doushaizhen1244 2013-11-04 11:08
浏览 56
已采纳

PHP / AuthenticationFailed的共享访问签名功能

As noticed here, the shared access signature is not supported in the Azure SDK for PHP. So I developed my own function to generate the signed-url using the Miscrosoft Azure documentation (here) and the PHPAzure Codeplex project and source code (here)

I want to generate an signed-url that may be called directly in a web browser vithout using a developed software client.

My generated signed-url always returns an "AuthenticationFailed" with the detail "Signature did not match. Signature did not match. String to sign used was r 2013-11-03 2013-11-05 /ntgstblog/netgemvno netgemvno_default_policy"

Here my source code to generate a shared access signature and my signed url. Can you help me to debug it ?

    $config = array(
         'blob_account'   => <mystroage_accountname>,
         'blob_key'       => <mystroage_accesskey>,
         'blob_protocol'  => 'http'
    );

    $_id = 'netgemvno_default_policy';

    ...

    /* Define the policy of the container */
    $_data = array(
        'SignedIdentifier' => array (
            'Id' => $_id,
            'AccessPolicy' => array(
                'Start' => date("Y-m-d", strtotime('-1 years')),
                'Expiry' => date("Y-m-d", strtotime('+1 year')),
                'Permission' => 'r'
            )
        )
    );
    $_containerAcl = ContainerAcl::create(PublicAccessType::NONE, $_data);
    $rest->blob_service->setContainerAcl($oem, $_containerAcl);

    ...

    /* get shared access url to my private blob */       
    $_start = date('Y-m-d', strtotime('-1 day'));
    //$_start = '';
    $_expiry = date('Y-m-d', strtotime('+1 day'));
    //$_expiry = '';
    $_permission = 'r';
    $_container = 'netgemvno';
    $_blob = strtolower(
        "netgemvno/backup/2013/10/29/20131029_ack.log"
    );

    /* Create the signature */
    $_arraysign = array();
    $_arraysign[] = $_permission;
    $_arraysign[] = $_start;
    $_arraysign[] = $_expiry;
    $_arraysign[] = '/' . $config['blob_account'] . '/' . $_container;
    $_arraysign[] = $_id;
    $_str2sign = implode("
", $_arraysign);
    $_signature = base64_encode(
        hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
    );

    /* Create the signed query part */
    $_parts = array();
    $_parts[] = (!empty($_start))?'st=' . urlencode($_start):'';
    $_parts[] = (!empty($_expiry))?'se=' . urlencode($_expiry):'';
    $_parts[] = (!empty($_permission))?'sp=' . $_permission:'';
    $_parts[] = 'sr=' . 'c';
    $_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
    $_parts[] = 'sig=' . urlencode($_signature);

    /* Create the signed blob URL */
    $_url = $config['blob_protocol'] . '://'
        . $config['blob_account'] . '.blob.core.windows.net/'
        . $_blob . '?'
        . implode('&', $_parts);

    return $_url;
  • What is wrong when I generate the signature ?
  • Is there any information missing or invalid ?
  • Do I need to hash using the my storage key ?
  • 写回答

2条回答 默认 最新

  • dongyin8991 2013-11-04 12:03
    关注

    Assuming you're storing your account key as base64 encoded (something like AmSacgtnBFBvyqPHTNfpThcBCFWqzE3PIl09Pr1IQBGNjln1a8fZeUTs0+fehSmGt6ujf/7DQ51ef+DEXEZziA==), try changing the following line of code:

    $_signature = base64_encode(
        hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
    );

    To

    $_signature = base64_encode(
        hash_hmac('sha256', $_str2sign, base64_decode($config['blob_key']), true)
    );
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 mmocr的训练错误,结果全为0
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀