Google Cloud Storage签署的Url - SignatureDoesNotMatch [英] Google Cloud Storage Signed Url - SignatureDoesNotMatch
问题描述
我可以使用google-api-php-client将文件(image.png)放到我的Google Cloud Storage存储桶中,但现在我无法尝试创建签名url来访问我的文件网站。示例代码:
$ bucketName ='bucket-name';
$ id ='image.png';
$ serviceAccountName ='123456789-xxxx@developer.gserviceaccount.com';
$ privateKey = file_get_contents($ location_to_key_file);
$ signer = new \Google_P12Signer($ privateKey,notasecret);
$ ttl = time()+ 3600;
$ stringToSign =GET \\\
。 \\\
。 \\\
。 $ ttl。 \\\
。 '/'。 $ bucketName。 '/'。 $ ID;
$ signature = $ signer-> sign(utf8_encode($ stringToSign));
$ finalSignature = \Google_Utils :: urlSafeB64Encode($ signature);
$ host =https://。$ bucketName。.storage.googleapis.com;
echo $主机。 /\".$id.\"?GoogleAccessId=。 $ serviceAccountName。 & Expires =。 $ ttl。 & Signature =。 $ finalSignature;
返回:
<错误><代码> SignatureDoesNotMatch< /代码>
<消息>我们计算的请求签名与您提供的签名不匹配。检查您的Google密钥和签名方法。< / Message>
< StringToSign>
GET 1387590477 /bucketname/image.png</StringToSign> ;</Error>
使用google-api-php-client和php 5.5 $ / $>
之后再举几个例子:
https://groups.google.com/forum/#!topic/gs-discussion/EjPRAWbWKbw
https://groups.google.com/forum /#!msg / google-api-php-client / jaRYDWdpteQ / xbNTLfDhUggJ
也许配置值没有正确传递?
我假设使用服务帐户电子邮件。还试图在$ stringToSign中包含md5hash和content-type,结果相同。
任何帮助/提示将不胜感激。
rdb几乎为我做了诀窍。我使用来自GoogleCloudPlatform的工作python示例进行python调试,以便调试url并找到以下内容:
- GoogleAccessId必须是urlencoded
- 您必须替换在签名中包含以下字符:' - '=>'%2B','_'=>'%2F
- 签名必须以'%3D'结尾
$ b $ p代码:
$ host。 /\".$id.\"?Expires=。 $ ttl。 & GoogleAccessId =。
urlencode($ serviceAccountName)。 & Signature =。
str_replace(array(' - ','_',),array('%2B','%2F'),urlencode($ finalSignature))。'%3D';
现在,该网址可以正常工作,您可以使用一些高级操作员,如响应内容处置或响应内容类型
Im able to put a file (image.png) on to my Google Cloud Storage bucket using the google-api-php-client, but now im having trouble trying to create a signed url to get access to the file from my website. Sample code:
$bucketName = 'bucket-name';
$id = 'image.png';
$serviceAccountName = '123456789-xxxx@developer.gserviceaccount.com';
$privateKey = file_get_contents($location_to_key_file);
$signer = new \Google_P12Signer($privateKey, "notasecret");
$ttl = time() + 3600;
$stringToSign = "GET\n" . "\n" . "\n" . $ttl . "\n". '/' . $bucketName . '/' . $id;
$signature = $signer->sign(utf8_encode($stringToSign));
$finalSignature = \Google_Utils::urlSafeB64Encode($signature);
$host = "https://".$bucketName.".storage.googleapis.com";
echo $host. "/".$id."?GoogleAccessId=" . $serviceAccountName . "&Expires=" . $ttl . "&Signature=" . $finalSignature;
Returns:
<Error><Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>
GET 1387590477 /bucketname/image.png</StringToSign></Error>
im using google-api-php-client with php 5.5
ive followed a few examples:
https://groups.google.com/forum/#!topic/gs-discussion/EjPRAWbWKbw
https://groups.google.com/forum/#!msg/google-api-php-client/jaRYDWdpteQ/xbNTLfDhUggJ
Maybe a config value im not passing correctly ? i assume the Service Account email should be used. Also tried to include md5hash and content-type in the $stringToSign, same results.
any help/tips would be appreciated.
The rdb almost do the trick for me. I used a working python example from GoogleCloudPlatform for python in order to debug what was wrong with the url and find the following:
- The GoogleAccessId have to be urlencoded
- You've to replace in the Signature the following characters: '-' => '%2B', '_' => '%2F
- The signature must end with '%3D'
Code:
$host. "/".$id."?Expires=" . $ttl . "&GoogleAccessId=" .
urlencode($serviceAccountName) . "&Signature=" .
str_replace(array('-','_',), array('%2B', '%2F'),urlencode($finalSignature)).'%3D';
Now the url should work and you can use some advanced operators like response-content-disposition or response-content-type
这篇关于Google Cloud Storage签署的Url - SignatureDoesNotMatch的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
