php小编草莓在本文中将为您介绍如何处理“PutObject上的SignatureDoesNotMatch - 处理GetObject”的问题。在进行对象上传和获取操作时,有时会遇到此错误提示,这可能是由于请求的签名不匹配导致的。本文将为您详细解释该问题的原因,并提供解决方案,帮助您顺利处理这一错误,确保您的对象上传和获取操作能够正常进行。
我正在尝试为 s3 中的 putobject 创建签名 url。我为 getobject 执行此操作的方法运行良好,因此我的凭据有效。
我已经关闭了所有公共访问块,因此它应该是公开的。
存储桶策略:
{
"version": "2012-10-17",
"statement": [
{
"sid": "allowputobject",
"effect": "allow",
"principal": "*",
"action": "s3:putobject",
"resource": "arn:aws:s3:::adobe-sign-test/*"
}
]
}存储桶 cors:
[
{
"allowedheaders": [
"*"
],
"allowedmethods": [
"get",
"head",
"put"
],
"allowedorigins": [
"*"
],
"exposeheaders": []
}
]我尝试过使用 s3 库,现在在本例中使用 s3manager。但是,当我尝试使用签名 url 放置对象时,我收到一条 xml 错误,告诉我 signaturedoesnotmatch。
下面是有效的 get 和失败的 put 的代码。
func getpresignedurl(bucket, key, operation string, expiresin int64, region string, s3accesskeyid string, s3secretaccesskey string) string {
sess := session.must(session.newsession(&aws.config{
region: aws.string(region),
credentials: credentials.newstaticcredentials(
s3accesskeyid,
s3secretaccesskey,
"",
),
}))
uploader := s3manager.newuploader(sess)
if operation == "putobject" {
// generate a pre-signed url for a putobject operation
uploadurl, _ := uploader.upload(&s3manager.uploadinput{
bucket: aws.string(bucket),
key: aws.string(key),
acl: aws.string("bucket-owner-full-control"),
})
return uploadurl.location
}
// generate a pre-signed url for a getobject operation
req, _ := uploader.s3.getobjectrequest(&s3.getobjectinput{
bucket: aws.string(bucket),
key: aws.string(key),
})
geturl, err := req.presign(time.duration(expiresin) * time.second)
if err != nil {
fmt.println(err)
return ""
}
return geturl
}以下是我尝试使用curl put 文件的方法:
curl -x put -t some-file.jpg "https://adobe-sign-test.s3.eu-north-1.amazonaws.com/hejsan.jpg?x-amz-algorithm=aws4-hmac-sha256&x- amz-credential=akiaqjglaaktl3qqfz73%2f20230706%2feu-north-1%2fs3%2faws4_request&x-amz-date=20230706t074846z&x-amz-expires=3600&x-amz-signedheaders=host&x-amz-signature=5eb429ee8efc 1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7“
这是 put 操作的错误消息:
<?xml version="1.0" encoding="UTF-8"?> <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>AKIAQJGLAAKTL3QQFZ73</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256 20230706T074846Z 20230706/eu-north-1/s3/aws4_request 7666f6675cc3fe3a3aa20f98928aeccd4b9bc851666fcf03fb425d5819d7e72d</StringToSign><SignatureProvided>5eb429ee8efc1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7</SignatureProvided><StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 0a 32 30 32 33 30 37 30 36 2f 65 75 2d 6e 6f 72 74 68 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 37 36 36 36 66 36 36 37 35 63 63 33 66 65 33 61 33 61 61 32 30 66 39 38 39 32 38 61 65 63 63 64 34 62 39 62 63 38 35 31 36 36 36 66 63 66 30 33 66 62 34 32 35 64 35 38 31 39 64 37 65 37 32 64</StringToSignBytes><CanonicalRequest>PUT /hejsan.jpg X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAQJGLAAKTL3QQFZ73%2F20230706%2Feu-north-1%2Fs3%2Faws4_request&X-Amz-Date=20230706T074846Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host host:adobe-sign-test.s3.eu-north-1.amazonaws.com host UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>50 55 54 0a 2f 68 65 6a 73 61 6e 2e 6a 70 67 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 51 4a 47 4c 41 41 4b 54 4c 33 51 51 46 5a 37 33 25 32 46 32 30 32 33 30 37 30 36 25 32 46 65 75 2d 6e 6f 72 74 68 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 61 64 6f 62 65 2d 73 69 67 6e 2d 74 65 73 74 2e 73 33 2e 65 75 2d 6e 6f 72 74 68 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes><RequestId>SMFDTR996NQE9DDV</RequestId><HostId>VehdLPGdnoVZclkNKs2+lTjFpAssA1Xe+HZSj5ZCCVK2QnumQHqzsePFg3TWWaai3+vqGgnwxpjMd3b8526I7Q==</HostId></Error>
aws 开发工具包代码库中有一个 示例go 具有 get 和 put 以及 s3 的预签名 url,也许会有帮助。您可以克隆存储库并按照自述文件中的说明自行运行这些示例。该示例具有方法,然后有一个控制台应用程序演示如何运行它们。
// GetObject makes a presigned request that can be used to get an object from a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) GetObject(
bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(objectKey),
}, func(opts *s3.PresignOptions) {
opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
})
if err != nil {
log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v\n",
bucketName, objectKey, err)
}
return request, err
}
// PutObject makes a presigned request that can be used to put an object in a bucket.
// The presigned request is valid for the specified number of seconds.
func (presigner Presigner) PutObject(
bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {
request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(objectKey),
}, func(opts *s3.PresignOptions) {
opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))
})
if err != nil {
log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v\n",
bucketName, objectKey, err)
}
return request, err
}
// DeleteObject makes a presigned request that can be used to delete an object from a bucket.
func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) {
request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(objectKey),
})
if err != nil {
log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v\n", objectKey, err)
}
return request, err
}以上是PutObject 上的 SignatureDoesNotMatch - 处理 GetObject的详细内容。更多信息请关注PHP中文网其他相关文章!
