Rumah >pembangunan bahagian belakang >Golang >SignatureDoesNotMatch pada PutObject - mengendalikan GetObject

SignatureDoesNotMatch pada PutObject - mengendalikan GetObject

PHPz
PHPzke hadapan
2024-02-09 15:00:101189semak imbas

PutObject 上的 SignatureDoesNotMatch - 处理 GetObject

editor php Strawberry akan memperkenalkan kepada anda cara menangani masalah "SignatureDoesNotMatch on PutObject - Handling GetObject" dalam artikel ini. Apabila melakukan operasi muat naik dan perolehan objek, anda kadangkala menghadapi gesaan ralat ini, yang mungkin disebabkan oleh ketidakpadanan dalam tandatangan yang diminta. Artikel ini akan menerangkan punca masalah ini secara terperinci dan menyediakan penyelesaian untuk membantu anda mengendalikan ralat ini dengan lancar dan memastikan operasi muat naik dan pengambilan objek anda boleh diteruskan seperti biasa.

Kandungan soalan

Saya cuba mencipta url bertandatangan untuk putobject dalam s3. Kaedah yang saya gunakan untuk melakukan ini untuk getobject berfungsi dengan baik, jadi kelayakan saya adalah sah.

Saya telah mematikan semua blok akses awam supaya ia harus terbuka.

Strategi Baldi:

{
    "version": "2012-10-17",
    "statement": [
        {
            "sid": "allowputobject",
            "effect": "allow",
            "principal": "*",
            "action": "s3:putobject",
            "resource": "arn:aws:s3:::adobe-sign-test/*"
        }
    ]
}

Kor baldi:

[
    {
        "allowedheaders": [
            "*"
        ],
        "allowedmethods": [
            "get",
            "head",
            "put"
        ],
        "allowedorigins": [
            "*"
        ],
        "exposeheaders": []
    }
]

Saya telah mencuba menggunakan perpustakaan s3 dan kini s3manager dalam kes ini. Walau bagaimanapun, apabila saya cuba meletakkan objek menggunakan url yang ditandatangani, saya mendapat ralat xml memberitahu saya signaturedoesnotmatch.

Di bawah ialah kod untuk mendapatkan yang sah dan meletakkan yang gagal.

func getpresignedurl(bucket, key, operation string, expiresin int64, region string, s3accesskeyid string, s3secretaccesskey string) string {
    sess := session.must(session.newsession(&aws.config{
        region: aws.string(region),
        credentials: credentials.newstaticcredentials(
            s3accesskeyid,
            s3secretaccesskey,
            "",
        ),
    }))

    uploader := s3manager.newuploader(sess)

    if operation == "putobject" {
        // generate a pre-signed url for a putobject operation
        uploadurl, _ := uploader.upload(&s3manager.uploadinput{
            bucket: aws.string(bucket),
            key:    aws.string(key),
            acl:    aws.string("bucket-owner-full-control"),
        })

        return uploadurl.location
    }

    // generate a pre-signed url for a getobject operation
    req, _ := uploader.s3.getobjectrequest(&s3.getobjectinput{
        bucket: aws.string(bucket),
        key:    aws.string(key),
    })

    geturl, err := req.presign(time.duration(expiresin) * time.second)
    if err != nil {
        fmt.println(err)
        return ""
    }

    return geturl
}

Begini cara saya cuba meletakkan fail menggunakan curl: curl -x put -t some-file.jpg "https://adobe-sign-test.s3.eu-north-1.amazonaws.com/hejsan.jpg?x-amz-algorithm=aws4-hmac-sha256&x- amz-credential=akiaqjglaaktl3qqfz73%2f20230706%2feu-north-1%2fs3%2faws4_request&x-amz-date=20230706t074846z&x-amz-expires=3600&x-amz-signedheaders=host&x-amz-signature=5eb429ee8efc 1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7“

Ini ialah mesej ralat untuk operasi letak:

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAQJGLAAKTL3QQFZ73</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20230706T074846Z
20230706/eu-north-1/s3/aws4_request
7666f6675cc3fe3a3aa20f98928aeccd4b9bc851666fcf03fb425d5819d7e72d</StringToSign><SignatureProvided>5eb429ee8efc1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 0a 32 30 32 33 30 37 30 36 2f 65 75 2d 6e 6f 72 74 68 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 37 36 36 36 66 36 36 37 35 63 63 33 66 65 33 61 33 61 61 32 30 66 39 38 39 32 38 61 65 63 63 64 34 62 39 62 63 38 35 31 36 36 36 66 63 66 30 33 66 62 34 32 35 64 35 38 31 39 64 37 65 37 32 64</StringToSignBytes><CanonicalRequest>PUT
/hejsan.jpg
X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAQJGLAAKTL3QQFZ73%2F20230706%2Feu-north-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20230706T074846Z&amp;X-Amz-Expires=3600&amp;X-Amz-SignedHeaders=host
host:adobe-sign-test.s3.eu-north-1.amazonaws.com

host
UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>50 55 54 0a 2f 68 65 6a 73 61 6e 2e 6a 70 67 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 51 4a 47 4c 41 41 4b 54 4c 33 51 51 46 5a 37 33 25 32 46 32 30 32 33 30 37 30 36 25 32 46 65 75 2d 6e 6f 72 74 68 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 61 64 6f 62 65 2d 73 69 67 6e 2d 74 65 73 74 2e 73 33 2e 65 75 2d 6e 6f 72 74 68 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>SMFDTR996NQE9DDV</RequestId><HostId>VehdLPGdnoVZclkNKs2+lTjFpAssA1Xe+HZSj5ZCCVK2QnumQHqzsePFg3TWWaai3+vqGgnwxpjMd3b8526I7Q==</HostId></Error>

Penyelesaian

Terdapat Contoh go dalam repositori SDK aws dengan get and put dan url pra-tandatangan untuk s3 yang mungkin membantu. Anda boleh mengklon repositori dan menjalankan contoh sendiri dengan mengikuti arahan dalam fail readme. Contoh mempunyai kaedah dan kemudian aplikasi konsol yang menunjukkan cara menjalankannya.

// GetObject makes a presigned request that can be used to get an object from a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) GetObject(
    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    }, func(opts *s3.PresignOptions) {
        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v\n",
            bucketName, objectKey, err)
    }
    return request, err
}



// PutObject makes a presigned request that can be used to put an object in a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) PutObject(
    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    }, func(opts *s3.PresignOptions) {
        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v\n",
            bucketName, objectKey, err)
    }
    return request, err
}



// DeleteObject makes a presigned request that can be used to delete an object from a bucket.
func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v\n", objectKey, err)
    }
    return request, err
}

Atas ialah kandungan terperinci SignatureDoesNotMatch pada PutObject - mengendalikan GetObject. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!

Kenyataan:
Artikel ini dikembalikan pada:stackoverflow.com. Jika ada pelanggaran, sila hubungi admin@php.cn Padam