dongyan5641
dongyan5641
2017-08-08 14:53

CloudFront签名URL访问被拒绝

已采纳

I am trying to add signed URLs to my videos on CloudFront everything set to be fine but when I open my URL it shows me the Access Denied error every time when I generate the URL code here is the following error

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>081DED49D4E126A6</RequestId>
<HostId>Lx+3mwxdCGo1vWAGM5RzPHDKrwEkvQwi8XiH2hBgj51XWsxu4gqY3Zr+w1x4ZoZQAYWEHV9u1wA=</HostId>
</Error>

Here is my code I don't know what I am doing wrong in it

<?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", 500);
function getSignedURL($resource, $timeout)
{
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIJP3H7LLN44FL2OQ";

    $expires = time() + $timeout; //Time out in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     

    //Read Cloudfront Private Key Pair
    $fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
    $priv_key=fread($fp,8192); 
    fclose($fp); 

    //Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key)
    {
        echo "<p>Failed to load private key!</p>";
        return;
    }

    //Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
    {
        echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
        return;
    }

    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

    //Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

    return $url;
}

echo $urlShow;
?>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • doushao1087 doushao1087 4年前

    You're getting this because the time duration for expiry you have used in your code isn't proper. To resolve the issue, First we need to update the Bucket policy and use the proper Key-Pair-ID and Private Key then in line two of the code use proper Unix time-stamp like this time() + 600 instead of 500 PHP, time - Manual

    Here is the full code that will resolve the issue

    <?php
    $urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", time() + 600);
    function getSignedURL($resource, $timeout) {
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIJP3H7LLN44FL2OQ";
    
    $expires = time() + $timeout; //Time out in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}'; 
    
    //Read Cloudfront Private Key Pair
    $fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
    $priv_key=fread($fp,8192); 
    fclose($fp); 
    
    //Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key) {
    echo "<p>Failed to load private key!</p>";
    return;
    }
    
    //Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
    echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
    return;
    }
    
    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);
    
    //Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
    return $url;
    }
    
    echo $urlShow;
    ?>
    
    点赞 评论 复制链接分享

为你推荐