dongyan5641 2017-08-08 14:53
浏览 76
已采纳

CloudFront签名URL访问被拒绝

I am trying to add signed URLs to my videos on CloudFront everything set to be fine but when I open my URL it shows me the Access Denied error every time when I generate the URL code here is the following error 

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>081DED49D4E126A6</RequestId>
<HostId>Lx+3mwxdCGo1vWAGM5RzPHDKrwEkvQwi8XiH2hBgj51XWsxu4gqY3Zr+w1x4ZoZQAYWEHV9u1wA=</HostId>
</Error>

Here is my code I don't know what I am doing wrong in it

<?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", 500);
function getSignedURL($resource, $timeout)
{
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIJP3H7LLN44FL2OQ";

    $expires = time() + $timeout; //Time out in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     

    //Read Cloudfront Private Key Pair
    $fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
    $priv_key=fread($fp,8192); 
    fclose($fp); 

    //Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key)
    {
        echo "<p>Failed to load private key!</p>";
        return;
    }

    //Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
    {
        echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
        return;
    }

    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

    //Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

    return $url;
}

echo $urlShow;
?>
  • 写回答

1条回答 默认 最新

  • doushao1087 2017-08-10 17:53
    关注

    You're getting this because the time duration for expiry you have used in your code isn't proper. To resolve the issue, First we need to update the Bucket policy and use the proper Key-Pair-ID and Private Key then in line two of the code use proper Unix time-stamp like this time() + 600 instead of 500 PHP, time - Manual

    Here is the full code that will resolve the issue 

    <?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", time() + 600);
function getSignedURL($resource, $timeout) {
//This comes from key pair you generated for cloudfront
$keyPairId = "APKAIJP3H7LLN44FL2OQ";

$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}'; 

//Read Cloudfront Private Key Pair
$fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
$priv_key=fread($fp,8192); 
fclose($fp); 

//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key) {
echo "<p>Failed to load private key!</p>";
return;
}

//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}

//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}

echo $urlShow;
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么