Signature签名不匹配
我试图在php中的蔚蓝存储上创建一个到blob的SAS。我编写了以下代码:
$key ="...";
$end = date('Y-m-d\TH\:i\:s\Z', strtotime('+1 day'));
function getSASForBlob($accountName, $container, $blob, $permissions ,$expiry, $key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/'.$accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = "2015-12-11"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true));
}
function getBlobUrl($accountName, $container, $blob, $resourceType, $permissions, $expiry, $_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = 'sv=2015-12-11';
$_parts[] = 'ss=b';
$_parts[] = 'srt=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = (!empty($expiry))?'se=' .$expiry:'';
$_parts[] = 'spr=https';
$_parts[] = 'sig=' . urlencode($_signature);
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
$sig = getSASForBlob("cloudviewer","450-423-422-392", "thumbnail.jpeg", "r", $end, $key);
$url = getBlobUrl("cloudviewer","450-423-422-392","thumbnail.jpeg","o","r", $end, $sig);
echo(json_encode(array('url' => $url, 'sig' => $sig, 'expiry' => $end)));
存在身份验证错误:签名不匹配。使用的字符串是云端查看器r b o 2016-12-09T17:08:25 z https 2015-12-11
我直接从Azure创建了一个SAS,我有一个url https://cloudviewer.blob.core.windows.net/450-423-422-392/thumbnail.jpeg?sv=2015-12-11&ss=b&srt=o&sp=r&se=2016-12-09T17:28:32Z&st=2016-12-08T15:28:32Z&spr=https&sig=EgnmcRSSKol%2BqR2A4aBdFhL9dmkhGJVHOw9W%2BC8%2FTKI%3D,它可以工作,并且与第一个类似。
我已经试过了
$_arraysign[] = '/blob/'.$accountName . '/' . $container . '/' . $blob;
$_arraysign[] = $accountName . '/' . $container . '/' . $blob;你知不知道?
谢谢
回答 1
Stack Overflow用户
发布于 2016-12-09 03:08:30
您似乎正在尝试生成一个account SAS令牌,这是https://learn.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1#examples-of-sas-uris中描述的第二个示例。根据我的理解,您只能生成一个常见的blob令牌,作为上面提到的第一个示例。
同时,根据构造签名字符串的描述,您在生成签名时遗漏了几个部分。
因此,请尝试以下代码片段:
function getSASForBlob($accountName, $container, $blob, $permissions ,$expiry, $key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob' .'/'.$accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-12-11"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true));
}
function getBlobUrl($accountName, $container, $blob, $resourceType, $permissions, $expiry, $_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($expiry)) ? 'se=' . urlencode($expiry) : '';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions)) ? 'sp=' . $permissions : '';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2015-12-11';
$_parts[] = 'rscd=';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
$sig = getSASForBlob(AZURE_ACC_NAME,AZURE_CONTAINER, BLOB, "r", $endDate, AZURE_PRIMARY_KEY);
$url = getBlobUrl(AZURE_ACC_NAME,AZURE_CONTAINER,BLOB,"b","r", $endDate, $sig);https://stackoverflow.com/questions/41044373
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号