PutObject 上的 SignatureDoesNotMatch - 处理 GetObject-Golang-PHP中文网

首页

后端开发

Golang

PutObject 上的 SignatureDoesNotMatch - 处理 GetObject

PHPz

Feb 09, 2024 pm 03:00 PM

PutObject 上的 SignatureDoesNotMatch - 处理 GetObject

php小编草莓在本文中将为您介绍如何处理“PutObject上的SignatureDoesNotMatch - 处理GetObject”的问题。在进行对象上传和获取操作时，有时会遇到此错误提示，这可能是由于请求的签名不匹配导致的。本文将为您详细解释该问题的原因，并提供解决方案，帮助您顺利处理这一错误，确保您的对象上传和获取操作能够正常进行。

问题内容

我正在尝试为 s3 中的 putobject 创建签名 url。我为 getobject 执行此操作的方法运行良好，因此我的凭据有效。

我已经关闭了所有公共访问块，因此它应该是公开的。

存储桶策略：

{
    "version": "2012-10-17",
    "statement": [
        {
            "sid": "allowputobject",
            "effect": "allow",
            "principal": "*",
            "action": "s3:putobject",
            "resource": "arn:aws:s3:::adobe-sign-test/*"
        }
    ]
}

存储桶 cors：

[
    {
        "allowedheaders": [
            "*"
        ],
        "allowedmethods": [
            "get",
            "head",
            "put"
        ],
        "allowedorigins": [
            "*"
        ],
        "exposeheaders": []
    }
]

我尝试过使用 s3 库，现在在本例中使用 s3manager。但是，当我尝试使用签名 url 放置对象时，我收到一条 xml 错误，告诉我 signaturedoesnotmatch。

下面是有效的 get 和失败的 put 的代码。

func getpresignedurl(bucket, key, operation string, expiresin int64, region string, s3accesskeyid string, s3secretaccesskey string) string {
    sess := session.must(session.newsession(&aws.config{
        region: aws.string(region),
        credentials: credentials.newstaticcredentials(
            s3accesskeyid,
            s3secretaccesskey,
            "",
        ),
    }))

    uploader := s3manager.newuploader(sess)

    if operation == "putobject" {
        // generate a pre-signed url for a putobject operation
        uploadurl, _ := uploader.upload(&s3manager.uploadinput{
            bucket: aws.string(bucket),
            key:    aws.string(key),
            acl:    aws.string("bucket-owner-full-control"),
        })

        return uploadurl.location
    }

    // generate a pre-signed url for a getobject operation
    req, _ := uploader.s3.getobjectrequest(&s3.getobjectinput{
        bucket: aws.string(bucket),
        key:    aws.string(key),
    })

    geturl, err := req.presign(time.duration(expiresin) * time.second)
    if err != nil {
        fmt.println(err)
        return ""
    }

    return geturl
}

以下是我尝试使用curl put 文件的方法： curl -x put -t some-file.jpg "https://adobe-sign-test.s3.eu-north-1.amazonaws.com/hejsan.jpg?x-amz-algorithm=aws4-hmac-sha256&x- amz-credential=akiaqjglaaktl3qqfz73%2f20230706%2feu-north-1%2fs3%2faws4_request&x-amz-date=20230706t074846z&x-amz-expires=3600&x-amz-signedheaders=host&x-amz-signature=5eb429ee8efc 1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7“

这是 put 操作的错误消息：

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAQJGLAAKTL3QQFZ73</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20230706T074846Z
20230706/eu-north-1/s3/aws4_request
7666f6675cc3fe3a3aa20f98928aeccd4b9bc851666fcf03fb425d5819d7e72d</StringToSign><SignatureProvided>5eb429ee8efc1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 0a 32 30 32 33 30 37 30 36 2f 65 75 2d 6e 6f 72 74 68 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 37 36 36 36 66 36 36 37 35 63 63 33 66 65 33 61 33 61 61 32 30 66 39 38 39 32 38 61 65 63 63 64 34 62 39 62 63 38 35 31 36 36 36 66 63 66 30 33 66 62 34 32 35 64 35 38 31 39 64 37 65 37 32 64</StringToSignBytes><CanonicalRequest>PUT
/hejsan.jpg
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAQJGLAAKTL3QQFZ73%2F20230706%2Feu-north-1%2Fs3%2Faws4_request&X-Amz-Date=20230706T074846Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host
host:adobe-sign-test.s3.eu-north-1.amazonaws.com

host
UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>50 55 54 0a 2f 68 65 6a 73 61 6e 2e 6a 70 67 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 51 4a 47 4c 41 41 4b 54 4c 33 51 51 46 5a 37 33 25 32 46 32 30 32 33 30 37 30 36 25 32 46 65 75 2d 6e 6f 72 74 68 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 61 64 6f 62 65 2d 73 69 67 6e 2d 74 65 73 74 2e 73 33 2e 65 75 2d 6e 6f 72 74 68 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>SMFDTR996NQE9DDV</RequestId><HostId>VehdLPGdnoVZclkNKs2+lTjFpAssA1Xe+HZSj5ZCCVK2QnumQHqzsePFg3TWWaai3+vqGgnwxpjMd3b8526I7Q==</HostId></Error>

解决方法

aws 开发工具包代码库中有一个示例go 具有 get 和 put 以及 s3 的预签名 url，也许会有帮助。您可以克隆存储库并按照自述文件中的说明自行运行这些示例。该示例具有方法，然后有一个控制台应用程序演示如何运行它们。

// GetObject makes a presigned request that can be used to get an object from a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) GetObject(
    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    }, func(opts *s3.PresignOptions) {
        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v\n",
            bucketName, objectKey, err)
    }
    return request, err
}



// PutObject makes a presigned request that can be used to put an object in a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) PutObject(
    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    }, func(opts *s3.PresignOptions) {
        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v\n",
            bucketName, objectKey, err)
    }
    return request, err
}



// DeleteObject makes a presigned request that can be used to delete an object from a bucket.
func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) {
    request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(objectKey),
    })
    if err != nil {
        log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v\n", objectKey, err)
    }
    return request, err
}

以上是PutObject 上的 SignatureDoesNotMatch - 处理 GetObject的详细内容。更多信息请关注PHP中文网其他相关文章！

声明

本文转载于：stackoverflow。如有侵权，请联系admin@php.cn删除

使用GO开发时的安全考虑Apr 27, 2025 am 12:18 AM

Gooffersrobustfeaturesforsecurecoding,butdevelopersmustimplementsecuritybestpracticeseffectively.1)UseGo'scryptopackageforsecuredatahandling.2)Manageconcurrencywithsynchronizationprimitivestopreventraceconditions.3)SanitizeexternalinputstoavoidSQLinj

了解GO的错误接口Apr 27, 2025 am 12:16 AM

Go的错误接口定义为typeerrorinterface{Error()string}，允许任何实现Error()方法的类型被视为错误。使用步骤如下：1.基本检查和记录错误，例如iferr!=nil{log.Printf("Anerroroccurred:%v",err)return}。2.创建自定义错误类型以提供更多信息，如typeMyErrorstruct{MsgstringDetailstring}。3.使用错误包装（自Go1.13起）来添加上下文而不丢失原始错误信息，

并发程序中的错误处理Apr 27, 2025 am 12:13 AM

对效率的Handleerrorsinconcurrentgopragrs，UsechannelstocommunicateErrors，EmparterRorwatchers，InsterTimeouts，UsebufferedChannels和Provideclearrormessages.1）USEchannelelStopassErstopassErrorsErtopassErrorsErrorsFromGoroutInestotheStothemainfunction.2）

您如何在GO中实现接口？Apr 27, 2025 am 12:09 AM

在Go语言中，接口的实现是通过隐式的方式进行的。1)隐式实现：类型只要包含接口定义的所有方法，就自动满足该接口。2)空接口：interface{}类型所有类型都实现，适度使用可避免类型安全问题。3)接口隔离：设计小而专注的接口，提高代码的可维护性和重用性。4)测试：接口有助于通过模拟依赖进行单元测试。5)错误处理：通过接口可以统一处理错误。

将GO接口与其他语言的接口进行比较（例如Java，C＃）Apr 27, 2025 am 12:06 AM

go'sinterfacesareimpliclyimplysed，与Javaandc＃wheRequireexplitiCimplation.1）Ingo，AnyTypewithTheRequiredMethodSautSautsautautapitymethodimimplementalyimimplementsaninternItherninternionterface，callingingSimplicity andficityity.2）

初始功能和副作用：平衡初始化与可维护性Apr 26, 2025 am 12:23 AM

Toensureinitfunctionsareeffectiveandmaintainable:1)Minimizesideeffectsbyreturningvaluesinsteadofmodifyingglobalstate,2)Ensureidempotencytohandlemultiplecallssafely,and3)Breakdowncomplexinitializationintosmaller,focusedfunctionstoenhancemodularityandm

开始GO：初学者指南Apr 26, 2025 am 12:21 AM

goisidealforbeginnersandsubableforforcloudnetworkservicesduetoitssimplicity，效率和concurrencyFeatures.1）installgromtheofficialwebsitealwebsiteandverifywith'.2）

进行并发模式：开发人员的最佳实践Apr 26, 2025 am 12:20 AM

开发者应遵循以下最佳实践：1.谨慎管理goroutines以防止资源泄漏；2.使用通道进行同步，但避免过度使用；3.在并发程序中显式处理错误；4.了解GOMAXPROCS以优化性能。这些实践对于高效和稳健的软件开发至关重要，因为它们确保了资源的有效管理、同步的正确实现、错误的适当处理以及性能的优化，从而提升软件的效率和可维护性。

See all articles