req);
    }
}

and in curl, run from bash, I execute this:

echo Will try to upload chunk to ${location}
curl -i -X POST \
        -F 'Content-Type=application/octet-stream' \
        -F "file=@${fileName}" \
        ${location} || (echo upload chunk failed. ; exit 1 )

Among other things, I have tried PUT, and I have tried "Content-type" (lowercase T). I realize I'm missing something (or somethings) obvious, but after reading the appropriate docs, googling and looking at lots of similar questions I'm not sure what that is. I see lots of hints about required headers, but I thought the resigned URL was supposed to eliminate those needs. Maybe not?

TIA!

Update:

Just to be clear, I have tested downloads, and that works fine.

Java looks like:

GeneratePresignedUrlRequest req = new GeneratePresignedUrlRequest(BUCKET, key, HttpMethod.GET);
req.setExpiration(expiration);

and curl is simply:

curl -i ${location}

解决方案

I've been able to generate a pre-signed URL via C# and upload it thereafter via curl as expected. Given my tests I suspect you are indeed not using curl correctly - I've been able to upload a file like so:

curl -v --upload-file ${fileName} ${location}

The parameter -v dumps both request and response headers (as well as the SSL handshake) for debugging and illustration purposes:

> PUT [...] HTTP/1.1
> User-Agent: curl/7.21.0 [...]
> Host: [...]
> Accept: */*
> Content-Length: 12
> Expect: 100-continue

Please note, that --upload-file (or -T) facilitates PUTas expected, but adds more headers as appropriate, yielding a proper response in return:

< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< x-amz-id-2: [...]
< x-amz-request-id:  [...]
< Date: Tue, 31 Jan 2012 18:34:56 GMT
< ETag: "253801c0d260f076b0d5db5b62c54824"
< Content-Length: 0
< Server: AmazonS3

这篇关于上传使用pre-标识的URL与卷曲S3（获得403）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！